Implementing the COSO Integrated Framework

What’s Inside

Today’s business environment is highly automated and globally connected. Remote workforces are common and businesses face increasing expectations for transparency. The COSO Internal Control-Integrated Framework acknowledges these evolving risk factors, while  codifying earlier principles-based internal control components into 17 foundational principles. This framework has enabled organizations to effectively address internal control concerns, and over the past decade has proven to be both flexible and robust.

The Committee of the Sponsoring Organizations of the Treadway Commission (COSO) released its Internal Control-Integrated Framework in May 2013, updating its original 1992 guidance. The framework was originally recommended by COSO and the Institute for Internal Auditors (IIA) for companies that must comply with Security and Exchange Commission (SEC) regulations such as Sarbanes-Oxley (SOX). Since its publication, though, the COSO framework has been used by a wide variety of organizations, from private companies to government agencies, who have seen how it could help them manage risk and improve their processes. The framework continues to be the benchmark standard and has withstood the test of time.

Key Points

Risk management is now at the forefront of effective management, with governance as one of the cornerstones of Environmental, Social and Governance (ESG) reporting. The public increasingly demands ethically sourced goods and services from companies that are fair to all employees, diverse and equitable. They seek out companies that pursue sustainability, leverage technology and protect customers’ privacy. All of these attributes of the current business environment are already built into the COSO framework.

This white paper lays out a basic approach any organization can use to understand and begin implementing the Integrated Framework, including:

• Benefits of the COSO Integrated Framework
• Implementing the COSO Framework
  • Five components, 17 principles
  • The four levels of internal control maturity
• Check Your Controls: A COSO Maturity Self-Assessment

The self-assessment will help your organization begin to understand strengths, weaknesses and gaps in your existing internal control processes. Use it to guide your planning and resources as you implement or strengthen your use of the COSO framework.

Why It Matters

The COSO framework provides direction for effectively mitigating the risks associated with adverse events, providing the flexibility to change as technology and risks evolve. Migrating to the COSO framework prompts an organization to engage in self-assessment, a process that leads to identification of control gaps, ineffective controls, redundant controls and potential improvements.

By ensuring that an effective internal control framework is in place, you can be better equipped to mitigate risks and respond to opportunities. Efficiency, trust and confidence follow, enabling you to more effectively pursue your business strategies.

©2022