The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a voluntary private-sector organization, established in the United States, dedicated to providing guidance to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. COSO has established a common internal control model against which companies and organizations may assess their control systems.
The COSO framework involves several key concepts:
- Internal control is a process. It is a means to an end, not an end in itself.
- Internal control is affected by people. It’s not merely policy, manuals, and forms, but people at every level of an organization.
- Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
- Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.
The COSO framework defines internal control as a process, affected by an entity’s board of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations.