===== Organizational Narrative =====


==== Org Narrative Template ====

March 2019
Contents
  - Organizational Narrative
  - Entity Type
  - Integrity and Ethics
  - Board Independence
  - Organizational Structure
  - Management Objectives
  - Risk to Objectives
  - Fraud Risk to Objectives

===Table 1 - Control Satisfaction===

^Standard^NIST Category^Controls Satisfied^Audit Controls^
|NIST 800-53rev4|Family|aa##|1.02, 1.03|

===Table 2 - Major Document History===
^Date^Comment^Who^
|5/1/2019|Initial Doc|Tharp|

==== Organizational Narrative ====

The following provides a description of the corporate a management structure of
ACME Evil Anvil Corporation.
The intent of this description is to establish both the legal jurisdiction and
corporate cultural norms that serve as the foundation for ACME Evil Anvil
Corporation’s compliance program.

==== Entity Type ====

ACME Evil Anvil Corporation is a Delaware C-Corporation headquartered in
San Francisco, California. ACME Evil Anvil Corporation was established in
1970.

==== Integrity and Ethics ====

The Directors and Executives of ACME Evil Anvil Corporation aspire to and
demonstrate standards of ethics and integrity consistent with professional norms
in American corporate environments.
Chief among these standards is a commitment to honesty in interactions with
and among managers, directors, employees, contractors, customers, and other
stakeholders.

==== Board Independence ====

The Board of Directors appoints and oversees the Chief Executive Officer (CEO).

==== Organizational Structure ====

ACME Evil Anvil Corporation is composed of 7 primary divisions:
• Sales
• Marketing
• Manufacturing
• Research & Development
• Information Technology
• Human Resources
• Finance
Each division is led by a Vice President, who in turn reports to the CEO. A
complete Organization Chart is maintained and distributed by Human Resources.

==== Management Objectives ====

Work is distributed to each division via Objectives set by the respective division
Vice President, in collaboration with the Chief Executive Officer.

==== Risk to Objectives ====

ACME Evil Anvil Corporation seeks to manage risk to Objectives through
professional management strategies and tactics, including:
• Rigorous hiring practices
• Employee performance reviews
• Aligning compensation with objectives
• Regular communication of objectives by executive management

==== Fraud Risk to Objectives ====

ACME Evil Anvil Corporation acknowledges the possibility that fraud may
imperil corporate objectives. ACME Evil Anvil Corporation undertakes various
activities to manage fraud risk, including:
• Conducting regular financial audits
• Adhering to financial control principles
• Investigating suspicious transactions
• Performing criminal background checks on all employees
• Maximizing the use of information technology in fraud detection