COSO Financial Controls  Frameworks
Home > COSO & COBIT Center > COS0 - The Early Years > COS0 Framework

1992 COSO Report:
Internal Control – An Integrated Framework.
This document identifies the fundamental and essential objectives of any business or government entity: economy and efficiency of operations, including safeguarding of assets and achievement of desired outcomes; reliability of financial and management reports; and compliance with laws and regulations.

Purpose
Describes a unified approach for evaluation of the internal control systems that management has designed to:
  • provide reasonable assurance of achieving corporate mission, objectives, goals and desired outcome,
  • while adhering to laws and regulations
  • allow the company to accurately report successes and outcomes to the public and interested third parties.

    and
  • serves as a common basis for managements, directors, regulators, academics and others to better understand enterprise risk management, its benefits and limitations, and to effectively communicate about enterprise risk management
Control Components
The COSO Cube
The original COSO framework contains five control components needed to help assure sound business objectives. The control components are:
  • Control Environment.
  • Risk Assessment.
  • Control Activities.
  • Information and Communication.
  • Monitoring.
2004 COSO Document:
Enterprise Risk Management (ERM) COSO Framework
The New COSO Cube
The new Enterprise Risk Management (ERM) COSO framework emphasizes the importance of identifying and managing risks across the enterprise. The new COSO framework consists of eight components:
  • Internal control environment
  • Objective setting
  • Event identification
  • Risk assessment
  • Risk response
  • Control activities
  • Information and communication
  • Monitoring.
The three new components of the COSO framework are Objective setting, Event identification, and Risk response.

Objectives
Internal control is a broadly defined process. Ultimately carried out by people, it is designed to provide reasonable assurance regarding the achievement of the following three objectives:
  • Economy and efficiency of operations, including achievement of performance goals and safeguarding of assets against loss
  • Reliable financial and operational data and reports.
  • Compliance with laws and regulations.
Mainframe Compliance
ComplianceCopy automates preparing compliant copies of mainframe databases.
ComplianceCopy from Sox Tools


1 1