"Because each entity has its own set of objectives and implementation approaches, there will be differences in risk responses
and related control activities. Even if two entities had identical objectives and made similar decisions on how they should
be achieved, their control activities would likely be different. Each entity is managed by different people who use individual
judgments in effecting internal control. Moreover, controls reflect the environment and industry in which an entity operates,
as well as the complexity of its organization, its history and its culture."
COSO