As cyber-security works its way onto the corporate board agenda, COSO is suggesting ways its internal control and risk-management frameworks can be a starting point for companies to anticipate fast-emerging risks.
“One of the key risks I see with cyber-security is that oftentimes the conversation isn’t started at the top of the organization,” says Sandra Richtermeyer, a COSO board member representing the Institute of Management Accountants. The COSO frameworks give directors and senior management a process for defining and addressing cyber-risks not just within IT, but throughout the organization, she says. “You can’t assume all of that’s happening in the middle of the organization. It has to start from the top down.”
