"The appropriateness of an entity's organizational structure depends, in part, on its size and the nature of its activities.
A highly structured organization with formal reporting lines and responsibilities, may be appropriate for a large entity that
has numerous operating divisions, including foreign operations. However, such a structure could impede the necessary flow
of information in a small entity. Whatever the structure, an entity should be organized to enable effective enterprise risk
management, and to carry out its activities so as to achieve its objectives."
COSO