Welcome to COSO

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​The Committee of Sponsoring Organizations of the Treadway Commission COSO) is a joint initiative of the five private sector organizations listed on the left and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. We hope you will find the information on this site to be helpful and we welcome your input.​​

2017 ERM Framework Update​​

Enterprise Risk Management—Integrating with Strategy and Performance (2017)The 2017 update to the Enter​prise Risk Management — Integrated Framework​ addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, Enterprise Risk Management — Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance. For more information or to purchase the updated Framework, c​lick here.

How to Purchase

University Professor/Student Discounts

For information on discounts available to qualified university professors and their students, please contact Joanna Dabrowska at jdabrow1@depaul.edu.

Acceptable Use of COSO Mat​​​​​erials

Copyright Permission Request Form​

What's N​​ew

February 20, 2019

COSO Issues Guidance for Healthcare Providers

Amid heightened scrutiny and ever-increasing complexities in operations and regulation, healthcare organizations face unique challenges related to the design and operation of internal controls. In response, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Crowe LLP and CommonSpirit Health, has published new guidance: “2013 COSO Integrated Framework: An Implementation Guide for the Healthcare Provider Industry.” Healthcare organizations experience issues with system access and integrity, clinical documentation, coding, and billing, all of which may result in potential noncompliance with federal and state regulations – and costly mistakes. The guide introduces healthcare organizations to COSO’s widely used “Internal Control – Integrated Framework,” and provides a roadmap to implementation to help strengthen their overall governance and internal control structures. The Framework is recognized as the leading guidance for designing, implementing, and conducting internal control and assessing its effectiveness.

News Release

Implementation Guide for the Healthcare Provider Industry (2019)


October 23, 2​018

COSO Announces Guidance Addressing Environmental, Social and Governance-related Risks

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the World Business Council for Sustainable Development (WBCSD) released today the final version of “Guidance for Applying Enterprise Risk Management (ERM) to Environmental, Social and Governance (ESG)-related Risks.” This guidance, which aligns with COSO’s widely accepted Enterprise Risk Management — Integrating with Strategy and Performance, is intended to bring ESG risks and opportunities into a clearer focus for mainstream business and other organizations around the world. It is designed to enhance organizations’ resiliency as they confront the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls.

News Release​​

Executive Sum​mary

Guida​nce


June 11, 2​018

COSO Releases ERM Compendium of Examples

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today announced the release of an important supplement to Enterprise Risk Management – Integrating with Strategy and Performance, with detailed examples for applying principles from the updated ERM Framework to day-to-day practices.

Authored by PwC under the direction of the COSO Board, the new Compendium of Examples recognizes the connection between concepts and applications of ERM. Each illustration in the compendium was developed from industry practices identified through extensive research, including interviews and case studies.

News Release​​

COSO Enterprise Risk Management - Integrating with Strategy and Performance: Compendium of Examples​​


​May 24, 2018

COSO Sponsors Launch ERM Certificate Program

COSO announces the COSO Enterprise Risk Management Certificate. The program offers strategy, finance, accounting, auditing, risk management and other business professionals the opportunity to earn a certificate in the COSO ERM Framework.

The COSO ERM Certificate is geared toward professionals who play a risk management role in entities of any size, consultants who provide advisory services related to enterprise risk management, and board members who provide oversight of enterprise risk management.

The course is offered only through COSO’s five sponsoring organizations: American Accounting Association (AAA), American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), IMA (Institute of Management Accountants), and The Institute of Internal Auditors (IIA).

News Release​​
COSO Enterprise Risk ​Management Certificate Program​​

​​​Feb. 7, 2018

COSO, WBCSD Release New Draft Guidance on Environmental, Social and Governance-related Risks

COSO and the World Business Council for Sustainable Development (WBCSD) released at GreenBiz 2018 a draft Guidance for applying Enterprise Risk Management (ERM) to Environmental, Social and Governance (ESG)-related risks. The supplemental draft Guidance is designed to help organizations worldwide respond to the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls. COSO and WBCSD are seeking public comment on the draft Gu​idance and the previously released Executive Summary through June 30, 2018. Comment letters may be provided to risk@wbcsd.org​. A consultation survey also will be available soon through the COSO website.

