COSO, which officially stands for the "Committee of Sponsoring Organizations of the Treadway Commission" develops frameworks and guidance relating to risk management on an enterprise level. COSO was formed in 1985 and is now considered a "joint initiative" (according to www.coso.org) with the following five (5) institutions:
- The American Institute of Certified Public Accountants (AICPA)
- American Accounting Association (AAA)
- Financial Executives International (FEI)
- Institute of Internal Auditors (IIA)
- The Association of Accountants and Financial Professionals in Business (IMA)
The core platform of COSO has always been that of "internal controls", for which COSO deems the following:
- Internal control is a process. It is a means to an end, not an end in itself.
- Internal control is also affected by people, thus it's much more than just policy, procedures, manuals, and forms, but also the people at every level of within an entity.
- Internal control provides "reasonable" assurance, not "absolute" assurance, to an entity’s management and board.
- Internal control is generally geared towards that of the achievement of stated objectives in one or more separate, but overlapping areas and categories.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
COSO and the Elements of Internal Control
The hallmark publication for which COSO became quite known for was their issuance of "Internal Control | Integrated Framework", a framework that's also commonly known as the "Five Elements of Internal Controls" consisting of the following:
Control Environment: This effectively sets the tone of the organization, thus its commonly known as the "Tone at the Top". It's best to look at "Control Environment" as the single most foundational element that illustrates management style, philosophy, ethics, integrity, competency, etc. Without an effective "Tone at the Top", organizations cannot fulfill their respective roles, responsibilities, and requirements for effective day-to-day operations, ultimately compromising the core tenants of internal control.
- Risk Assessment
- Control Activities
- Information and Communication
COSO also provides a number of white papers, "guidance" documents, along with numerous publications which are for sale on their websites. Visit www.coso.org to learn more about The Committee of Sponsoring Organizations of the Treadway Commission.
Information Security Policies | Critical for COSO Adherence | Download
The Global Information Security Compliance Packet (GISCP) provided by Flat Iron Technologies, LLC greatly assists organizations seeking to implement and adopt many of the provisions set forth by COSO.