Internal Control - Integrated Framework: Executive Summary, Framework and Appendices, and Illustrative Tools for Assessing Effectiveness of a System of Internal Control (3 volume set)
Issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the 2013 Internal Control–Integrated Framework is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework in 1992. The new Framework retains the core definition of internal control and the five components of internal control, and it continues to emphasize the importance of management judgment in designing, implementing, and conducting a system of internal control, and in assessing its effectiveness. It broadens the application of internal control in addressing operations and reporting objectives, and clarifies the requirements for determining what constitutes effective internal control.
The Framework comprises the following three volumes:
Executive Summary – This provides a high-level overview intended for the board of directors, chief executive officer, and other senior management. The Executive Summary:
- Lays out the definition, and limitations, of internal control, and the requirements for an effective system of internal control, including a description of the roles of components and principles.
- Highlights several important enhancements and clarifications that are intended to ease use and application of the Framework.
Framework and Appendices – The Framework and Appendices sets forth the five components and seventeen principles of an effective system of internal control, illustrates many approaches and examples relating to entity objectives, and provides direction for all levels of management to use in designing, implementing and conducting a system of internal control, and in assessing its effectiveness. The Framework assists management, boards of directors, external stakeholders, and others interacting with the entity in their respective duties regarding an entity's system of internal control without being overly prescriptive. The Appendices provide additional reference material, including:
- a glossary of key terminology, a discussion of roles and responsibilities of both responsible and external parties,
- a discussion of the methodology used for revising the Framework,
- a discussion of comment letters received during the public exposures of the proposed drafts of the Framework,
- a summary of changes to the COSO Internal Control-Integrated Framework (1992), and
- a comparison with the COSO Enterprise Risk Management-Integrated Framework.
Illustrative Tools for Assessing a System of Internal Control (Tools) – The Tools provide illustrative templates and scenarios that may be useful in applying the Framework. It can help management in assessing whether a system of internal control meets the requirements for effective internal control.
The scenarios illustrate several practical examples of how the templates can be used to support an assessment of effectiveness of a system of internal control. The templates and scenarios focus on evaluating components and relevant principles, not the underlying controls (e.g., transaction level control activities) that affect the relevant principles.
Customizable templates included with your purchase!
You will receive a link to an Excel file containing four different templates from the Illustrative Tools, including:
- Overall Assessment
You may customize the blank templates to match the facts and circumstances in your particular organization for your assessment process. A link to the file will be included with your order confirmation and the web page URL is referenced throughout the Framework for easy access.
Save when you purchase the Internal Control – Integrated Framework and Compendium Bundle!
In 1992 the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its Internal Control—Integrated Framework (the original framework). The original framework has gained broad acceptance and is widely used around the world. It is recognized as a leading framework for designing, implementing, and conducting internal control and assessing the effectiveness of internal control.
In the twenty years since the inception of the original framework, business and operating environments have changed dramatically, becoming increasingly complex, technologically driven, and global. At the same time, stakeholders are more engaged, seeking greater transparency and accountability for the integrity of systems of internal control that support business decisions and governance of the organization.
COSO is pleased to present the updated Internal Control—Integrated Framework (Framework). COSO believes the Framework will enable organizations to effectively and efficiently develop and maintain systems of internal control that can enhance the likelihood of achieving the entity’s objectives and adapt to changes in the business and operating environments.
The experienced reader will find much that is familiar in the Framework, which builds on what has proven useful in the original version. It retains the core definition of internal control and the five components of internal control. The requirement to consider the five components to assess the effectiveness of a system of internal control remains fundamentally unchanged. Also, the Framework continues to emphasize the importance of management judgment in designing, implementing, and conducting internal control, and in assessing the effectiveness of a system of internal control.
At the same time, the Framework includes enhancements and clarifications that are intended to ease use and application. One of the more significant enhancements is the formalization of fundamental concepts that were introduced in the original framework. In the Framework, these concepts are now principles, which are associated with the five components, and which provide clarity for the user in designing and implementing systems of internal control and for understanding requirements for effective internal control.
The Framework has been enhanced by expanding the financial reporting category of objectives to include other important forms of reporting, such as non-financial and internal reporting. Also, the Framework reflects considerations of many changes in the business and operating environments over the past several decades, including:
- Expectations for governance oversight
- Globalization of markets and operations
- Changes and greater complexities in business
- Demands and complexities in laws, rules, regulations, and standards
- Expectations for competencies and accountabilities
- Use of, and reliance on, evolving technologies
- Expectations relating to preventing and detecting fraud
An Executive Summary provides a high-level overview intended for the board of directors, chief executive officer, and other senior management. This Framework and Appendices publication sets out the Framework, including the definition of internal control, requirements for effective internal control including components and relevant principles, and direction for all levels of management in designing, implementing, and conducting internal control and in assessing its effectiveness. Included within the Framework and Appendices publication are ten chapters that constitute the Framework.
Appendices within the Framework and Appendices publication provide reference, but are not considered a part of the Framework. The Illustrative Tools for Assessing Effectiveness of a System of Internal Control provides templates and scenarios that may be useful in applying the Framework.
In addition to the Framework, Internal Control over External Financial Reporting: A Compendium of Approaches and Examples has been published concurrently to provide practical approaches and examples that illustrate how the components and principles set forth in this Framework can be applied in preparing external financial statements.
COSO previously issued Guidance on Monitoring Internal Control Systems to assist organizations in understanding and applying monitoring activities within a system of internal control. While this guidance was prepared to help in applying the original framework, COSO believes that it has similar applicability to the updated Framework. COSO may, in the future, issue other documents to provide assistance in applying the Framework. However, neither the Internal Control over External Financial Reporting: A Compendium of Approaches and Examples, Guidance on Monitoring Internal Control Systems, nor any other past or future guidance takes precedence over the Framework.
Among other publications published by COSO is the Enterprise Risk Management— Integrated Framework (ERM Framework). The ERM Framework and the Framework are intended to be complementary, and neither supersedes the other. Yet, while these frameworks are distinct and provide a different focus, they do overlap. The ERM Framework encompasses internal control, with several portions of the text of the original framework reproduced within that document. The ERM Framework remains a viable and suitable framework for designing, implementing, and conducting and assessing the effectiveness of enterprise risk management.
Finally, the COSO Board would like to thank PwC and the Advisory Council for their contributions in developing the Framework and related documents. Their full consideration of input provided by many stakeholders and their insight were instrumental in ensuring that the core strengths of the original framework have been preserved, clarified, and strengthened.
David L. Landsittel
About the Publisher