Read the most updated version here.
Earlier this year, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) updated its Internal Control — Integrated Framework. The updated principles-based framework, which supersedes the original 1992 framework, now explicitly describes its principles rather than simply implying them, thus making it easier for companies to apply the principles. The revised COSO framework’s 17 principles of effective internal control are as follows:
Internal Control Component |
Principles |
Control environment |
1. Demonstrates commitment to integrity and values |
Risk assessment |
6. Specifies suitable, specific objectives 7. Identifies and analyzes risks 8. Assesses fraud risk 9. Identifies and analyzes significant changes |
Control activities |
10. Selects and develops control activities that help mitigate risks 11. Selects and develops general controls over technology 12. Bases controls on thorough policies and procedures |
Information and communication |
13. Uses relevant, high-quality information 14. Communicates internally to support controls 15. Communicates externally |
Monitoring |
16. Conducts ongoing and/or separate evaluations |
Depending on a company’s facts and circumstances, making the transition to the updated framework can take time, so it’s a good idea to begin the process as soon as possible. Companies may begin by familiarizing themselves with the aforementioned 17 principles and other COSO guidelines. Then, companies may evaluate the current state of their internal control system and develop a plan for correcting any weaknesses.
To learn more about the revised COSO Framework, view the Weaver Insights article Updated COSO Framework: Will Your Company’s Internal Controls Make the Grade?
© 2013

The 17 Principles of Effective Internal Controls
Specific principles for developing and maintaining effective internal controls are listed in Internal…

Should Public Companies Be Asked to Publish Quarterly Financial Statements?
Should the Securities and Exchange Commission (SEC) relax its reporting rules so that public companies only issue statements every six…