As with the other components of the COSO Cube, the objective of Information and Communication is not to be taken in a vacuum. Indeed, one of the more interesting aspects of this objective is that it runs not only vertically but also horizontally.
Discussion. Obviously, there must be communications up and down from the Board but also within an organization for dissemination of the appropriate compliance related information. For this principle, See more +
As with the other components of the COSO Cube, the objective of Information and Communication is not to be taken in a vacuum. Indeed, one of the more interesting aspects of this objective is that it runs not only vertically but also horizontally.
Discussion. Obviously, there must be communications up and down from the Board but also within an organization for dissemination of the appropriate compliance related information. For this principle, the CCO or compliance practitioner should also evaluate the communication lines to third parties. This communication can flow both ways, as noted, with compliance obligations to third parties but also information in the form of compliance issues back from third parties.
Three key takeaways:
1. Consider the use of relevant and quality information.
2. You need to document your internal communications so auditors can review the audit trail.
3. This objective relates to your third-party compliance program. See less -