Activity
Report deficiencies upstream
Monitor IT operations ICS
Description
Comment
"Deficiencies in an entity’s enterprise risk management may surface from many sources, including the entity's ongoing monitoring procedures, separate evaluations and external parties.
The term “deficiency” refers to a condition within the enterprise risk management process worthy of attention. A deficiency, therefore, may represent a perceived, potential or real shortcoming, or an opportunity to strengthen the process to increase the likelihood that the entity’s objectives will be achieved."
COSO
Organisation
Responsible
Input/Output
Output data