Ever wonder how critical your hotline is?  Here is what experts on COSO have to say about hotlines:

Title: Leveraging COSO Across the Three Lines of Defense

By

The Institute of Internal Auditors

Douglas J. Anderson & Gina Eubanks

Figure Heading: “Principle 1. The organization demonstrates a commitment to integrity and ethical values.”

Section Heading: “2nd Line of Defense (Risk, Control, and Compliance)

Quote: “• Specific members of the 2nd Line may be requested to support compliance hotlines, investigate potential wrongdoing, or perform other specific duties related to integrity and ethical values.”

 

Figure Heading: “Principle 14. The organization internally communicates information, including objective and responsibilities for internal control, necessary to support the functioning of internal control.”

Section Heading: “1st Line of Defense (Risk Owners/Managers)

Quote: “• Establishes separate communication channels such as whistleblower hotlines, which serve as fail-safe mechanisms to enable anonymous or confidential communication when normal channels are inoperative or ineffective.”

 

Title: 2013 COSO Framework Deloitte Training

Deloitte

Heading: “Demonstrates Commitment to Integrity and Ethical Values (cont.)” “ICEFR Examples”

Quote: “Evaluating misconduct reported through an anonymous hotline”

 

Heading: “Principle 14 Communicates Internally” “Enhanced Aspects of Principle 14:”

Quote: “Providing separate channels of communication for anonymous or confidential communication when normal communication channels are inoperative or ineffective (e.g., through whistle-blower hotlines).”

 

Heading: “Principle 15 Communicates Externally” “Enhanced Aspects of Principle 15:

Quote: “Providing separate channels of communication for anonymous or confidential communication when normal communication channels are inoperative or ineffective (e.g., through whistle-blower hotlines).”

 

The Wall Street Journal

Risk & Compliance Journal

Deloitte

Risk management strategy and analysis from Deloitte

Title: The 2013 COSO Framework and the Audit Committee

 

Heading: “COSO and the Role of the Board and Audit Committee”

Quote: “The establishment and maintenance of open lines of communication between management and the board, and the provision of separate lines of communication, such as whistleblower hotlines.”

 

Title: Updated 2013 COSO Framework – fraud risk assessments

Subtitle: Fraud Investigation & Dispute Services

(No Stated Author. Source: www.ey.com)

Previous Heading: “EY fraud risk assessment approach”

“The assessment incorporates a multilevel approach to fully assess the company’s risk of fraud”

Chart Section Heading: “Entity level review”

Examples include:

  • Event reporting/whistle-blower hotlines
  • Compliance resources/staffing
  • Compliance monitoring plan

 

Title: An Overview of the COSO 2013 Framework

KPMG

Section Heading: “Information and Communication: Principle #14 and Points of Focus”

Figure Heading: “The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control.”

List Heading: “Points of Focus”

Point: Provides separate communication lines – Separate communication channels, such as whistle blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication

 

Section Heading: “Information and Communication: Principle #15 and Points of Focus”

Figure Heading: “15. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control.”

List Heading: “Points of Focus”

Point: “Provides separate communication lines – Separate communication channels, such as whistle blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication”

 

 

Title: Fraud Risk Management Guide

Subtitle: A joint publication of COSO and the ACFE

Heading: Fraud Risk Assessment Scorecard

Heading: “Considering Various Types of Fraud”

Quote: “Our fraud risk assessment team gathers information about potential fraud from internal sources such as interviews with personnel, brainstorming sessions, complaints received from the whistleblower hotline, and analytical procedures.”

Get a Quote or a Demo.

We are responsive, friendly, and easy to work with.

Reach Us

Red Flag Reporting
P.O. Box 4230, Akron, Ohio 44321

Tel: 877-676-6551
Fax: 330-572-8146

Follow Us:

Blog Categories

Financial
HR & Work Environment
Safety
Hotlines
Other
Red Flag Reporting

Share This Blog!

Related Posts

  • A dual-panel infographic on AI Shadow IT. Left: An employee uses AI bots to drive efficiency and automation. Right: A concerned manager faces hidden risks, including data exposure, compliance gaps, and documentation issues that appear silently before leadership is aware.

    April 1, 2026

    The Rise of Insider AI Shadow IT: How Employee‑Created Automations Introduce New Compliance Risks

  • An illustration for a guide to "AI Workplace Fraud" that shows a laptop displaying a deepfake of a CEO requesting a fraudulent wire transfer, with a glowing connection to a physical vault.

    March 13, 2026

    AI Workplace Fraud Is Here — Deepfake Invoices, AI Phishing, and Synthetic Identity Fraud Are Targeting Your Organization Right Now

  • Illustration of a hand supporting a balanced scale with a person on one side and documents on the other, symbolizing the human side of compliance.

    February 16, 2026

    The Human Side of Compliance: Stories Behind the Calls