COSO - Internal Control – Integrated Framework: 2013 (Framework)
PwC under the direction of the COSO Board
Issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the 2013 Internal Control–Integrated Framework (Framework) is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework in 1992. The new Framework retains the core definition of internal control and the five components of internal control, and it continues to emphasize the importance of management judgment in designing, implementing, and conducting a system of internal control, and in assessing its effectiveness. It broadens the application of internal control in addressing operations and reporting objectives, and clarifies the requirements for determining what constitutes effective internal control. The Framework is comprised of three volumes including the following:
Executive Summary – This provides a high-level overview intended for the board of directors, chief executive officer, and other senior management. The Executive Summary:
- Lays out the definition, and limitations, of internal control, and the requirements for an effective system of internal control, including a description of the roles of components and principles.
- Highlights several important enhancements and clarifications that are intended to ease use and application of the Framework.
Framework and Appendices – The Framework and Appendices sets forth the five components and seventeen principles of an effective system of internal control, illustrates many approaches and examples relating to entity objectives, and provides direction for all levels of management to use in designing, implementing and conducting a system of internal control, and in assessing its effectiveness. The Framework assists management, boards of directors, external stakeholders, and others interacting with the entity in their respective duties regarding an entity's system of internal control without being overly prescriptive. The Appendices provide additional reference material, including:
- A glossary of key terminology, a discussion of roles and responsibilities of both responsible and external parties,
- A discussion of the methodology used for revising the Framework,
- A discussion of comment letters received during the public exposures of the proposed drafts of the Framework,
- A summary of changes to the COSO Internal Control-Integrated Framework (1992), and
- A comparison with the COSO Enterprise Risk Management-Integrated Framework.
Illustrative Tools for Assessing a System of Internal Control (Tools) – The Tools provide illustrative templates and scenarios that may be useful in applying the Framework. It can help management in assessing whether a system of internal control meets the requirements for effective internal control.The scenarios illustrate several practical examples of how the templates can be used to support an assessment of effectiveness of a system of internal control. The templates and scenarios focus on evaluating components and relevant principles, not the underlying controls (e.g., transaction level control activities) that affect the relevant principles.