| Step 4 – COSO Information and Communication
If risk assessment is the radar and control activities are the brakes and steering wheel, information and communication are the nervous system of the organization. They transmit signals, coordinate action, and ensure the entire body responds coherently to challenges. Without reliable nerves, even the strongest muscles and sharpest radar cannot prevent paralysis. Within the COSO Internal Control – Integrated Framework, information and communication refer to the processes that ensure relevant, timely, and accurate data flows throughout the organization. This flow must work in every direction: downward from leadership, upward from employees and auditors, and outward to regulators, investors, and society. Failures in this nervous system have triggered some of the most significant corporate scandals worldwide.
|
Where are we? At its core, the COSO Internal Control Framework identifies five integrated components:
These five components function as an integrated system. Weakness in one undermines the others. |
Why Information & Communication Matter
hide
COSO highlights that information and communication enable other components of internal control to function. Risk assessment depends on accurate data. Control activities require clear procedures. Monitoring is impossible without open channels.
Three principles stand out:
-
Relevant information must be identified and captured.
-
Information must be communicated in a form and timeframe that enable people to fulfill responsibilities.
-
Communication must flow internally and externally, across all levels and stakeholders.
The nervous system metaphor is apt: if signals are blocked, delayed, or distorted, the organization stumbles.
International Case Lessons
Boeing 737 MAX (United States, 2018–2019)
Boeing engineers were aware of technical issues with the MCAS system, but this information did not reach the board or regulators effectively. Communication breakdowns—driven by time pressure and cultural silos—contributed to two fatal crashes. The case illustrates how missing upward communication can turn local technical flaws into global tragedies.
Tesco Accounting Scandal (United Kingdom, 2014)
Tesco overstated profits by £250 million due to premature recognition of supplier rebates. Weak internal communication meant that operational managers passed distorted figures upward without challenge. Investors and regulators only learned of the problem after whistleblowers acted.
Olympus (Japan, 2011)
Olympus concealed losses for over a decade through complex financial schemes. The board ignored warnings and suppressed communication of concerns. Japanese corporate culture made it difficult for employees to challenge authority, showing how cultural barriers can cripple the nervous system.
Steinhoff (South Africa, 2017)
Steinhoff collapsed under a €6.5 billion accounting scandal. Internal information was manipulated, and communication with auditors and shareholders was misleading. A failure of transparency in both upward and outward communication destroyed trust in one of Africa’s largest multinationals.
Petrobras (Brazil, 2014–2016)
The Lava Jato corruption scandal revealed systemic filtering of information. Signals about inflated contracts and bribes never reached independent oversight. The result was billions in losses, political upheaval, and the largest corporate scandal in Latin America.
These examples show that communication failures are not regional accidents—they are a universal risk.
Also read what can happen, a publication from the US Federal Aviation Administration – Updates on Boeing 737-9 MAX Aircraft, years later (December 2024), so such stories drag on and on.
Challenges in Modern Information & Communication
-
Information Overload
More data does not equal better governance. Leaders need relevant signals, not noise. -
Cultural Barriers
In hierarchical cultures, employees may hesitate to share bad news. Silence becomes risk. -
Technological Complexity
Digital systems expand data flows but create risks of misinformation, bias, or manipulation. -
Trust and Transparency
Stakeholders expect honest reporting. Once trust is broken, as in Petrobras or Steinhoff, rebuilding credibility may take decades.
The American Accounting Association made a nice blog on a modern thing – Evaluating Blockchain Using COSO.
Best Practices: Keeping the Nervous System Healthy
- Tone at the Top
Leaders must actively communicate that integrity, openness, and transparency are non-negotiable. Without this tone, other practices lose credibility. - Leading by Example
Boards and executives must model the behavior they expect—sharing bad news honestly, admitting mistakes, and valuing feedback. Example is more powerful than any policy. - Clear Reporting Lines
Define how information travels upward and downward, ensuring no critical data is lost between levels. - Open Culture
Encourage employees to speak up without fear of retaliation, supported by whistleblower protections and psychological safety. - Use of Technology
Implement dashboards and real-time reporting, but govern them carefully to avoid bias or manipulation. - External Transparency
Communicate honestly with investors, regulators, and society. Trust built externally reinforces internal discipline. - Feedback Loops
Ensure communication is two-way—messages must not only be sent, but also received, understood, and acted upon.
Together, these practices ensure that information is not only generated but also trusted and used.
Conclusion
Information and communication are the lifeblood of internal control, the nervous system that connects governance to operations. Without them, radar cannot guide, brakes cannot steer, and monitoring cannot detect. The failures of Boeing, Tesco, Olympus, Steinhoff, and Petrobras prove that blocked or distorted communication is often the decisive factor in corporate collapse.
Organizations that treat information and communication as strategic assets—ensuring accuracy, timeliness, openness, and transparency—build resilience and trust.
In the next article, we will turn to Step 5 – Monitoring Activities, the continuous feedback loop that ensures internal control systems remain effective over time.
COSO Information and Communication
COSO Information and Communication
COSO Information and Communication COSO Information and Communication COSO Information and Communication COSO Information and Communication COSO Information and Communication COSO Information and Communication