What is COSO Compliance?
The Committee of Sponsoring Organizations (COSO) is a group that publishes various risk management frameworks, including its widely used framework for internal business controls.
That framework helps organizations to assure that their financial statements are accurate, that assets and stakeholders are protected from fraud, and that their operations are running optimally. Its guidelines are applicable across the entire organization, from auditing to IT.
COSO publishes other risk management frameworks as well; we are focusing here specifically on its internal control framework, last updated in 2013. That framework was originally created by five private sector organizations, including:
- The American Institute of Certified Public Accountants (AICPA)
- The National Association of Accountants (now the Institute of Management Accountants (IMA)
- The American Accounting Association (AAA)
- The Institute of Internal Auditors (IIA)
- Financial Executives International (FEI)
COSO’s internal control framework is the most widely used framework for internal controls in the United States. It helps businesses to demonstrate their compliance with laws and regulations such as Sarbanes-Oxley Act (SOX) and the Foreign Corrupt Practices Act (FCPA).
While the COSO internal control framework is voluntary, its guidelines can help to empower your organization with the security infrastructure necessary to prevent fraud, theft, reputational loss, or regulatory enforcement over poor controls.