News Release​
Preliminary Draft Guidance
Preliminary​ Draft Guidance (printable)
Draft Executive Summary
Draft Executive Summary (printable)​


Feb. 1, 2018

Paul J. SobelCOSO Appoints Leading Audit and Risk Management Executive Paul Sobel as Chairman

COSO has named Paul Sobel, Vice President and Chief Audit Executive at Georgia-Pacific LLC, as its new Chairman. His appointment to a three-year term is effective Feb. 1. Sobel, CIA, QIAL, CRMA, is recognized as a leading expert on governance, enterprise risk management, compliance, and internal control. He was selected as Chairman because of his extensive background along with his experience in corporate environments and professional service firms. Sobel succeeds Robert B. Hirth Jr., who served as COSO chairman since 2013.

News Release
Bio​​


Jan. 23, 2018

COSO, WBCSD Release Draft on Environmental, Social and Governance-related Risks

COSO partners with the World Business Council for Sustainable Development (WBCSD) in releasing a draft executive summary about new, cutting-edge guidance, "Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks." The guidance will help organizations worldwide respond to the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls. Details of a public comment period on the draft executive summary and on a draft of the full application guidance will be available in the coming weeks.

News Rel​ease
Executive Summary
Executive Summary (printable)​


Sept. 20, 2017

COSO Seeks New Board Chair​

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is seeking applications for the position of Board Chair. The Chair is responsible for leading COSO in fulfilling its mission of providing thought leadership dealing with enterprise risk management, internal control and fraud deterrence. Candidates may submit​ a letter of interest along with a current resume of qualifications by the position application close date of Oct. 27, 2017.

News Release​​


Sept. 6, 2017

COSO Issues I​mportant Update to ERM Framework

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its highly anticipated ERM Framework: Enterprise Risk Management  Integrating with Strategy and Performance. This new document builds on its predecessor, Enterprise Risk Management — Integrated Framework, one of the most widely recognized and applied risk management frameworks in the world. The updated edition is designed to help organizations create, preserve, and realize value while improving their approach to managing risk.

News Release​​


April 7, 2017

COSO and WBCSD Sign Memorandum of Understanding

Recognizing the benefits of mutual cooperation to their respective members and for business in general, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the World Business Council for Sustainable Development (WBCSD) recently completed a Memorandum of Understanding (MoU) aimed at working together to help businesses identify and prioritize issues related to sustainability and enterprise risk management.​​

News Relea​se​

March 13, 2017​

COSO Updated ERM Framework to be Issued Mid-2017

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is completing its evaluation of public exposure comments regarding an update to the 2004 Enterprise Risk Management — Integrated Framework, one of the most widely recognized and applied risk management frameworks in the world. The exposure draft received more than 40,000 views from individuals and organizations around the world. Those comments have been carefully reviewed by project lead PricewaterhouseCoopers, in collaboration with the COSO board of directors and its advisory council comprising representatives from industry, academia, government agencies and not-for-profit organizations. The updated Framework is expected to be released in mid-2017.​​

News Relea​se​

​December 9, 2016

COSO Internal Control Certificate Program Expands to On-Demand Access

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) announces launch of a self-study, on-demand learning program toward earning the COSO Internal Control Certificate. The program is being offered by The Institute of Internal Auditors (IIA) and the American Institute of CPAs (AICPA). The Institute of Management Accountants (IMA) plans to offer the course in January. The on-demand learning program is geared to internal auditors, accountants, and other financial professionals, allowing candidates to demonstrate expertise in designing, implementing, and monitoring a system of internal control using COSO’s updated 2013 Internal Control — Integrated Framework.​​

News Relea​se​

​October ​​1, 2016

Comment Peri​​od for COSO ERM Framework Update Closed

​COSO has concluded its call for public comment to the proposed update to its ERM Framework: Enterprise Risk Management — Aligning Risk with Strategy and Performance. Written comments submitted to date will become part of the public record and will be av​ailable on the COSO ERM website through Dec. 15, 2016.

