 We're gonna list out our five components of the internal controls and then we'll list out principles related to them, those five components being the control environment, risk assessment, control activities, information and communication and monitoring activities. We're gonna start off with the control environment listing the principles related to control environment. First principle, business shows a commitment to integrity and ethical value. So we're looking at this in terms of the controls of the organization in terms of the organization as a whole that the business shows a commitment to integrity and ethical values. Note, these things aren't always the easiest things for us to write down and communicate, but you can think about how can we get a feel for that? We're gonna be of course talking to people, inquiring about it and writing down our impressions of the control environment in terms of business shows commitment to integrity and ethical value. Principle number two, board of directors shows independence from management and exercises oversight of the development and performance of internal control. You'll recall that the board of directors are represented and voted on by the owners, the shareholders. So therefore they should be able to provide some oversight over management, which in essence are the people that they hire in order to act as agents of the shareholders. So the board of directors should show independence from management. The more independence from management then, the more you would think the board of directors would have good oversight over management. Whereas if there's less independence from management, it would be a more difficult situation. You would think the oversight wouldn't be as good over the performance of the management. Third principle, management sets up with a board oversight structures, reporting lines and authorities and responsibilities in the pursuit of objectives. So we have the setup and the board of directors being involved in this with the structure, the reporting lines. We have the business hierarchy, the reporting lines within it and authorities and responsibilities in the pursuit of the objectives. What are the authorities and responsibilities? This is gonna be really important because of course people need to understand their specific roles and responsibilities. It seems like a basic thing, but oftentimes people don't have a good idea of what their responsibilities are. Things fall down in the middle between the responsibilities of two individuals possibly. And we don't know exactly who to hold accountable because it was never well-defined in the first place. Principle four, business shows a commitment to attract, develop and retain competent employees in alignment with objectives. So we're looking at the types of employees that are being brought into the organization and we might also consider the overturn of employees. Are they bringing up the employees that seem to be performing well, the best top performance of the organization? Are they basically retaining employees that are well-performing employees as they're a high turnover of employees and what's gonna be basically the feeling of employees which can be indicated in whether there's a high turnover or not or whether they're basically able to develop employees within the organization. Number five, business holds individuals accountable for their internal control responsibilities in the pursuit of objectives. This of course lines out with first determining what the responsibilities are for different individuals and then determining whether or not the individuals have followed through with their responsibilities and the people that aren't following through, we know who to hold accountable and we wanna be able to see that the people responsible for certain conditions or first certain objectives are the ones being held accountable if those objectives are not met. Next, we'll take a look at risk assessment principles or principles related to risk assessment, principle number one, business specifies objectives with enough clarity to enable the identification and assessment of risks related to objectives. So when we're thinking about the risks, we need to know exactly what the objectives are so that that's gonna help us to identify what the risks are. We need to be clear about that. If the more clear we are about that, the more clearly we can basically assess what those risks are and take action with regards to them. Principle number two, business identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks are to be managed. Once we understand what the risks are, we wanna see them across the organization and then we can come up with a plan, of course, to see how we wanna deal with those risks. How can we mitigate those risks? Principle three, business considers the potential for fraud in assessing risks to the achievement of objectives. So we wanna consider fraud and we'll talk a little bit more about the fraud factors that can be put together and what's gonna increase the likelihood of fraud. We wanna basically set up an environment within the organization to lessen the likelihood of fraud as part of the components of our internal control. So first we have to say, what are the risks of fraud? Some of those risks are gonna be things that we can apply to any type of organization. Some might be specific to the type of organization that we are in. We wanna see where the fraud risks are.