The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was originally formed to enable the National Commission on Fraudulent Financial Reporting. It was founded by five major professional associations, The American Accounting Organization (AAA), American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), Institute of Internal Auditors (IIA), and Institute of Management Accountants (IMA) Organizations seeking to scale find that the COSO framework offers an approach to enterprise risk management (ERM) sensitive to variability from one organization to the next.

The COSO framework provides an applied risk management approach to internal controls. Applicable to both external financial reporting and internal control activities, the COSO framework focuses on the interrelationships between stakeholders and processes.

The internal control-integrated framework focuses on five components. According to COSO, an effective system of internal control has five integrated components working together to support the achievement of an organization’s mission, strategies, and related business objectives. The Board of Directors acts as the starting point for all risk oversight, ultimately responsible for reviewing risk tolerance levels and creating a culture focused on minimizing risk in daily operations. The COSO internal control framework focuses on establishing a risk assessment that starts with business objectives then implements plans based on risk appetite. After defining risk impacts, the company must prioritize risks and report the processes. However, COSO recognizes that risks can change, so it requires continuous monitoring to provide reasonable assurance that the control environment adequately protects against risks which may lead the organization to revise the control environment. Finally, the COSO framework promotes information, communication, and reporting between internal and external stakeholders.

How to Build a
Risk Management Plan