Guidance on Internal Control

​​​​​​​Internal Cont​​rol Guidance​

​​​Internal Control — Integrat​​​​​​​​ed F​r​​amework (2013)

​The 2013 Framework is expected to help​​ organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control.

COSO has also issued Illustrative Tools for Assessing Effectiveness of a System of Internal Control and the Internal Control over External Financial Reporting (ICEFR): A Compendium of Approaches and Examples. The Illustrative Tools are expected to assist users when assessing whether a system of internal control meets the requirements set forth in the updated Framework. The ICEFR Compendium is particularly relevant to those who prepare financial statements for external purposes based upon requirements set forth in the updated Framework.

The 2013 COSO Framework & SOX Compliance: One Approach to an Effective Transition​
Executive Summary
Poster of Internal Control – Int​egrated Framework Principles
PowerPoint Slides

Purchase Guid​​ance

For individual print or eBook:​

Internal Control — Integrated Framework: Executive Summary, Framework and Appendices, and Illustrative Tools for Assessing Effectiveness of a System of Internal Control (3 volume set)

Internal Control — Integrated Framework, Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples

Internal Control — In​​tegrated F​​r​​​amework and Compendium Bundle

The COSO Internal Control Certificate Program​​

For multi-user licensing, please contact

Reprint or Permission to Use
For requests to reprint or use portions of the Internal Control —​ Integrated Framework, please complete the Copyri​ght Permi​ssion Request Form and return it to

Acceptable Use​ of COSO Materials​​​​

Copyright Permission Request Form

Internal Control — I​​ntegrat​ed Framework (1992)

Produced after the release of the Treadway Commission’s recommendations, this document provides principles-based guidance for designing and implementing effective internal controls. COSO developed the framework in response to senior executives’ need for effective ways to better control their enterprises and to help ensure that organizational objectives related to operations, reporting, and compliance are achieved. This framework has become the most widely used internal control framework in the U.S. and has been adapted or adopted by numerous countries and businesses around the world. On December 15, 2014 this framework was superseded by the 2013 Internal Control — Integrated Framework.

​Guidance on Monitoring Internal Contro​​l Systems (2009)

Effective monitoring of internal control is one of the five components of effective internal control delineated in COSO's Internal Control — Integrated Framework. COSO has developed detailed interpretative guidance that will help organizations monitor the quality of their internal control systems. Learn more about guidance on monitoring​.

Internal Control over Financial Reporting — Guidance for Smaller Public Companies (20​​06)

This document contains guidance targeted towards smaller public companies, to help them apply concepts in the 1992 Internal Control — Integrated Framework. The guidance demonstrates the applicability of those concepts to help smaller public companies design and implement internal controls to support the achievement of financial reporting objectives. It highlights 20 key principles of the 1992 framework, providing a principles-based approach to internal control. While targeted toward smaller public companies, the 2006 guidance applies to entities of all sizes and types. On December 15, 2014, this guidance was superseded by the 2013 Internal Control — Integrated Framework, Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples.

Internal Control Issues in Derivativ​​es Usage (1996)

This guidance was issued in response to derivatives-related problems in recent years, many of which resulted from misunderstanding their risks and their use for risk management purposes. The document provided best-practice guidance for the development of internal controls related to derivative activities. This document was discontinued on December 15, 2014.

Internal Control Implementation Guidance

Blockchain and Internal Control: The COSO Perspective (2020)

As blockchain becomes mainstream, it is appropriate to focus on how this technology intersects with an entity’s internal control. With careful implementation and integration, the distinctive capabilities of blockchain can be leveraged to create more robust controls for organizations. Blockchain-enhanced tools also have the potential to promote operational efficiency and effectiveness, improve reliability and responsiveness of financial and other reporting, and elevate compliance with laws and regulations. But blockchain also creates new risks and the need for new controls. This guidance provides perspectives for using Internal Control — Integrated Framework (2013) to evaluate risks related to the use of blockchain in the context of financial reporting and to design and implement controls to address such risks. It is intended to help inform decisions regarding oversight, risks, and internal control over financial reporting (ICFR). The paper also should be of value to the various stakeholders involved in financial reporting, within the context of their own environments.

Implementation Guide for the Healthcare Provider Industry (2019)

Amid heightened scrutiny and ever-increasing complexities in operations and regulation, healthcare organizations face unique challenges related to the design and operation of internal controls. In response, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Crowe LLP and CommonSpirit Health, has published new guidance: “2013 COSO Integrated Framework: An Implementation Guide for the Healthcare Provider Industry.” Healthcare organizations experience issues with system access and integrity, clinical documentation, coding, and billing, all of which may result in potential noncompliance with federal and state regulations – and costly mistakes. The guide introduces healthcare organizations to COSO’s widely used “Internal Control – Integrated Framework,” and provides a roadmap to implementation to help strengthen their overall governance and internal control structures.

News Release

Internal Control Th​​ou​​​​​gh​​​​​t Papers

Leveraging COSO Acro​​ss the Three Lines of Defense

In this paper, authors Douglas J. Anderson and Gina Eubanks make a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.

News Rele​ase

The 2013 COSO Framework & SOX Compliance: One Approach to an Effective Transition (2013)​

COSO has issued an article aimed at assisting public companies comply with Section 404 of the U.S. Sarbanes-Oxley Act of 2002. The article outlines an example of one approach to transitioning to COSO’s 2013 Internal Control — Integrate​d Framework from the original framework published in 1992.​

News Release