What is the information, communication, and reporting principal of the COSO ERM framework?
Information, communication, and reporting is one of the key components of the COSO ERM framework. Enterprise risk management requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organization. The organization is in search of capturing, processing, managing, and communicating both timely and relevant information to identify risks that could affect strategy and business objectives.
The 3 principles relate to information, communication, and reporting:
Leverages Information Systems—The organization leverages the entity’s information and technology systems to support enterprise risk management.
Communicates Risk Information—The organization uses communication channels to support enterprise risk management.
Reports on Risk, Culture, and Performance—The organization reports on risk, culture, and performance at multiple levels and across the entity.
Back To All Questions