Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Internal Controls

What are internal controls?

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a report called The Internal Control Integrated Framework, also known simply as the COSO Report, or as the COSO Framework. It has become a widely accepted definition of internal control as: “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

What is the COSO Framework for internal controls?

The COSO framework for internal controls was originally published in the 1992 COSO Report, but has since been updated. According to the 2013 version of the COSO report, internal controls are defined by 17 guiding principles broken down into five categories: 

  • Control environment
    • Commitment to integrity and ethics
    • Oversight responsibility
    • Establishing structure, authority and responsibility
    • Commitment to competence
    • Enforcement of accountability
  • Risk assessment
    • Specification of objectives
    • Risk identification and analysis
    • Fraud risk assessment
    • Identification and analysis of significant change
  • Control activities
    • Selection and development of risk mitigation activities
    • Selection and development of general technology controls
    • Deployment of controls-based policies and procedures
  • Information and communication
    • Use of relevant, important information
    • Internal communications
    • External communicaitons
  • Monitoring
    • Ongoing or separate evaluations of processes
    • Evaluation and communication of known deficiencies in program

What is an internal control framework? 

A control framework is an organization’s individual implementation of its own sense of internal control, most often guided by the general principles and procedures laid out by the COSO Framework.

How do internal controls pay a part in accounting? 

In accounting, internal controls often focus on seven operational principles identified as being conducive to best practices in accounting:

  • Separation of duties of bookkeeping, deposits, reporting, and auditing
  • Access controls to different parts of the accounting system to prevent any unauthorized access to it and its data
  • Physical audits of cash and assets
  • Documentation used for financial transactions, inventory receipts and expenses
  • Trial balances to test the accuracy and balancing of financial books
  • Reconciliations to ensure that accounting balances match up with balances held by external entities, such as banks and suppliers
  • Approval authority to prove that transactions have been adequately reviewed and approved at all levels
News Article

Study: Blowing the whistle won’t harm the bottom line

Neil Hodge | January 10, 2019

A new study from NAVEX Global reveals whistleblower hotlines don’t often prove detrimental to business outcomes.

Accounting & Auditing Update Blog

PCAOB report gives Deloitte its lowest deficiency rate

Tammy Whitehouse | January 8, 2019

Deloitte & Touche’s recently published 2017 audit inspection report reflects the lowest deficiency rate the firm has ever earned.


When the customer’s not right

Tom Fox | January 2, 2019

The Petrobras, Stryker, and Polycom enforcement actions serve as a lesson to compliance officers on how to guard against customer bribery schemes.

Accounting & Auditing Update Blog

SEC plans focus on internal controls at year-end

Tammy Whitehouse | December 27, 2018

Given big changes companies are undertaking in their accounting processes, staff at the SEC plan to pay special attention to internal controls.

Enforcement Action Blog

How Hain Celestial improved its revenue recognition practices

Jaclyn Jaeger | December 18, 2018

The Hain Celestial Group recently settled charges with the Securities and Exchange Commission resulting from weaknesses in its internal controls. Why the food company was not assessed a monetary penalty is where the compliance lessons lie.

Accounting & Auditing Update Blog

PCAOB plans continued focus on review controls in 2019

Tammy Whitehouse | December 12, 2018

The PCAOB saw some improvement in the audit of management review controls during its 2018 inspections, but it’s still an area of focus into 2019.

Accounting & Auditing Update Blog

New GAAP rules drive audit fee increases, poll says

Tammy Whitehouse | December 11, 2018

New accounting standards and M&A activity are driving modest increases in audit fees for public companies, according to a new FERF survey.

News Article

Cigna, Wells Fargo describe journey to high-tech ICFR

Tammy Whitehouse | November 27, 2018

Technology is permeating internal control over financial reporting, and one of its pioneers says the transition is possible even without a tech background.

News Article

Earliest revenue restatements fix adoption problems

Tammy Whitehouse | November 6, 2018

While most public companies have yet to complete a full year of reporting under new revenue recognition rules, some are already finding reasons to restate.

News Article

Where and how to start your culture conversations

Amii Barnard-Bahn | October 22, 2018

In the “Ask Amii” monthly mailbag, executive coach and former Chief Compliance Officer Amii Barnard-Bahn responds to your anonymous questions on building a culture of compliance, motivating underperforming employees, third-party risk management, and more.