Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

COSO Relates Frameworks to Cyber Risks

Tammy Whitehouse | January 15, 2015

COSO is urging public companies to take a look at its frameworks with not just financial controls and risks in mind, but cyber-security as well.

Developed with the help of cyber experts at Deloitte, COSO released a report explaining how its 2013 Internal Control -- Integrated Framework and its 2004 Enterprise Risk Management -- Integrated Framework can be useful in assessing and responding to cyber-security risks. The paper explains how the five components of internal control apply to the assessment of cyber risks, with detailed discussion particularly around how the principles underlying the risk assessment, control activities, and information and communication components can be leveraged.

hirth-robert-updatedConsistent with the COSO model, the paper emphasizes that not every risk can be mitigated to zero. “Cyber risk is...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.