coso internal control — integrated framework principles sprin… · coso internal control —...

For more informationabout COSO,visit coso.org.

©2013, Committee of Sponsoring Organizations of the Treadway Commission (COSO). Used by permission.

COSO Internal Control —Integrated Framework Principles

The organization demonstrates acommitment tointegrity and ethical values.

The board of directors demonstratesindependence from management andexercises oversight of the development andperformance of internal control.

Managementestablishes, with boardoversight, structures, reporting lines, andappropriate authorities and responsibilitiesin the pursuit ofobjectives.

The organization demonstrates acommitment to attract, develop, and retaincompetent individuals in alignment withobjectives.

The organization holds individualsaccountable for their internal controlresponsibilities in the pursuit of objectives.

The organization

Control Environment

Risk Assessment

Control Activities

Information &Communication

MonitoringActivities

The organization

to enable the

assessment of risks relating to objectives.

The organization

achievement of its objectives across theentity and analyzes risks as a basis fordetermining howthe risks should be managed.

The organizationconsiders the potential for fraud in assessing risks to theachievement ofobjectives.

The organization

changes that could

the system ofinternal control.

The organization selects and developscontrol activities that contribute to themitigation of risks tothe achievement ofobjectives toacceptable levels.

The organization selects and develops general controlactivities overtechnologyto support theachievement ofobjectives.

The organizationdeploys controlactivities through policies that establish what is expectedand proceduresthat put policiesinto action.

The organization obtains or generates and uses relevant, quality informationto support thefunctioning of internal control.

The organization internally communicatesinformation, including objectives andresponsibilities for internal control,necessary to support the functioning ofinternal control.

The organization communicates withexternal partiesregarding matters affecting thefunctioning ofinternal control.

The organization selects, develops, and performsongoing and/or separate evaluations to ascertain whether the componentsof internal controlare presentand functioning.

The organization evaluates andcommunicates internal control

in a timely mannerto those partiesresponsible for taking corrective action, including senior management and the boardof directors, asappropriate.

it

TdT1

Td

2

Me

3

TT6

T7

Tcf

8

T9

TTs

10

To

13

TTs

16

Te

17

Tini

14

Tc

15

Ts

11

Td

12

Td

4

Ti

5

AsseA

COSO