News Release
Draft Executive Summary
Exposure Draft
FAQs

​​September​ 29, 2016

​COSO Releases Fraud Risk Management Guide

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) announces the release of the Fraud Risk Management Guide, a new research report that offers a blueprint for helping organizations to establish an overall fraud risk-management program. The Association of Certified Fraud Examiners (ACFE) is a co-sponsor of the project.

News ​Release
Executive Summary

Purchase t​he Guide

​​September 12, 2016

Deadline for Comments to ERM Framework Update Approaches

COSO is continuing a call for public comment to the proposed update for its Enterprise Risk Management Integrated Framework. Unveiled June 14th, Enterprise Risk Management — Aligning Risk with Strategy and Performance is designed to address the evolving needs of all organizations to improve their approach to managing new and existing risks as a way to help create, preserve, sustain and realize value. The comment period will end September 30th.

News Relea​s​e

June 14, ​2016

ERM Framework ​​Update Exposure Period Now Open

​The Committee of Spon​​soring Organizations of the Treadway Commission (COSO) has unveiled an update to its Enterprise Risk Management Integrated Framework and is seeking public comment of the proposal, from June 15 through Sept. 30. The update, Enterprise Risk Management — Aligning Risk wi​th Strategy and Performance, is designed to address the needs of all organizations to improve their approach to managing new and existing risks as a way to help create, preserve, sustain, and realize value.

News R​elease

May 17, 2016

​​​​​Academic Discount ​Offered on COSO Internal Control ​ Integrated Framework

Faculty and students at post-secondary academic institutions now have an option for low-cost, online access to one of the world’s most widely used frameworks for designing and implementing internal control programs, the COSO Internal Control — Integrated Framework (2013).

In a joint initiative, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the American Accounting Association (AAA) are making the framework and associated compendium bundle available for a $250 annual institutional fee. The AAA, one of the COSO’s five sponsoring organizations, will provide direct services to participating accounting and business departments through its Academic Access program.

News Release

December 16, 2​​015

COSO Sponsors Offer New COSO Internal Control Certificate

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today announced an Internal Control Certificate Program that offers financial professionals, including internal auditors and CPAs, the opportunity to earn a professional certificate in the 2013 COSO Internal Control — Integrated Framework.

The program is a combination of self-paced learning and a hands-on workshop, followed by an online examination. Upon successful completion of all three components, candidates will receive an official COSO certificate that demonstrates their ability to design and implement an effective system of internal control utilizing the COSO Internal Control  Integrated Framework.

News Release
Course Lo​cations and Dates

July 7, 2015

COSO Releases Thought Leadership Paper

In Leveraging COSO Across the Three Lines of Defense, authors Douglas J. Anderson and Gina Eubanks make a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.

News Release
Thought Leadership

February 9, 2015

COSO Names Advisory Group for Enterprise Risk Management ​ Integrated Framework Update

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced the appointed group of advisors and observers for the project to review and update the 2004 Enterprise Risk Management — Integrated Framework (Framework). The group is made up of representatives from leading professional service, technological, legal, academic and public organizations.

News Release
Advisory Board Members

January 14, 2015

COSO Releases Thought Leadership Paper

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today announced the release of COSO in the Cyber Age, a thought leadership paper that provides direction on how the Internal Control — Integrated Framework (2013) and the Enterprise Risk Management — Integrated Framework (2004) can help organizations effectively and efficiently evaluate and manage cyber risks.

News Release
Thought Leadership

January 6, 2015

COSO Expands Global Reach

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today announced its 2013 Internal Control — Integrated Framework has been translated into Russian. The Framework is now available in eight languages.

News Release

November 5, 2014

COSO Online Survey Goes Live for Enterprise Risk Management Integrated Framework Update

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today launched an online sur​vey for its current project to review and update the 2004 Enterprise Risk Management – Integrated Framework (Framework). The survey, created by the PricewaterhouseCoopers (PwC) project team, seeks input and feedback from interested parties and is designed to capture views and insights regarding the current Framework and to collect suggestions for improvements.

