Increasing pressure to reduce fraudulent financial reporting (fraud) o
ver the past 25 years has resulted in new laws, commission reports, an
d standards. Improvement of internal control is among the most promine
nt remedies. For example, SAS 55 emphasized the control environment be
cause existing guidance concentrated on detailed procedures which were
generally irrelevant to fraud. Research is supportive of this emphasi
s. However, critics of SAS 55 (both past and present) question auditor
's reliance on the control environment because of ill-defined guidance
regarding evidence and because of the apparent reduction of testing b
ased on this reliance. The Committee of Sponsoring Organizations of th
e Treadway Commission recently issued a lengthy report on internal con
trol (COSO 1992), particularly as it relates to fraud deterrence. The
Auditing Standards Board has expressed a preference for COSO over SAS
55 for selected engagements; hence it assumes considerable significanc
e. Even though COSO has assumed a key operational role, the Committee
itself calls for further research into its own assertions. This paper
focuses on one of the important dimensions of control noted by COSO: c
ommunication. The rationale for good communication to deter fraud seem
s compelling. That is, fraud involves concealment while communication
fosters openness. COSO notes that a key element of good communication
includes ''upstream'' communication. Despite the appeal of communicati
on, COSO offers little guidance to ascertain that such communication i
s functioning or how auditors might reliably assess that condition. Th
is paper's purpose is to encourage and facilitate effective research i
nto two areas: (1) the characteristics of a communication system that
lead to reliable assessment of its ability to deterfraud and (2) how a
uditors play a role in the system and how they can gain sufficient evi
dence to rely on the system. It integrates the whistle-blowing literat
ure (which deals with internal and external reporting of wrongdoing) w
ith existing professional internal control and audit guidance related
to fraud deterrence. In this regard, it provides a nearly complete ove
rview of relevant research findings from the whistle-blowing literatur
e. It develops four categories of characteristics to be considered in
assessing control and offers specific questions for research.