What is the information, communication, and reporting principal of the COSO ERM framework?
Information, communication, and reporting is one of the key components of the COSO ERM framework. Enterprise risk management requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organization. The organization is in search of capturing, processing, managing, and communicating both timely and relevant information to identify risks that could affect strategy and business objectives.
The 3 principles relate to information, communication, and reporting:
Leverages Information Systems—The organization leverages the entity’s information and technology systems to support enterprise risk management.
Communicates Risk Information—The organization uses communication channels to support enterprise risk management.
Reports on Risk, Culture, and Performance—The organization reports on risk, culture, and performance at multiple levels and across the entity.
You might also be interested in...
What are the components of the COSO ERM framework?
The COSO Enterprise Risk Management (ERM) framework applies a risk-based approach as opposed to a control-based approach. The overall objective of the ERM framework is to attain reasonable assurance that the company objectives and goals are achieved, and that the company meets performance expectations. The main components of ERM include governance and culture, review and […]
What is the performance component of the COSO ERM framework?
Performance is one of the key components of the COSO ERM framework. Risks that may impact the achievement of strategy and business objectives need to be identified and assessed. Risks are prioritized by severity in the context of risk appetite. The organization then selects risk responses and takes a portfolio view of the amount of […]
What is the review and revision component of the COSO ERM framework?
Review and revision is one of the key components of the COSO ERM framework. By reviewing entity performance, an organization can consider how well the enterprise risk management components are functioning over time and in light of substantial changes, and what revisions are needed. The organization reviews and revises its current ERM capabilities and practices […]