COSO History and 2013 COSO Framework
COSO was established in 1985 to enhance organizational performance and governance through effective internal controls, risk management, and fraud deterrence, evolving significantly through its frameworks and guidelines.
Founding and Purpose
Establishment: COSO was formed in 1985 as a private-sector initiative to address the increasing incidence of fraudulent financial reporting. It was sponsored by five major professional associations: the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), the Institute of Internal Auditors (IIA), and the Institute of Management Accountants (IMA).
Treadway Commission: The initiative was initially known as the National Commission on Fraudulent Financial Reporting, commonly referred to as the Treadway Commission, named after its first chairman, James C. Treadway, Jr. The Commission aimed to investigate the causes of fraudulent financial reporting and develop recommendations for improving financial reporting practices.
Key Developments
1992 Framework: In 1992, COSO published the "Internal Control – Integrated Framework," which provided a comprehensive model for organizations to evaluate and improve their internal control systems. This framework became a standard for internal control practices in the United States and globally.
2013 Update: Recognizing the need for updates due to changes in technology and business practices, COSO re-released the Integrated Framework in 2013. This version introduced 17 principles that organizations should follow to establish effective internal controls, enhancing the original five components of the framework.
Impact and Evolution
Response to Corporate Scandals: The framework gained prominence following major corporate scandals in the late 1990s and early 2000s, such as Enron and WorldCom, which highlighted deficiencies in corporate governance and internal controls. These events led to the enactment of the Sarbanes-Oxley Act (SOX) in 2002, mandating stricter internal control requirements for public companies.
Ongoing Relevance: COSO continues to evolve, providing guidance on emerging risks and trends, including sustainability reporting and environmental, social, and governance (ESG) factors. Its frameworks remain widely used by organizations to ensure effective governance and risk management practices.
In summary, COSO has played a crucial role in shaping internal control and risk management practices since its inception, adapting to the changing landscape of corporate governance and financial reporting. Its frameworks are essential tools for organizations seeking to enhance their internal controls and mitigate risks effectively.
Specific principles for developing and maintaining effective internal controls are listed in Internal Control — Integrated Framework. Originally released in 1992 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and updated in 2013, the framework lists the following 17 principles that explicitly describe the elements of an effective system of internal controls:
Depending on a company’s facts and circumstances, implementing or making the transition to the framework can take time, so it’s a good idea to begin the process as soon as possible. Companies should begin by familiarizing themselves with the 17 principles and other COSO guidelines. Then, companies can evaluate the current state of their internal control system and develop a plan for correcting any weaknesses.
