COSO by Risk Assessment

Having established an effective control environment, management assesses the risks facing the entity as it seeks to achieve its objectives. This assessment provides the basis for developing appropriate risk responses.

6. Management should define objectives clearly to enable the identification of risks and define risk tolerances.
7. Management should identify, analyze and respond to risks related to achieving the defined objectives.
8. Management should consider the potential for fraud when identifying, analyzing and responding to risks.
9. Management should identify, analyze and respond to significant changes that could impact the internal control system.