COSO’s Internal Control – Integrated Framework: Updated 2013 Edition

After its initial release of the framework 20 years ago, COSO has now come out with an updated edition in May 2013.  The updated Framework has considered changes in business and operating environment and accordingly expanded the operations and reporting objectives. What is more interesting (and the most prominent / significant one!!!) is that the updated Framework has articulated 17 principles of effective internal control.


I. Control Environment:

  1. The organization demonstrates a commitment to integrity and ethical values.
  2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
  3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
  4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
  5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.


II. Risk Assessment:

  1. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
  2. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
  3. The organization considers the potential for fraud in assessing risks to the achievement of objectives.
  4. The organization identifies and assesses changes that could significantly impact the system of internal control.


III. Control Activities:

  1. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
  2. The organization selects and develops general control activities over technology to support the achievement of objectives.
  3. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.


IV. Information and Communication:

  1. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
  2. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
  3. The organization communicates with external parties regarding matters affecting the functioning of internal control.


V. Monitoring Activities:

  1. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
  2. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.


Apart from listing these 17 principles, the updated Framework has also described important characteristics of these principles though ‘points of focus’ aimed at clarifying requirements for effective internal control. ‘Points of focus’ are anticipated to provide helpful guidance to assist organization in designing, implementing and conducting internal control and in assessing whether relevant principles are present and functioning.

The updated Framework is expected to increase the ease of use and broaden application by expanding operations and reporting objectives. It seems that the updated Framework is intending to create a more formal structure for designing and evaluating the effectiveness of internal control. In my view, it is also reflecting the increased relevance of technology.(Principle 11) Considering the Enron, WorldCom saga, 2008 global financial crisis, etc, the updated Framework has given specific consideration to anti-fraud subject in relation to internal control.

Organizations currently using the original 1992 Framework should be able to establish their transition plan to move to updated 2013 Framework. The onus is on these organizations to apply the updated Framework by December 2014 for external reporting.


2 Responses to “COSO’s Internal Control – Integrated Framework: Updated 2013 Edition”

  1. 1 Abhilash David
    July 4, 2013 at 8:33 am

    Informative article. Usually I find reading Standards and Framework boring, but you have made it interesting and lead us to the substance directly. Thanks for your efforts! Great, keep it up!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


July 2013
« Jun   Aug »



Online Accounting Degree blog feature

%d bloggers like this: