Information, Communication and Reporting
Last time, I wrapped up discussing the 4th COSO guiding Principle of Review and Revision. This time, I want to introduce the 5th and final COSO guiding principle – Information, Communication and Reporting.
Again, COSO has 5 guiding principles:
Governance and Culture
Strategy and Objective-Setting
Performance
Review and Revision
Information, Communication and Reporting
The twenty-first century has welcomed exponential growth in technology that has led to a flood of data that organizations can use to make better and faster business decisions. The volume and velocity of this data challenges some organizations, and security teams, and may cause "paralysis-by-analysis."
I’m not saying we all need to become big data experts, but it wouldn’t hurt to have access to one within your organization because we must harness the promise of business intelligence and digital transformation to enrich business decisions with a risk context to help identify risks that could affect business performance.
For example, cybersecurity incidents can impact key business data's integrity and reliability. The impact can be especially damaging if the incident is not detected and resolved quickly. We recently witnessed, very publicly, the impact that a cybersecurity incident can have with the attack against Colonial Pipeline and the resulting gasoline shortages on the east coast.
The three COSO principles for Information, Communication, and Reporting are:
Leverages Information and Technology
Communicates Risk Information
Reports on Risk, Culture and Performance
In the upcoming weeks, I will discuss HOW to execute on each of these principles.
As always, I love your comments, and if you want to have a direct conversation, please shoot me a message and we’ll set something up.
Have a great week!