What Is The COSO Framework?The COSO model defines internal control as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance of the achievement of objectives in the following categories:Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations” In an “effective” internal control system, the following five components work to support the achievement of an entity’s mission, strategies and related business objectives.1. Control EnvironmentIntegrity and Ethical ValuesCommitment to CompetenceBoard of Directors and Audit CommitteeManagement’s Philosophy and Operating StyleOrganizational StructureAssignment of Authority and ResponsibilityHuman Resource Policies and Procedures2. Risk AssessmentCompany-wide ObjectivesProcess-level ObjectivesRisk Identification and AnalysisManaging Change3. Control Activities
Policies and ProceduresSecurity (Application and Network)Application Change ManagementBusiness Continuity/BackupsOutsourcing4. Information and CommunicationQuality of InformationEffectiveness of Communication5. MonitoringOngoing MonitoringSeparate EvaluationsReporting DeficienciesThese components work to establish the foundation for sound internal control within the company through directed leadership, shared values and a culture that emphasizes accountability for control. The various risks facing the company are identified and assessed routinely at all levels and within all functions in the organization. Control activities and other mechanisms are proactively designed to address and mitigate the significant risks. Information critical to identifying risks and meeting business objectives is communicated through established channels up, down and across the company. The entire system of internal control is monitored continuously and problems are addressed timely.The 'Committee of Sponsoring Organizations of the Treadway Commission' ('COSO') is a joint initiative to combat corporate fraud. It was established in the United States by five private sector organizations, dedicated to guiding executive management and government entities in relevant aspects of organizational governance, business ethics, internal control, business risk management, fraud and financial reports. COSO has established a common internal control model against which companies and organizations can evaluate their control systems. COSO has the support of five support organizations: theInstitute of Management Accountants (IMA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA) and Financial Executives International (FEI).
The COSO framework involves several key concepts:Internal Control is a "process". It is a means to an end, not an end in itself.