Guidance on Internal Control


Internal Control — Integrated Framework (2013)

The 2013 Framework is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control.

COSO has also issued Illustrative Tools for Assessing Effectiveness of a System of Internal Control and the Internal Control over External Financial Reporting (ICEFR): A Compendium of Approaches and Examples. The Illustrative Tools are expected to assist users when assessing whether a system of internal control meets the requirements set forth in the updated Framework. The ICEFR Compendium is particularly relevant to those who prepare financial statements for external purposes based upon requirements set forth in the updated Framework.

Related article "The 2013 COSO Framework & SOX Compliance: One Approach to an Effective Transition" (article)
To read click here.

Download Executive Summary
Download poster of Internal Control – Integrated Framework Principles
Read FAQs
Download PowerPoint Slides

For individual print or eBook.

Internal Control - Integrated Framework: Executive Summary, Framework and Appendices, and Illustrative Tools for Assessing Effectiveness of a System of Internal Control (3 volume set)

Internal Control - Integrated Framework, Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples

Internal Control - Integrated Framework and Compendium Bundle

For multi-user licensing, please contact

For requests to reprint or use portions of the Internal Control – Framework, please complete the COSO Copyright Permission Request Form and return to



Internal Control — Integrated Framework (1992)

Produced after the release of the Treadway Commission’s recommendations, this document provides principles-based guidance for designing and implementing effective internal controls. COSO developed the framework in response to senior executives’ need for effective ways to better control their enterprises and to help ensure that organizational objectives related to operations, reporting, and compliance are achieved. This framework has become the most widely used internal control framework in the U.S. and has been adapted or adopted by numerous countries and businesses around the world. On December 15, 2014 this framework was superseded by the 2013 Internal Control - Integrated Framework.


Guidance on Monitoring Internal Control Systems (2009)

Effective monitoring of internal control is one of the five components of effective internal control delineated in COSO's Internal Control - Integrated Framework. COSO has developed detailed interpretative guidance that will help organizations monitor the quality of their internal control systems.


Internal Control over Financial Reporting — Guidance for Smaller Public Companies (2006)

This document contains guidance targeted towards smaller public companies, to help them apply concepts in the 1992 Internal Control – Integrated Framework. The guidance demonstrates the applicability of those concepts to help smaller public companies design and implement internal controls to support the achievement of financial reporting objectives. It highlights 20 key principles of the 1992 framework, providing a principles-based approach to internal control. While targeted toward smaller public companies, the 2006 guidance applies to entities of all sizes and types. On December 15, 2014 this guidance was superseded by the 2013 Internal Control - Integrated Framework, Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples.


Internal Control Issues in Derivatives Usage (1996)

This guidance was issued in response to derivatives-related problems in recent years, many of which resulted from misunderstanding their risks and their use for risk management purposes. The document provided best-practice guidance for the development of internal controls related to derivative activities. This document was discontinued on December 15, 2014.


Internal Control Thought Papers

Leveraging COSO Across the Three Lines of Defense

In this paper, authors Douglas J. Anderson and Gina Eubanks make a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.

Read Press Release
Read Thought Leadership

Transition to 2013 Internal Control — Integrated Framework for Sarbanes-Oxley Section 404 Compliance

COSO has issued an article aimed at assisting public companies comply with Section 404 of the U.S. Sarbanes-Oxley Act of 2002. The article outlines an example of one approach to transitioning to COSO’s 2013 Internal Control–Integrated Framework (Framework) from the original framework published in 1992.

Read Press Release
Read Article