Home » IT & Tech Blogs » Information Technology » Business » What Is The Coso Framework?

What Is The Coso Framework?

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed in 1985. It guides businesses to help them manage risk, detect fraud, and enable overall good governance. COSO also helps organizations conform to laws such as the Sarbanes-Oxley Act (SOX) and the Foreign Corrupt Practices Act (FCPA).

Businesses in the United States have widely adopted the COSO framework for internal control. In 2013, COSO released the new framework, which took over from its predecessor in 1992. The Internal Control-Integrated Framework is a comprehensive document that guides effective internal control.

While the COSO Framework is widely accepted, it’s not mandatory. However, your organization stands to benefit from compliance because the cost of recovering from theft, fraud, and legal suits is higher than the cost of compliance.

The COSO History

COSO was formed in 1985 by five American organizations in auditing and finance to sponsor the National Commission on Fraudulent Reporting (NCFR). The goal was to study organizations, understand fraud and false reporting, and device ways to tackle fraudulent activity and protect all stakeholders. However, to manage reporting and controls, the members had to create a standard description for internal control, which led to publishing the first framework in 1992.

Since the business world is continuously changing, primarily due to technological and legal innovations, an update was well overdue. In 2013, COSO published an updated framework that could address internal control in current businesses.

Understanding the COSO Framework

The Internal Control-Integrated Framework provides a clear and acceptable definition for internal control and also provides a standard against which businesses can evaluate their internal control. The definition sheds light on several aspects of internal control that all business executives and members can follow to achieve organizational objectives.

  • Creating internal control is continuous rather than the last stop. The business environment is always changing, and making changes to internal controls is essential for survival.
  • Internal controls can help businesses achieve operational, compliance, and reporting objectives.
  • The people in the organization, whether directors, management, or staff, put internal controls into effect. In this aspect, internal control and company culture are entwined.
  • Organizations can adopt internal control into their subsidiaries and divisions to streamline business structure.
  • While internal controls provide adequate assurance but aren’t absolute- the effectiveness of internal controls is not pegged on their existence but their application.

COSO Framework – Main Elements

The COSO Framework lists five elements of internal control. Each component has several principles that businesses can use to measure their effectiveness. These controls work as a foundation for establishing unique internal control.

Control Environment

  • Commit to being proficient by seeking and retaining competent people.
  • Maintain ethical values and hold people accountable for their actions.
  • Create an independent board and audit committee.
  • Structure of the responsibilities and authority lines should support the operating styles.

Risk Assessment

  • Specify company objectives.
  • Conduct a risk assessment to identify the risks that come with all business objectives.
  • Establish procedures for change management.

Control Activities

  • Follow company policies.
  • Apply change management policies.
  • Boost business security
  • Establish business fallback plans when changing
  • Outsource skills

Information and Communication

  • Establish processes to control the quality of information used internally and externally.
  • Ensure the effectiveness of information and communication.


  • Monitor ongoing performance.
  • Conduct evaluations to measure performance.
  • Report any shortages.

The Types of Internal Control

The components of the COSO Framework establish a guideline for achieving three types of objectives:

Operations objectives: These objectives apply to an organization’s operational and financial objectives that protect the business against losses.

Reporting objectives: Concerns any controls over the transparency, aptness, accountability, and reliability of both financial and non-financial reporting.

Compliance objectives: These objectives apply to relevant policies and compliance with regulations.

Where Does the COSO Framework Apply?

The application of internal control applies to the organizational structure. Organizations can use the internal framework to gauge the effectiveness of internal control at the:

  • Entity level
  • Division level
  • Operating Unit
  • Function level

The application of the COSO Framework changes as we move up the organization. At the entity level, the management has an indirect relationship to operations, which makes it’s harder to track them. The size and complexity of the company also affect controls at higher levels.

Implementing the COSO Framework

Appoint a team: Directors should delegate the planning and application of internal control to an internal committee. The team should have managers and competent staff who can advise on what the organization needs.

Create a plan: The team should forge a plan to implement controls. The plan should detail the team member’s responsibilities, the implementation schedule, and scope.

Evaluate the framework: The team should analyze the framework and assess it against the organization’s structure.

Evaluate the organization: An analysis of the organization’s structure, risks, gaps and performance

Design and test: Once the gaps are identified, the team should create and implement controls and measure their effectiveness in the organization.

Optimize controls: After designing and testing, approved controls should be optimized to achieve business goals.

Bottom line

Effective internal control ensures that all stakeholders benefit from transparent processes, and organizations achieve their objectives. It also helps businesses comply with regulations and manage risk and change.

Originally posted 2020-05-28 18:29:29. Republished by Blog Post Promoter

Check Also

How an Inbound Call Center Solution Providers Can Improve Customer Satisfaction?

Inbound call center solution providers play a crucial role in improving customer satisfaction. They serve …

Information Technology Blog

Accessibility Tools