Let’s walk through next six basic components.

control environment
risk assessment and response
control activities
information and communication
monitoring
response to IT (Information Technology)

Let me start with risk assessment and response, skipping control enviroment.

“Risk assessment and reponse”
When you concern someone might make mistatkes or do something wrong, you should take counter measure in advance. Althought it is so common to create manuals, I believe it is not the best but simplify business proccesses.

“Control Acrivities”
After you set up manuals, you worry if your team check it out and follow it and then make sure.This is the control acitivity. This is a repeated action because your team get refleshed once your team menber and/or the manual changes.

“Information and communication”
It’s so simple. Just consult with each other when you are in troubles. Nowadays our work connects each other so someone always wait for your completion of your task. This is quite natural but if your boss are mean or difficutl to consult , this is quite challenging.

“Monitoring”
One guy should be assigned to check above threee components are working properly.

“Response to IT”
IT is one solution to simplify business processese. In other words, IT takes care of the complexity of business processes instead. For an example, pressing a botton, IT starts to calculate with a bunch of formulas. What you do is only to press botton but now the process itself get blackbox.

“Control enviroment”
This is a last part for a company to monitor/support above all components work in right way.Every employees does the best but a company doesn’t assess these efforts. This leads no one pays attentions to internal controls because it is meaningless.

In conclusion, this is quite straightforward. Listed companies are too big and too many employees working in office to have it in common. This is why documentation is required.