COSO Principle 12: The entity deploys control activities through policies that establish what is expected and in procedures that put policies into action
Management establishes control activities that are built into business processes and employees’ day-to-day activities through policies establishing what is expected and relevant procedures specifying actions
Management establishes responsibility and accountability for control activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside
Responsible personnel perform control activities in a timely manner as defined by the policies and procedures
Responsible personnel investigate and act on matters identified as a result of executing control activities
Competent personnel with sufficient authority perform control activities with diligence and continuing focus
Management periodically reviews control activities to determine their continued relevance and refreshes them when necessary.