Management information in internal control (information and communication)
  1 The need for adequate information flows to management (objectives)
  Information is needed at all levels of an organization to identify, assess and respond to risks, and to run the entity and achieve its objectives.
  <1> To enable management to identify and manage risks and monitor internal controls within an organization, they need adequate information flows from within the business.
  <2> Information should be provided regularly to management so that they can monitor performance with respect to economy, efficiency and effectiveness in achieving targets.
  <3> Managers need both internal and external information to make informed business decisions and to report externally.
  2 Information sources
  <1> Reports from internal audit committee and risk committee
  <2> Regular visit by the directors to operations
  <3> Reports from subordinators on regular basis (internal audit, certain activities)
  <4> Normal communication channel and fail-safe mechanisms (whistle blowing)
  <5> Reports on resolution of control weaknesses
  <6> Results of necessary check on the operation of the controls (random checks, internal and external audit)
  <7> Exception reporting highlighting variances in budgeting systems, performance measures, quality targets and planning systems
  <8> Customer responses, particularly complaints
  3 Characteristics and quality of good information
  With increasing dependence on sophisticated information systems, information reliability is critical. Inaccurate information can result in unidentified risks or poor assessments and bad management decisions. Thus, the information received by management needs to be of a certain standard to be useful in internal control and risk management and monitoring.
  <1> Accurate
  <2> Complete: includes everything that it needs to include
  <3> Cost-beneficial: it should not cost more to obtain information than the benefit derived from having it
  <4> User-targeted: the needs of users should be borne in mind
  <5> Relevant: information that is not needed for a decision should be omitted
  <6> Authoritative: the source of information should be a reliable one.
  <7> Timely: be available when it is needed
 
  <8> Easy to use: be clearly presented, not excessively long, and sent using the right medium and communication channel.