Committee of Sponsoring Organizations of the Treadway Commission (COSO)


The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is an organization dedicated to providing thought leadership and guidance on internal control, enterprise risk management and fraud deterrence.

Key developments with COSO

  • The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the updated Internal Control–Integrated Framework (2013 Framework) in May 2013. COSO announced that the 2013 Framework will supersede the original 1992 Framework at the end of the transition period (December 15, 2014).
  • The SEC commented that the Staff plans to monitor the transition for issuers using the 1992 Framework to evaluate whether and if any Staff or Commission actions become necessary or appropriate in the future. The Staff more recently commented that the longer issuers continue to use the 1992 Framework, the more likely they are to receive questions from the Staff about whether the issuer’s use of the 1992 Framework satisfies the SEC's requirement to use a suitable, recognized framework, particularly after December 15, 2014 when COSO will consider the 1992 Framework to have been superseded.
  • We strongly recommend that SEC Registrants subject to reporting requirements relating to internal control over financial reporting (ICFR) use the 2013 Framework for reporting periods ending on or after December 15, 2014. PCAOB Auditing Standard 5 requires external auditors to use the same internal control framework used by management to assess the design and operating effectiveness of the company’s ICFR.

Why COSO is important

  • COSO’s primary objectives for updating the Internal Control—Integrated Framework included (i) clarifying requirements for effective internal control, (ii) addressing changes in business (e.g., globalization, use and dependence on technology, complexity) that introduce or elevate risk of achieving entity objectives, and (iii) encouraging users to apply internal control to additional entity objectives (such as regulatory reporting, operations and compliance).
  • The 2013 Framework describes two additional requirements (in italics) for an effective system of internal control:
    - Each of the five components of internal control and relevant principles is present and functioning
    - The five components of internal control operate together in an integrated manner 
  • The seventeen principles set out in the 2013 Framework are fundamental concepts associated with the five components of internal control. These concepts were implicit in the 1992 Framework. The 2013 Framework explicitly requires that each relevant principle be present and functioning (i.e. designed and operating effectively) to demonstrate that all five components of internal control are present and functioning. The Firm has developed templates and guidance to help clients assess and document how the company’s ICFR satisfies the seventeen principles.
  • We do not believe the additional criteria fundamentally change what is required for an effective system of internal control over financial reporting. However, as management and internal auditors assess the design and operating effectiveness of the company’s ICFR in accordance with the 2013 Framework, they may identify internal control deficiencies that require remediation during 2014.


PwC videos and publications

Video: COSO 2013 - ICFR Transition
PwC - 3/13/14

Highlights how clients can effectively leverage PwC's four-phased approach to transition to the COSO 2013 Framework and utilize the Phase 2 mapping template.

Video: Internal control: COSO update
PwC - 9/17/13

PwC's Stephen Soske, Chuck Harris and Kassie Bauman discuss how companies should address the new COSO framework in their internal control processes.

Dataline: COSO issues the updated Internal Control-Integrated Framework and related illustrative documents
PwC - 5/14/13
On May 14, 2013, COSO published an updated Internal Control-Integrated Framework and related illustrative documents. This Dataline highlights noteworthy updates to the Framework, summarizes the purpose of the illustrative documents, and highlights key considerations for clients.

10Minutes on why the COSO Update deserves your attention
PwC - 5/14/13
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

Back to top

Select news releases

COSO launches survey to gain input on updating Enterprise Risk Management–Integrated Framework
COSO - 11/5/2014
COSO has launched an online survey designed to collect input on updating the COSO Enterprise Risk Management - Integrated Framework (Framework). Specifically, the objective of the survey is to obtain input on which areas of the Framework require updating and the nature and extent of those updates. COSO is particularly interested in how it might update the original Framework to make it more relevant in an increasingly complex business environment so that organizations worldwide can attain better value from their enterprise risk management programs.

COSO announces project to update Enterprise Risk Management–Integrated Framework
COSO - 10/21/2014
COSO announced a project to review and update the 2004 Enterprise Risk Management–Integrated Framework (Framework). The Framework is a widely accepted framework used by management to enhance an organization’s ability to manage uncertainty and to consider how much risk to accept as it strives to increase stakeholder value. This initiative is intended to (1) enhance the Framework’s content and relevance in an increasingly complex business environment and (2) develop tools to assist management in reporting risk information and in reviewing and assessing the application of enterprise risk management.

COSO issues paper on how COSO Frameworks improve organizational performance and governance
COSO - 2/12/2014
COSO has published a paper titled Improving Organizational Performance and Governance: How the COSO Frameworks Can Help to illustrate how the enterprise risk management (ERM) and internal control frameworks can contribute to enhancing organizational performance and governance for sustainable success and add value to governance strategies and business planning.

COSO Article Discusses Transition to 2013 Internal Control — Integrated Framework for Sarbanes-Oxley Section 404 Compliance
COSO - 6/06/2013
COSO has issued an article aimed at assisting public companies comply with Section 404 of the U.S. Sarbanes-Oxley Act of 2002. The article outlines an example of one approach to transitioning to COSO's 2013 Internal Control–Integrated Framework (Framework) from the original framework published in 1992.

COSO Issues Updated Internal Control-Integrated Framework and Related Illustrative Documents
COSO - 5/14/2013
COSO published its updated Internal Control–Integrated Framework (Framework) and related illustrative documents. Authored by PwC under the direction of the COSO Board, the updated Framework is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control.

Back to top