internal controls; COSO; COSO FAQ

The Updated COSO Internal Control Framework: Frequently Asked Questions (3rd Edition)



The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on internal control, enterprise risk management (ERM) and fraud deterrence –released its long-awaited updated Internal Control – Integrated Framework (New Framework) in May of 2013.


The New Framework issued by COSO is an important development, as it facilitates efforts by organizations to develop cost-effective systems of internal control to achieve important business objectives and sustain and improve performance. It also supports organizations as they adapt to the increasing complexity and pace of a changing business environment, manage risks to acceptable levels and improve the reliability of information for decision-making.

Companies using the 1992 framework for Sarbanes-Oxley compliance and other purposes should familiarize themselves with the New Framework and companion materials, determine their transition plan, and communicate to the appropriate stakeholders the release of the New Framework and its implications to the organization. It is hoped that this guide will help them as they execute their transition plans.

This third edition of our guide addresses various questions regarding the New Framework from COSO, including the reasons why it was updated; what has changed; the process for transitioning to its use; and steps companies should take now. It has been enhanced with 16 new questions and updates to existing answers that have arisen since publication of the second edition, particularly from discussions with clients and webinars we have conducted.

Supplemental Reading:

The Updated COSO Internal Control Framework: FAQ 2nd Edition
COSO 2013: Implications for IT Controls
COSO 2013: What’s New, What’s Changed, Why Does It Matter and Other FAQs
Supplemental Questions fro​m our Webinar - October 30, 2013