September 28, 2017

By Mike Nurse, CPA, CFE, CGMA

COSO Series Articles Part 1 of 6: The following article is the first part of a six-part series to explore the high-level basics of the COSO[1] Integrated Internal Control Framework. The following provides an overview of the Framework itself.

If you are a manager, director or business owner, you know the importance of a solid mission statement. You also know the importance of maintaining a clear view of your organization’s goals and objectives.

Your specific objectives may be financially focused, customer-service focused, philanthropically focused, any unique combination of the above focuses, or any other goal set out by your organization.

However, setting your goals is very different from achieving them; expected and unexpected challenges will ultimately impede your progress.

As business challenges come in all shapes and sizes, it’s critical that you know how deal with them effectively. Even more important than this knowledge, however,  is the ability to maintain a reasonable assurance that your goals are still being met, despite setbacks.

What is the COSO Integrated Internal Control Framework?

This is where the COSO Integrated Internal Control Framework (“Framework”) comes into play. The Framework is a universal tool for evaluating and improving your business. Through its application, your organization will be able to discern how to reduce risk and increase so your organization assurance can meet its objectives.

The Integrated Internal Control Framework defines internal control as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.”

In other words, internal control helps an entity to reach its objectives. The Framework provides a structure to develop a system that works for your business.

At the Framework’s root is its ability to touch all aspects of your organization. It then provides guidance regarding the areas of your organization that could benefit from an over-arching system of internal control. You can then use this system to affect change and achieve results.

How Does the Framework Operate?

The Framework can be represented by imagining a three-dimensional cube where the length, width, and depth of the cube represents:

  1. Your entity’s “objectives,” or what it strives to achieve. This includes operations, reporting, and compliance.
  2. Your entity’s “components,” or what it requires to achieve its objectives, including:
    1. Control Environment
    2. Risk Assessment
    3. Control Activities
    4. Information and Communication
    5. Monitoring Activities
  3. The unique entity structure, including divisions, operating units, and functions. The below graphic provides an example of how the Framework might analyze your entity’s structure:

As you can see, the “cube” sets out a multi-dimensional pathway to help you evaluate the different areas of your business, and further assist in developing a unique control system.

What’s Next?

In the next article, we will explore the first component of the Framework, the Control Environment.  In the meantime, we encourage you to explore and learn more about COSO on their website.


Please contact Clark Nuber’s Mike Nurse at if you have any questions about this post.

[1] COSO which is an acronym for Committee of Sponsoring Organizations of the Treadway Commission, was formed in 1992 as a joint initiative of five organizations, including the American Institute of CPA’s and the Institute of Internal Auditors, among others.  Since that time, the committee has been developing and refining frameworks and guidance around enterprise risk management, internal control and fraud deterrence, with the most recent revisions of the Internal Control – Integrated Framework model in 2013.

Mike Nurse is a manager in the Accounting and Consulting Group at Clark Nuber PS.

© Clark Nuber PS and Focus on Fraud, 2017. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.

This article contains general information only and should not be construed as accounting, business, financial, investment, legal, tax, or other professional advice or services. Before making any decision or taking any action, you should engage a qualified professional advisor.