The Framework, originally published in 2004, is a widely accepted framework used by management to enhance an organization’s ability to manage uncertainty and to consider how much risk to accept as it strives to increase stakeholder value.

Learn More

October 21, 2014

COSO Announces Project to Update Enterprise Risk Management ​ Integrated Framework

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today announced a project to review and update the 2004 Enterprise Risk Management — Integrated Framework (Framework). The Framework, originally published in 2004, is a widely accepted framework used by management to enhance an organization’s ability to manage uncertainty and to consider how much risk to accept as it strives to increase stakeholder value.

Lea​rn More

February 10, 2014

COSO Releases New Thought Leader Paper Demonstrating How Frameworks Improve Organizational Performance and Governance

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced today the release of a new thought paper, Improving Organizational Performance and Governance: How the COSO Frameworks Can Help, developed to illustrate how the enterprise risk management (ERM) and internal control frameworks can contribute to enhancing organizational performance and governance for sustainable success.

News Release
Thought Paper

June 25, 2013

Managing Sustainability Risks the Focus of COSO’s Latest Thought Leadership

In response to today’s highly competitive markets and the growing number of organizations integrating sustainability into their business operations, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Ernst & Young LLP (EY) have published a new thought paper titled Demystifying Sustainability Risk: Integrating the Triple Bottom Line into an Enterprise Risk Management Program. The thought paper leverages COSO’s Enterprise Risk Management — Integrated Framework to offer insight on how organizations can develop interrelated strategies and objectives across the enterprise that create a strong context for risk consideration, and references.

News Release
Thought Paper

June 6, 2013

Article Discusses Transition to 2013 Internal Control — Integrated Framework for Sarbanes-Oxley Section 404 Compliance

COSO has issued an article aimed at assisting public companies comply with Section 404 of the U.S. Sarbanes-Oxley Act of 2002. The article outlines an example of one approach to transitioning to COSO’s 2013 Internal Control — ​Integrated Framework (Framework) from the original Framework published in 1992.

News Release
Article

June 3, 2013

Leading Risk Management and Internal Control Professional Robert Hirth Named New Chairman of COSO

COSO has named Robert B. Hirth Jr. as its new Chairman for a three-year term effective today. A prolific thought leader, renowned risk management and internal control professional, Hirth was selected for this position after a four-month extensive search. Hirth succeeds David L. Landsittel, CPA, who has served as COSO chairman since 2009.

News ​Release
Bob Hirth Bio

May 14, 2013

2013 Internal Control — Integrated Framework Released

COSO has issued the 2013 Internal Control — Integrated Framework (Framework). The Framework published in 1992 is recognized as the leading guidance for designing, implementing and conducting internal control and assessing its effectiveness. The 2013 Framework is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control.

COSO has also issued Illustrative Tools for Assessing Effectiveness of a System of Internal Control and the Internal Control over External Financial Reporting (ICEFR): A Compendium of Approaches and Examples. The Illustrative Tools are expected to assist users when assessing whether a system of internal control meets the requirements set forth in the updated Framework. The ICEFR Compendium is particularly relevant to those who prepare financial statements for external purposes based upon requirements set forth in the updated Framework.

News Release
Executive Summary
FAQs
​PowerPo​int Slides

Purchase Framework and Tools

User Disclaimer

​This website contains general information only, and none of COSO, any of its constituent organizations or any of the authors of the contents provided herein is rendering accounting, business, financial, investment, legal, tax or other professional advice or services in connection with such content. Information contained herein is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Views, opinions or interpretations expressed herein may differ from those of relevant regulators, self-regulatory organizations or other authorities and may reflect laws, regulations or practices that are subject to change over time.

Evaluation of the information contained herein is the sole responsibility of the user. Before making any decision or taking any action that may affect your business with respect to materials provided on this website, you should consult with relevant qualified professional advisors. COSO, its constituent organizations and the authors expressly disclaim any liability for any error, omission or inaccuracy contained herein, any content linked to this website or any loss sustained by any person who relies on materials provided in or linked to this website.

​​
​​​
Top