coso internal control — integrated framework principles · for more information about coso, visit...

For more informationabout COSO,visit coso.org.

©2013, Committee of Sponsoring Organizations of the Treadway Commission (COSO). Used by permission.

COSO Internal Control —Integrated Framework Principles

The organization demonstrates acommitment tointegrity and ethical values.

The board of directors demonstratesindependence from management andexercises oversight of the development andperformance of internal control.

Managementestablishes, with boardoversight, structures, reporting lines, andappropriate authorities and responsibilitiesin the pursuit ofobjectives.

The organization demonstrates acommitment to attract, develop, and retaincompetent individuals in alignment withobjectives.

The organization holds individualsaccountable for their internal controlresponsibilities in the pursuit of objectives.

Control Environment

Risk Assessment

Control Activities

Information &Communication

MonitoringActivities

The organizationspecifies objectives with sufficient clarityto enable theidentification and assessment of risks relating to objectives.

The organizationidentifies risks to theachievement of its objectives across theentity and analyzes risks as a basis fordetermining howthe risks should be managed.

The organizationconsiders the potential for fraud in assessing risks to theachievement ofobjectives.

The organizationidentifies and assesseschanges that could significantly affectthe system ofinternal control.

The organization selects and developscontrol activities that contribute to themitigation of risks tothe achievement ofobjectives toacceptable levels.

The organization selects and develops general controlactivities overtechnologyto support theachievement ofobjectives.

The organizationdeploys controlactivities through policies that establish what is expectedand proceduresthat put policiesinto action.

The organization obtains or generates and uses relevant, quality informationto support thefunctioning of internal control.

The organization internally communicatesinformation, including objectives andresponsibilities for internal control,necessary to support the functioning ofinternal control.

The organization communicates withexternal partiesregarding matters affecting thefunctioning ofinternal control.

The organization selects, develops, and performsongoing and/or separate evaluations to ascertain whether the componentsof internal controlare presentand functioning.

The organization evaluates andcommunicates internal control deficienciesin a timely mannerto those partiesresponsible for taking corrective action, including senior management and the boardof directors, asappropriate.

1

2

3

6

7

8

9

10

13

16

17

14

15

11

12

4

5

COSO