Search Results

Governance Other Guidance Documents Corporate Governance: Guiding Principles for Board Oversight (2026) See More Improving Organizational Performance and Governance (2014) See More Enhancing Board Oversight (2012) See More

Guidance Fraud Deterrence Guide Summary Enterprise Risk Management Guide Summary ERM Guidance Documents ALTERNATIVE DATA: THE COSO PERSPECTIVE (2024) PDF File (PORTUGUESE) REALIZE THE FULL POTENTIAL OF ARTIFICIAL INTELLIGENCE (2021) PDF File ENABLING ORGANIZATIONAL AGILITY IN AN AGE OF SPEED AND DISRUPTION (2022) PDF File ENTERPRISE RISK MANAGEMENT FOR CLOUD COMPUTING (2021) PDF File REALIZE THE FULL POTENTIAL OF ARTIFICIAL INTELLIGENCE (2021) PDF File (JAPANESE) ENTERPRISE RISK MANAGEMENT FOR CLOUD COMPUTING (2021) PDF File (JAPANESE) REALIZE THE FULL POTENTIAL OF ARTIFICIAL INTELLIGENCE (2021) PDF File RISK APPETITECRITICAL TO SUCCESS (2020) PDF File 1 2 3 4 1 ... 1 2 3 4 ... 4 Internal Control Summary Guide Achieving Effective Internal Control Over Generative AI (2026) PDF File ACHIEVING EFFECTIVE INTERNAL CONTROL OVER ROBOTIC PROCESS AUTOMATION (2024) PDF File ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING (ICSR) PDF File (SPANISH) COSO ICSR PDF File 1 2 3 4 1 ... 1 2 3 4 ... 4 The publication may be purchased from: Governance Corporate Governance: Guiding Principles for Board Oversight (2026) PDF File Improving Organizational Performance and Governance (2014) PDF File Enhancing Board Oversight (2012) PDF File

Corporate Governance - Guiding Principles for Board Oversight COSO Releases New Board Oversight Guidance Developed with PwC Twelve guiding principles offer boards a practical tool for oversight, accountability, and long‑term value creation NEW YORK, March 31, 2026 – The Committee of Sponsoring Organizations of the Treadway Commission (COSO), today announced the release of its Corporate Governance: Guiding Principles for Board Oversight, developed in collaboration with PwC. The new publication provides boards with a clear, board-level set of guiding principles and practical illustrations to help them assess whether their governance model remains fit for purpose as organizations confront accelerating change, heightened stakeholder scrutiny, and increasingly complex risk environments. Publication Press Release

New (ICSR) Supplemental Guidance COSO Releases New “Achieving Effective Internal Control Over Sustainability Reporting” (ICSR) Supplemental Guidance Builds Trust and Confidence in ESG/Sustainability Reporting and Decision-Making ..see more Press Release ICSR Report The principal authors of this guidance are: Robert Herz , former FASB chair, founding member of the IASB and former SASB Foundation board member; Robert Hirth , Senior Managing Director at Protiviti, former COSO Chair and former vice-chair of the SASB; Douglas Hileman , consultant, ESG specialist, and member of [former] ESG Leadership Knowledge Group; Shari H. Littan , IMA Director, Corporate Reporting Research and Thought Leadership; Brad Monterio , IIA EVP of Member Competency and Learning and member of the IFRS Foundation’s IRCC; and Jeffrey C. Thomson , President and CEO of IMA and former COSO board member/lead director. COSO wishes to thank Chair Emeritus Paul Sobel for his oversight and leadership of this project during his term as Chair. For more information, please contact Cecile Fradkin or Giuseppe Barone .

Managing Cyber Risk Managing Cyber Risk in a Digital Age Even as companies become more digital savvy, they continue to confront new and emerging data risks that pressure financial and reputational vulnerabilities. To help address these challenges, the Committee of Sponsoring Organizations of the Treadway Commission (COSO ), in collaboration with Deloitte Risk & Financial Advisory, is releasing new guidance, “Managing Cyber Risk in a Digital Age.” Written to boards of directors, audit committee members, executive management, and cyber practitioners, the new guidance addresses how companies can apply COSO’s Enterprise Risk Management–Integrating with Strategy and Performance (ERM Framework), one of the most widely recognized and applied risk management frameworks in the world, to protect against cyberattacks. The guidance provides insight into how organizations can leverage the five components and 20 principles of the ERM Framework to identify and manage cyber risks. PDF File News Release

