The 17 Principles of Effective Internal Controls

Specific principles for developing and maintaining effective internal controls are listed in Internal Control — Integrated Framework. Originally released in 1992 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and updated in 2013, the framework lists the following 17 principles that explicitly describe the elements of an effective system of internal controls:

Internal Control Component


Control environment

1. Demonstrates commitment to integrity and values
2. Demonstrates independence and exercises oversight responsibility
3. Establishes structure, authority and responsibility
4. Demonstrates commitment to attracting, developing and retaining competent staff
5. Enforces accountability

Risk assessment

6. Specifies suitable, specific objectives
7. Identifies and analyzes risks
8. Assesses fraud risk
9. Identifies and analyzes significant changes

Control activities

10. Selects and develops control activities that help mitigate risks
11. Selects and develops general controls over technology
12. Bases controls on thorough policies and procedures

Information and communication

13. Uses relevant, high-quality information
14. Communicates internally to support controls
15. Communicates externally


16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies


Depending on a company’s facts and circumstances, implementing or making the transition to the framework can take time, so it’s a good idea to begin the process as soon as possible. Companies should begin by familiarizing themselves with the 17 principles and other COSO guidelines. Then, companies can evaluate the current state of their internal control system and develop a plan for correcting any weaknesses.

If your organization has not yet begun using the Integrated Framework, see our introduction, Implementing the COSO Integrated Framework.

To learn more about the COSO Framework, view The COSO Framework: Are Your Company’s Internal Controls Making the Grade?

If you would like more information about implementing or making the transition to the COSO framework, contact Weaver today.

Updated as of September 13, 2022.

© 2022

Want to read more articles like this?  Subscribe to our Weaver Monthly Insights