COSO by Control Activities

Control activities are the actions management establishes through policies and procedures to achieve objectives and respond to risks in the internal control system, which includes the entity’s information system.

10. Management should design control activities to achieve objectives and respond to risks.
11. Management should design the entity’s information system and related control activities to achieve objectives and respond to risks.
12. Management should implement control activities through policies.