The company forms a committee to identify specific risks inside of the company related to information technology. As shown in the COSO cube, this action is related to organizational structure.

Question

Quizplus · Accepted Answer

This action is related to the "Risk Assessment" component of the COSO framework, not directly to the organizational structure. The COSO cube includes components like the internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. Organizational structure is part of the internal environment, but identifying specific IT risks falls under risk assessment.

The Company Forms a Committee to Identify Specific Risks Inside