Skip to main content

Information-Communication : Principle 15 (External Communication) Focal Points

Principle 15: Communicates with External Parties

The organization communicates with relevant external parties on matters affecting the functioning of internal control.

Focus Points:

The following focal points highlight essential features of this principle.

  • Communicates to External Parties – Processes are in place to communicate relevant information promptly to external parties, including shareholders, partners, business owners, regulatory authorities, customers, financial analysts, and other external parties.

Communication occurs not only with those within the organization but also with those outside the organization. With open external communication channels, meaningful information about the organization’s objectives can be made available to shareholders or other business owners, business partners, customers, regulatory authorities, financial analysts, government agencies, and other external parties. 

External communication is viewed as distinct from external reporting, as discussed in “Chapter 2: Objectives, Components, and Principles.

Technology and communication tools provide external parties access to public virtual forums to communicate and discuss an organization’s business, activities, and controls. In such cases, management develops and implements controls to guide expectations for the appropriate use of such forums not to compromise the organization’s objectives.

  • Provides Communication Within the Organization – Open communication channels; Allows input from customers, consumers, suppliers, external auditors, regulatory authorities, financial analysts, and others who provide relevant information to management and the board.

Messages from external parties also provide essential information about the functioning of the organization’s internal control system. For example, an independent auditor is a customer’s evaluation of the organization’s internal control over financial and non-financial reporting, such as feedback regarding product quality, improper charges, and missing or incorrectly issued receipts.

  • Communicates with the Board of Directors – Relevant information obtained from evaluations made by external parties is communicated to the Board of Directors.

Information obtained from evaluations made outside the organization about the organization’s internal control-related activities is evaluated by the management and, if relevant, forwarded to the board of directors. 

For example, The management has signed a contract allowing the organization to use technology services managed outside the organization instead of hiring new personnel to carry out the operations or purchasing and implementing additional hardware and software. 

The organization uses sensitive customer data in some processes. To maintain compliance with the organization’s policies and external laws, regulations, and standards, the evaluation of internal control over the security and confidentiality of externally transmitted data (including data transmitted over the Internet) is performed by a third party/entity. 

Assessment results reveal internal control weaknesses that may affect the security and confidentiality of data. Management evaluates the materiality of vulnerabilities and reports the information necessary to enable the board of directors to fulfill its oversight responsibilities.

  • Provides Separate Communication Lines – Separate communication channels, such as emergency call lines, serve as fail-safe mechanisms that allow for non-ID or confidential communication when regular lines are down or ineffective.

Complexities and challenges in business relationships between the organization and external parties may arise from service providers and other outsourcing agreements, joint ventures and partnerships, and other transactions that create interdependence between parties. Such complexity may raise concerns about how the parties will carry out work. 

In this case, the organization allocates separate communication channels to customers, suppliers, and external service providers to enable customers, suppliers, and external service providers to communicate directly with management and personnel. 

For example, A customer of products developed through a joint venture may learn that one of the joint venture partners sells the products in a country outside the joint venture. Such a breach could impact the customer’s ability to use and resell the products in question, thereby affecting the customer’s business. The customer needs a communication channel to convey his concerns and problems to others in the organization without disrupting his ongoing activities.

  • Selects Appropriate Communication Method – Communication method It considers the timing, target audience, type of communication, and the requirements and expectations arising from laws, regulations, and trust-based relationships.

The method management uses to communicate with external parties ensures that key messages about the organization are received and understood and affects the ability to obtain needed information. Management considers a wide range of communication methods, considering the target audience, the type of communication, its timing, and the requirements of all laws and regulatory authorities. 

For example, customers who regularly access the organization’s information through a customer portal, through posts on the corporate website, and press and news releases published through investor or public relations channels are often effective in reaching a broad audience of external parties, ensuring the wide distribution of information and increasing the likelihood of its receipt. 

Blogs, social media tools, electronic billboards (“billboards”), and emails are also commonly used external communication tools because these tools can be tailored and explicitly directed to a particular group, can help control the information received by external parties, and can support expectations that information can be sent and received quickly with the increasing prevalence of mobile communication tools.

Resources of Internal Control Article 

  • International Internal Auditing Standards, International Institute of Internal Auditors
  • Dr. Davut Pehlivanlı, Current Internal Audit Practices, Beta 2010
  • Prof. Dr. Nejat Bozkurt, Accounting Audit, Alfa 1998
  • Prof.Dr.Nejat Bozkurt, TÜRMOB Independent Audit Training Lecture Notes, 2012
  • Dr.Özgür Çatıkkaş, KGK, Marmara University. Corporate Governance Lecture Notes, 2013
  • İSMMMO-Practical Information for Internal Audit in SMEs, 2013
  • Turkish Internal Audit Institute,
  • Alp Buluch, Article, Internal Control, Hurses, 19 March 2013
  • Turkish Commercial Code No. 6102
  • International Internal Auditing Standards,
  • Treadway Commission Supporting Institutions Committee, Internal Control-Integrated Framework, 2013

Bu gönderi şu adreste de mevcuttur: Türkçe