The COSO Financial Controls Framework

마지막 업데이트: 2025년 01월 18일

Search Sox-Online  

    SOX-online: The Vendor-Neutral Sarbanes-Oxley Site

The COSO Financial Controls Framework: 1992 version

This page describes the original, 1992 COSO Financial Controls Framework.

See also

the 2004 Enterprise Risk Management (ERM) COSO Framework

The original COSO framework is outlined in a document:

1992 COSO Report: Internal Control – An Integrated Framework.

This document identifies what the commission believed to be the fundamental and essential objectives of any business or government entity:

  • economy and efficiency of operations, including safeguarding of assets and achievement of desired outcomes;
  • reliability of financial and management reports; and
  • compliance with laws and regulations.

Purpose

Describes a unified approach for evaluation of the internal control systems that management has designed to:

  • provide reasonable assurance of achieving corporate mission, objectives, goals and desired outcome,
  • while adhering to laws and regulations
  • allow the company to accurately report successes and outcomes to the public and interested third parties.

    and

  • serves as a common basis for managements, directors, regulators, academics and others to better understand enterprise risk management, its benefits and limitations, and to effectively communicate about enterprise risk management

Control Components

The COSO Cube

The original COSO framework contains five control components needed to help assure sound business objectives. The control components are:

  • Control Environment.
  • Risk Assessment.
  • Control Activities.
  • Information and Communication.
  • Monitoring.

More specifically, the thought process behind these five components was that they would work together to support efforts to achieve an organization’s mission, strategies and related business objectives. All five components would need to be in place to achieve an “effective” internal control system.

Control Environment

– Integrity and Ethical Values

– Commitment to Competence

– Board of Directors and Audit Committee

– Management’s Philosophy and Operating Style

– Organizational Structure

– Assignment of Authority and Responsibility

– Human Resource Policies and Procedures

Risk Assessment

– Company-wide Objectives

– Process-level Objectives

– Risk Identification and Analysis

– Managing Change

Control Activities

– Policies and Procedures

– Security (Application and Network)

– Application Change Management

– Business Continuity / Backups

– Outsourcing

Information and Communication

– Quality of Information

– Effectiveness of Communication

Monitoring

– On-going Monitoring

– Separate Evaluations

– Reporting Deficiencies

In 2004, COSO was updated. Read about the 2004 Enterprise Risk Management (ERM) COSO Framework

here





You’re Currently in the
COSO & COBIT
Section of Sox-Online.

In this Section:

COSO & COBIT Center

COSO
Original COSO Framework
Original COSO Cube
2004 COSO Framework
2004 COSO Cube
COBIT
Mapping COBIT

2 Frameworks
SEC on Frameworks
SEC Chairman Comments

Below: additional site sections.
Navigate to the featured pages listed for additional resources in many of the sections.


Home Page

Welcome to Sox-Online


SOX Information


The Basics
The Act Itself
The Act – Sections
The Act -TOC

Security
Ethics
Nonprofits
Sarbanes & Oxley
SOX Resources


Special Collections

COSO & COBIT Center
SEC & PCAOB Center
Accounting & Auditing Center
GRC – Governance, Risk & Compliance

Humor

SOX Humor

Why SOX Happened

Shocking SOX Stuff

Dear Ms. SarBox

SOX Cartoons

Sing-Along With Sarbox

Enron Cartoons

Enron Satire

문의하기 - [email protected] | © 카피라이트 2025, Sox-Online.com