COSO-ERM is the same organization that provides the internal control framework used to assess controls for financial reporting and therefore Sarbanes-Oxley compliance for most public companies. It does not specify controls or provide checklists as would the major information security frameworks. The framework is divided into five components with each having between 3 to 5 principles that provide a consistent process enabling communication of cybersecurity issues into practical business considerations. Technology risk professionals can use its guidance to develop effective and business accepted information programs and strategies.”]