COSO Provides Framework for Internal Controls

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a flexible framework for designing, implementing and evaluating internal controls. Internal controls help reduce fraud, improve accuracy and financial reporting and maintain consistent practices across an organization.

Updated in 2013, the COSO framework isn’t a legal requirement but is considered a best practice and is widely adopted in the US. The framework is built around five core concepts, further broken down into 17 principles that provide guidelines on how to achieve the goals of the corresponding concept.

COSO’s core concepts include the following:

Control environment — the set of standards, processes and structures that provide the basis for carrying out internal controls

Risk assessment — the process for identifying and assessing organizational risks

Control activities — actions that help ensure that management’s risk management directives are carried out

Information and communication — the flow of information necessary to support the internal control function, including communication between internal and external stakeholders

Monitoring — ongoing performance evaluation and reporting of any deficiencies found
COSO emphasizes that all five components must be in place and functioning in order to be effective. However, this doesn’t mean your executive team can’t exercise judgment when determining which controls are most appropriate. As a principle-based framework, COSO is designed to provide flexibility.

Remember, the ability to achieve your mission is sometimes based on your best and most valuable asset: your reputation. Formally adopting COSO conveys to regulators, volunteers and donors that your organization is committed and focused on good governance and accountability.

As with any model or framework, it can be difficult to turn abstract concepts into operational outcomes and processes. Understanding the cost-benefit relationship for certain controls as well as quantifying the organization’s risk tolerance may require some outside expertise.

Please contact us at 434.296.2156 or complete the form below to discuss COSO and how it might work in your organization.

© Copyright 2019 Thomson Reuters. All rights reserved. Republication or redistribution of Thomson Reuters content, including by framing or similar means, is prohibited without the prior written consent of Thomson Reuters. Thomson Reuters and the Kinesis logo are trademarks of Thomson Reuters and its affiliated companies.

Disclaimer of Liability
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability and fitness for a particular purpose.