Resource Articles Back to Article List

COSO’s Internal Control Framework Gets Updated

The Committee of Sponsoring Organizations of the Treadway Commission (COSO)* recently updated its Internal Control – Integrated Framework. COSO originally issued the framework in 1992 to address the need for a common approach to implementing and evaluating internal control.

While there are many differences between the original version and the updated revision, there are also several similarities. The definition of internal control remains unchanged:

Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

While accountants and auditors often think of internal control as a concept that only applies to numbers, the objectives noted in the definition reflect a much broader scope; applying to operations, both financial and non-financial reporting, and compliance. In many ways, these concepts are integral elements of corporate governance.

The 2013 framework revision also retains the same five components of internal control. These are Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring.

A few new concepts were introduced in the revised framework: principles and points of focus. Within the framework, each principle represents important concepts of each component. There are 17 principles across the five components.

The points of focus fall under each principle and reflect key elements. The points of focus have been developed to aid users of the framework in designing, implementing, and conducting internal control. They also help in determining whether various pieces of the framework have been implemented.

As part of the update to the framework, COSO released several other documents that provide more detail on internal control. Internal Control over External Financial Reporting – A Compendium of Approaches and Examples provides detailed examples of each component of internal control. Illustrative Tools for Assessing a System of Internal Control provides templates and a framework to assess a system of internal control.

To learn more visit COSO’s website.

*COSO is an independent private-sector initiative. Its mission is to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.