Committee of Sponsoring Organizations (COSO) | 1985

This Internal Control—Integrated Framework was developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission.

The American Accounting Organization (AAA), American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), Institute of Internal Auditors (IIA), and Institute of Management Accountants (IMA) Organizations seeking to scale find that this framework offered an approach to enterprise risk management (ERM) sensitive to variability from one organization to the next.

COSO began…as a result of a number of accounting scandals in the 1970s and mid-1980s. 

In 1985, COSO began as a private sector initiative to investigate the causal factors that lead to fraudulent financial reporting as a result of a number of accounting scandals in the 1970s and mid-1980s. It was established to sponsor the National Commission on Fraudulent Financial Reporting, which is an independent private-sector initiative that studied the underlying factors that can cause fraudulent financial reporting. It also developed recommendations for public companies and their independent auditors, for the U.S. Securities and Exchange Commission (SEC) and other regulators, and for educational institutions.

The COSO Framework help​​s organizations design and implement internal controls, broaden the application of internal controls in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control. The framework provides an applied risk management approach to internal controls.

Applicable to both external financial reporting and internal control activities, the COSO framework focuses on the interrelationships between stakeholders and processes and on establishing a risk assessment that starts with business objectives then implements plans based on risk appetite.

The internal control-integrated framework focuses on five components. According to COSO, an effective system of internal control has five integrated components working together to support the achievement of an organization’s mission, strategies, and related business objectives.

The Board of Directors acts as the starting point for all risk oversight, ultimately responsible for reviewing risk tolerance levels and creating a culture focused on minimizing risk in daily operations.

This publication is part of the web-book Public Risk Canon.