COSO Framework’s 17 Principles of Effective Internal Control

Read the most updated version here

Earlier this year, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) updated its Internal Control — Integrated FrameworkThe updated principles-based framework, which supersedes the original 1992 framework, now explicitly describes its principles rather than simply implying them, thus making it easier for companies to apply the principles. The revised COSO framework’s 17 principles of effective internal control are as follows:

Internal Control Component Principles
Control environment
  1. Demonstrate commitment to integrity and ethical values
  2. Ensure that board exercises oversight responsibility
  3. Establish structures, reporting lines, authorities and responsibilities
  4. Demonstrate commitment to a competent workforce
  5. Hold people accountable
Risk assessment
  1. Specify appropriate objectives
  2. Identify and analyze risks
  3. Evaluate fraud risks
  4. Identify and analyze changes that could significantly affect internal controls
Control activities
  1. Select and develop control activities that mitigate risks
  2. Select and develop technology controls
  3. Deploy control activities through policies and procedures
Information and communication
  1. Use relevant, quality information to support the internal control function
  2. Communicate internal control information internally
  3. Communicate internal control information externally
  1. Perform ongoing or periodic evaluations of internal controls (or a combination of the two)
  2. Communicate internal control deficiencies


Depending on a company’s facts and circumstances, making the transition to the updated framework can take time, so it’s a good idea to begin the process as soon as possible. Companies may begin by familiarizing themselves with the aforementioned 17 principles and other COSO guidelines. Then, companies may evaluate the current state of their internal control system and develop a plan for correcting any weaknesses.

To learn more about the revised COSO Framework, view the Weaver Insights article Updated COSO Framework: Will Your Company’s Internal Controls Make the Grade?

Copyright © 2013 Thomson Reuters / BizActions.