Ever wonder how critical your hotline is?  Here is what experts on COSO have to say about hotlines:

Title: Leveraging COSO Across the Three Lines of Defense

By

The Institute of Internal Auditors

Douglas J. Anderson & Gina Eubanks

Figure Heading: “Principle 1. The organization demonstrates a commitment to integrity and ethical values.”

Section Heading: “2nd Line of Defense (Risk, Control, and Compliance)

Quote: “• Specific members of the 2nd Line may be requested to support compliance hotlines, investigate potential wrongdoing, or perform other specific duties related to integrity and ethical values.”

 

Figure Heading: “Principle 14. The organization internally communicates information, including objective and responsibilities for internal control, necessary to support the functioning of internal control.”

Section Heading: “1st Line of Defense (Risk Owners/Managers)

Quote: “• Establishes separate communication channels such as whistleblower hotlines, which serve as fail-safe mechanisms to enable anonymous or confidential communication when normal channels are inoperative or ineffective.”

 

Title: 2013 COSO Framework Deloitte Training

Deloitte

Heading: “Demonstrates Commitment to Integrity and Ethical Values (cont.)” “ICEFR Examples”

Quote: “Evaluating misconduct reported through an anonymous hotline”

 

Heading: “Principle 14 Communicates Internally” “Enhanced Aspects of Principle 14:”

Quote: “Providing separate channels of communication for anonymous or confidential communication when normal communication channels are inoperative or ineffective (e.g., through whistle-blower hotlines).”

 

Heading: “Principle 15 Communicates Externally” “Enhanced Aspects of Principle 15:

Quote: “Providing separate channels of communication for anonymous or confidential communication when normal communication channels are inoperative or ineffective (e.g., through whistle-blower hotlines).”

 

The Wall Street Journal

Risk & Compliance Journal

Deloitte

Risk management strategy and analysis from Deloitte

Title: The 2013 COSO Framework and the Audit Committee

 

Heading: “COSO and the Role of the Board and Audit Committee”

Quote: “The establishment and maintenance of open lines of communication between management and the board, and the provision of separate lines of communication, such as whistleblower hotlines.”

 

Title: Updated 2013 COSO Framework – fraud risk assessments

Subtitle: Fraud Investigation & Dispute Services

(No Stated Author. Source: www.ey.com)

Previous Heading: “EY fraud risk assessment approach”

“The assessment incorporates a multilevel approach to fully assess the company’s risk of fraud”

Chart Section Heading: “Entity level review”

Examples include:

  • Event reporting/whistle-blower hotlines
  • Compliance resources/staffing
  • Compliance monitoring plan

 

Title: An Overview of the COSO 2013 Framework

KPMG

Section Heading: “Information and Communication: Principle #14 and Points of Focus”

Figure Heading: “The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control.”

List Heading: “Points of Focus”

Point: Provides separate communication lines – Separate communication channels, such as whistle blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication

 

Section Heading: “Information and Communication: Principle #15 and Points of Focus”

Figure Heading: “15. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control.”

List Heading: “Points of Focus”

Point: “Provides separate communication lines – Separate communication channels, such as whistle blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication”

 

 

Title: Fraud Risk Management Guide

Subtitle: A joint publication of COSO and the ACFE

Heading: Fraud Risk Assessment Scorecard

Heading: “Considering Various Types of Fraud”

Quote: “Our fraud risk assessment team gathers information about potential fraud from internal sources such as interviews with personnel, brainstorming sessions, complaints received from the whistleblower hotline, and analytical procedures.”

Get a Quote or a Demo.

We are responsive, friendly, and easy to work with.

Reach Us

Red Flag Reporting
P.O. Box 4230, Akron, Ohio 44321

Tel: 877-676-6551
Fax: 330-572-8146

Follow Us:

Blog Categories

Financial
HR & Work Environment
Safety
Hotlines
Other
Red Flag Reporting

Share This Blog!

Related Posts

  • An exhausted employee sits at a desk staring blankly at paperwork, representing moral fatigue in the workplace and the struggle to report unethical behavior.

    April 20, 2026

    Moral Fatigue: Why Ethical Employees Sometimes Look the Other Way

  • An image of two hands holding a bowl of food. Children play in the background. The words "303,000 Meals Provided" are along the bottom of the image. All reflective of Red Flag Reporting's Title Sponsorship of Grace Race 5k.

    April 20, 2026

    Red Flag Reporting: Title Sponsor of the Grace Race 5K — Again!

  • A dual-panel infographic on AI Shadow IT. Left: An employee uses AI bots to drive efficiency and automation. Right: A concerned manager faces hidden risks, including data exposure, compliance gaps, and documentation issues that appear silently before leadership is aware.

    April 1, 2026

    The Rise of Insider AI Shadow IT: How Employee‑Created Automations Introduce New Compliance Risks