| ๐ผ CC3.1 The entity specifies objectives with sufficient clarity to enable\ \ the identification and assessment of risks relating to objectives. | 16 | | | |
| ย ย ย ย ๐ผ CC3.1-1 Reflects Management's Choices | | | | |
| ย ย ย ย ๐ผ CC3.1-2 Considers Tolerances for Risk | | | | |
| ย ย ย ย ๐ผ CC3.1-3 Includes Operations and Financial Performance Goals | | | | |
| ย ย ย ย ๐ผ CC3.1-4 Forms a Basis for Committing of Resources | | | | |
| ย ย ย ย ๐ผ CC3.1-5 Complies With Applicable Accounting Standards | | | | |
| ย ย ย ย ๐ผ CC3.1-6 Considers Materiality | | | | |
| ย ย ย ย ๐ผ CC3.1-7 Reflects Entity Activities | | | | |
| ย ย ย ย ๐ผ CC3.1-8 Complies With Externally Established Frameworks | | | | |
| ย ย ย ย ๐ผ CC3.1-9 Considers the Required Level of Precision | | | | |
| ย ย ย ย ๐ผ CC3.1-10 Reflects Entity Activities | | | | |
| ย ย ย ย ๐ผ CC3.1-11 Reflects Management's Choices | | | | |
| ย ย ย ย ๐ผ CC3.1-12 Considers the Required Level of Precision | | | | |
| ย ย ย ย ๐ผ CC3.1-13 Reflects Entity Activities | | | | |
| ย ย ย ย ๐ผ CC3.1-14 Reflects External Laws and Regulations | | | | |
| ย ย ย ย ๐ผ CC3.1-15 Considers Tolerances for Risk | | | | |
| ย ย ย ย ๐ผ CC3.1-16 Establishes Sub-Objectives for Risk Assessment | | | | |
| ๐ผ CC3.2 The entity identifies risks to the achievement of its objectives\ \ across the entity and analyzes risks as a basis for determining how the\ \ risks should be managed. | 9 | | | |
| ย ย ย ย ๐ผ CC3.2-1 Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels | | | | |
| ย ย ย ย ๐ผ CC3.2-2 Analyzes Internal and External Factors | | | | |
| ย ย ย ย ๐ผ CC3.2-3 Involves Appropriate Levels of Management | | | | |
| ย ย ย ย ๐ผ CC3.2-4 Estimates Significance of Risks Identified | | | | |
| ย ย ย ย ๐ผ CC3.2-5 Determines How to Respond to Risks | | | | |
| ย ย ย ย ๐ผ CC3.2-6 Identifies Threats to Objectives | | | | |
| ย ย ย ย ๐ผ CC3.2-7 Identifies Vulnerability of System Components | | | | |
| ย ย ย ย ๐ผ CC3.2-8 Analyzes Threats and Vulnerabilities From Vendors, Business Partners, and Other Parties | | | | |
| ย ย ย ย ๐ผ CC3.2-9 Assesses the Significance of the Risks | | | | |
| ๐ผ CC3.3 The entity considers the potential for fraud in assessing risks to\ \ the achievement of objectives. | 5 | | | |
| ย ย ย ย ๐ผ CC3.3-1 Considers Various Types of Fraud | | | | |
| ย ย ย ย ๐ผ CC3.3-2 Assesses Incentives and Pressures | | | | |
| ย ย ย ย ๐ผ CC3.3-3 Assesses Opportunities | | | | |
| ย ย ย ย ๐ผ CC3.3-4 Assesses Attitudes and Rationalizations | | | | |
| ย ย ย ย ๐ผ CC3.3-5 Considers the Risks Related to the Use of IT and Access to Information | | | | |
| ๐ผ CC3.4 The entity identifies and assesses changes that could significantly\ \ impact the system of internal control. | 6 | | | |
| ย ย ย ย ๐ผ CC3.4-1 Assesses Changes in the External Environment | | | | |
| ย ย ย ย ๐ผ CC3.4-2 Assesses Changes in the Business Model | | | | |
| ย ย ย ย ๐ผ CC3.4-3 Assesses Changes in Leadership | | | | |
| ย ย ย ย ๐ผ CC3.4-4 Assess Changes in Systems and Technology | | | | |
| ย ย ย ย ๐ผ CC3.4-5 Assess Changes in Vendor and Business Partner Relationships | | | | |
| ย ย ย ย ๐ผ CC3.4-6 Assesses Changes in Threats and Vulnerabilities | | | | |