The 17 Principles of Effective Internal Controls

Updated as of February 12, 2020.

Specific principles for developing and maintaining effective internal controls are listed in Internal Control — Integrated Framework. Originally released in 1992 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and updated in 2013, the framework lists the following 17 principles that explicitly describe the elements of an effective system of internal controls:

Internal Control Component


Control environment

1. Demonstrate commitment to integrity and ethical values
2. Ensure that board exercises oversight responsibility
3. Establish structures, reporting lines, authorities and responsibilities
4. Demonstrate commitment to a competent workforce
5. Hold people accountable

Risk assessment

6. Specify appropriate objectives
7. Identify and analyze risks
8. Evaluate fraud risks
9. Identify and analyze changes that could significantly affect internal controls

Control activities

10. Select and develop control activities that mitigate risks
11. Select and develop technology controls
12. Deploy control activities through policies and procedures

Information and communication

13. Use relevant, quality information to support the internal control function
14. Communicate internal control information internally
15. Communicate internal control information externally


16. Perform ongoing or periodic evaluations of internal controls (or a combination of the two)
17. Communicate internal control deficiencies


Depending on a company’s facts and circumstances, implementing or making the transition to the framework can take time, so it’s a good idea to begin the process as soon as possible. Companies should begin by familiarizing themselves with the 17 principles and other COSO guidelines. Then, companies can evaluate the current state of their internal control system and develop a plan for correcting any weaknesses.

To learn more about the COSO Framework, view The COSO Framework: Are Your Company’s Internal Controls Making the Grade?

If you would like more information about implementing or making the transition to the COSO framework, contact Weaver today.

Want to read more articles like this?  Subscribe to our Weaver Monthly Insights