Guidance for Healthcare Providers Guidance for Healthcare Providers Amid heightened scrutiny and ever-increasing complexities in operations and regulation, healthcare organizations face unique challenges related to the design and operation of internal controls. In response, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Crowe LLP and CommonSpirit Health, has published new guidance: “2013 COSO Integrated Framework: An Implementation Guide for the Healthcare Provider Industry.” Healthcare organizations experience issues with system access and integrity, clinical documentation, coding, and billing, all of which may result in potential noncompliance with federal and state regulations – and costly mistakes. The guide introduces healthcare organizations to COSO’s widely used “Internal Control – Integrated Framework,” and provides a roadmap to implementation to help strengthen their overall governance and internal control structures. PDF File Press Release

Achieving Effective Internal Control Over Generative AI COSO Releases Practical Roadmap for Managing Generative AI Risks and Controls New publication translates COSO’s Internal Control–Integrated Framework into practical, audit‑ready guidance for governing GenAI The Committee of Sponsoring Organizations of the Treadway Commission (COSO), today released a new publication, Achieving Effective Internal Control Over Generative AI (GenAI) , offering organizations a practical, COSO‑aligned approach to managing the risks and opportunities introduced by rapidly advancing generative AI technologies. Generative AI is moving into boardrooms and day‑to‑day operations far faster than traditional governance models anticipated. Organizations are already using AI‑enabled tools to automate reconciliations, accelerate analysis, and support decision‑making at a scale that compresses timelines and reshapes workflows. Such rapid adoption brings a new class of risks — from heightened cyber exposure and prompt‑based manipulation to opaque reasoning, model drift, and frequent configuration changes — that can jeopardize the integrity of operations, reporting, and compliance if not addressed with robust internal controls. Publication Press Release

Board of Directors The COSO Board is made up of representatives from each of the five sponsoring organizations, plus a chair who is elected by the five sponsoring organizations' board representatives. COSO Board Lucia Wind More Info COSO Board Chair Jennifer Burns More Info AICPA Represent ative Benito Ybarra More Info IIA Representative Douglas F. Prawitt More Info COSO Lead Director Jason Pikoos More Info FEI Represent ative Larry R. White More Info IMA Represent ative COSO Fellow Crisha Carlos More Info

Guidance Internal Control - Integrated Framework Effective internal controls are good for business. This is perhaps an interesting way to introduce the purpose of this thought paper, but, as its authors, our collective knowledge is very straightforward in this regard. Internal controls have value beyond compliance and external financial reporting. Effective internal controls can help an organization articulate its purpose, set its objectives and strategy, and grow on a sustained basis with confidence and integrity in all types of information. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework, originally issued in 1992 and refreshed in 2013 (ICIF-2013 or Framework), was developed as guidance to help improve confidence in all types of data and information. In 2023 COSO issued supplemental guidance for organizations to achieve effective internal control over sustainability reporting (ICSR), using the globally recognized COSO Internal Control-Integrated Framework (ICIF). See More ICSR Report Internal Controls Documents Achieving Effective Internal Control Over Generative AI (2026) PDF ACHIEVING EFFECTIVE INTERNAL CONTROL OVER ROBOTIC PROCESS AUTOMATION (2024) PDF ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING (ICSR) PDF (SPANISH) COSO ICSR PDF 1 2 3 4 1 ... 1 2 3 4 ... 4

Artificial Intelligence Realize the Full Potential of Artificial Intelligence Recognizing the accelerating need to identify and manage the risks of Artificial Intelligence (AI) effectively, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Deloitte, has issued “Realize the Full Potential of Artificial Intelligence.” This new guidance leverages the principles from COSO’s Enterprise Risk Management (ERM) – Integrating with Strategy and Performance Framework (2017), and serves as a guide to help organizations align risk management with strategy and execution of their AI initiatives. The project, commissioned by COSO and co-authored by Deloitte, focuses on the need for organizations to design and implement governance, risk management, and oversight strategies and structures to realize the potential of humans collaborating with AI. Executive Summary News Release

ERM for Cloud Computing Enterprise Risk Management for Cloud Computing Addressing the demands for remote and flexible work arrangements as a result of the pandemic, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Crowe LLP, issues “Enterprise Risk Management for Cloud Computing.” This new guidance provides a roadmap for establishing cloud computing governance leveraging the principles of COSO’s Enterprise Risk Management (ERM) – Integrating with Strategy and Performance framework (2017). The project was commissioned by COSO and co-authored by Mike Grob, Principal, and Victoria Cheng, Managing Director, in Crowe LLP’s Consulting Services. PDF File Press Release

Blockchain and Internal Control Blockchain and Internal Control: The COSO Perspective COSO releases a new paper, sponsored by Deloitte, providing perspectives for using the COSO Internal Control – Integrated Framework (2013) to evaluate risks related to the use of blockchain in the context of financial reporting and to design and implement controls to address such risks. It is intended to help inform decisions regarding oversight, risks, and internal control over financial reporting (ICFR) in a blockchain environment. Executive Summary News Release