March 2019 Contents
Standard | NIST Category | Controls Satisfied | Audit Controls |
---|---|---|---|
NIST 800-53rev4 | Family | aa## | 1.02, 1.03 |
Date | Comment | Who |
---|---|---|
5/1/2019 | Initial Doc | Tharp |
The following provides a description of the corporate a management structure of ACME Evil Anvil Corporation. The intent of this description is to establish both the legal jurisdiction and corporate cultural norms that serve as the foundation for ACME Evil Anvil Corporation’s compliance program.
ACME Evil Anvil Corporation is a Delaware C-Corporation headquartered in San Francisco, California. ACME Evil Anvil Corporation was established in 1970.
The Directors and Executives of ACME Evil Anvil Corporation aspire to and demonstrate standards of ethics and integrity consistent with professional norms in American corporate environments. Chief among these standards is a commitment to honesty in interactions with and among managers, directors, employees, contractors, customers, and other stakeholders.
The Board of Directors appoints and oversees the Chief Executive Officer (CEO).
ACME Evil Anvil Corporation is composed of 7 primary divisions: • Sales • Marketing • Manufacturing • Research & Development • Information Technology • Human Resources • Finance Each division is led by a Vice President, who in turn reports to the CEO. A complete Organization Chart is maintained and distributed by Human Resources.
Work is distributed to each division via Objectives set by the respective division Vice President, in collaboration with the Chief Executive Officer.
ACME Evil Anvil Corporation seeks to manage risk to Objectives through professional management strategies and tactics, including: • Rigorous hiring practices • Employee performance reviews • Aligning compensation with objectives • Regular communication of objectives by executive management
ACME Evil Anvil Corporation acknowledges the possibility that fraud may imperil corporate objectives. ACME Evil Anvil Corporation undertakes various activities to manage fraud risk, including: • Conducting regular financial audits • Adhering to financial control principles • Investigating suspicious transactions • Performing criminal background checks on all employees • Maximizing the use of information technology in fraud detection