7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S.

Partners

PCI DSS 4.0 - Are You Ready? Get a Discount on a Readiness Assessment 

Internal Control: 5 Key

Principles of COSO
Framework

Updated on January 7, 2023 by David Dunkelberger

Share this article!      

For optimal performance, please accept cookies.

Customize Accept All

Table of Contents
https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 1/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

5 Main Principles of the COSO Internal Control Integrated Framework  

Improve Organizational Performance and Oversight with the COSO Framework 

Improve Internal Controls with the COSO Framework

COSO Internal Control Integrated Framework & COSO Compliance 

The COSO internal control integrated framework principles outline the characteristics of an
effective system of internal controls designed to assess information security. It is organized as
five components comprised of 17 principles total. 

5 Main Principles of the COSO Internal Control

Integrated Framework  
Any effective internal control system works best with certain components that reflect the overall
mission, strategies and related business objectives. The COSO internal control integrated
framework features five components that support the achievement of those goals in any
company.  

COSO Component COSO Framework Principles

1. Demonstrate commitment to integrity and

Control Environment
ethical values 
Built by setting the basic tone of the
2. Ensure that board exercises oversight
organization, particularly regarding internal
responsibility 
controls, the control environment features
3. Establish structures, reporting lines,
policies, procedures and an overarching
authorities and responsibilities 
discipline, structure and integrity. The control
4. Demonstrate commitment to a competent
environment is so ingrained that variances
workforce 
easily illuminate internal control issues.
5. Hold people accountable 

Risk Assessment 6. Specify appropriate objectives 

For optimal performance, please accept cookies.
Every company around the world faces some 7. Identify and analyze risks 
degree of risk. This component focuses on 8. Evaluate fraud risks 
identifying specific industry risks, as well as
https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 2/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

COSO Component COSO Framework Principles

risks specific to the company itself before 9. Identify and analyze changes that could
trying to analyze and outline potential significantly affect internal controls 
management of risk.

Control Activities
Setting and following solid policies and
procedures−based on risk factors, rules,
regulations and experience−help ensure that
there are appropriate preventive actions and
responses in place for any variation from the
norm.
10. Select and develop control activities that
mitigate risks 
11. Select and develop technology controls 
12. Deploy control activities through policies
and procedures 

13. Use relevant, quality information to

Information and Communication
support the internal control function 
The flow of information, when it comes to
14. Communicate internal control information
internal controls, must flow in every direction,
internally 
ensuring everyone related to a particular
15. Communicate internal control information
sector, or the entire system, stays up-to-date.
externally 

Monitoring
16. Perform ongoing or periodic evaluations of
In addition to regularly scheduled audits and
internal controls (or a combination of the
auditor’s reports, it is important to continually
two) 
monitor internal controls to root out and
17. Communicate internal control
correct inconsistencies and issues right
deficiencies 
away.

Table showing the COSO Framework Principles organized according to the five main
components.

Improve Organizational Performance and Oversight

with the COSO Framework 
For optimal performance, please accept cookies.

Let’s take a look at how these principles can work on a more practical level and how it benefits
your organization. 

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 3/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

Control Environment – Depending on your organization, your control environment includes

your management team and Board of Directors, your HR department and how you work with
employees and even your in-house policies. When your control environment is healthy, your
organization can run more efficiently and with less strife and risk. The right people in the right
roles are critical to success for this important COSO Framework component. 

Risk Assessment and Management – What challenges does your brand face? Depending on
your business model and industry, you could face risks from outside sources, ranging from
cyber attacks and data theft to the loss of proprietary information, formulas and processes.
You could also face significant compliance and regulatory risk; brands in healthcare,
manufacturing, and development all face industry-specific risks. Discovering risks is just the
beginning; this component also includes analysis and solutions and implementing changes
that mitigate risk and prevent losses. 

Control Activities – A robust plan to ensure business continuity in the event of an emergency,
coupled with a proactive approach to security and upgrades ensures your control activities
align with your mission and goals. The better your policies are at outlining your rules and
expectations, the more successful your organization will be when it comes to control
activities. 

Information & Communication – What factors, responsibilities and roles do you outsource,
and how well are these external resources managed. The information you share and the way
you convey it have a huge impact on your ability to properly and effectively outsource
important initiatives and tasks. Evaluating how well you are communicating and how well
your needs are being met ensures your money is being spent wisely and that you are getting
the best possible ROI for your outsourcing investments. 

Monitoring – Establishing the conditions you want to work in and the policies your team
needs to use is an ideal start, but unless you monitor and evaluate your processes you won’t
be able to keep up with the changes. Ongoing monitoring can help discover inefficiencies and
deficiencies and allow you to take action and keep your organization on track. 

Improve Internal Controls with the COSO Framework

For optimal performance, please accept cookies.
The COSO framework gives businesses better, more prescriptive internal controls to reduce risks
and have the information they need to make smarter decisions. Implementing these principles

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 4/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

helps your organization to build and maintain controls that are present, effective, and well-
implemented cfor greater reliability, relevance, and timeliness. This is especially true when it
comes to the emerging demands related to ESG (Environmental, Social, and Governance)
performance and its impact on long-term value.  

When taken as a whole, internal controls based on the COSO framework principles offer a
reasonable level of assurance that the company is conducting its business morally, openly, and
in conformity with accepted industry norms.  

Internal control serves more as a process than an end result in itself. 

Internal control is not only a theory, idea, form, point in a manual, or policy. It is also a
reflection of the people−and certainly affected by the people−using a particular system
regularly. 

Internal control is not an absolute and only offers reasonable assurance to an entity’s
governing body. 

Internal control may cover one or more categories, whether distinctly separate or
overlapping. 

Related article: the Evolution of COSO Compliance Objectives. 

COSO Internal Control Integrated Framework & COSO

Compliance 
Whether your organization consistently maintains strong internal controls, or you have faced
some uncertainties recently, the COSO Internal Control Integrated Framework can help you and
your IT team continue to improve. At I.S. Partners, LLC., the CPA and support staff can help you
understand all the benefits of tightening your internal controls. 

Get a Quote Try our Compliance Checker

For optimal performance, please accept cookies.

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 5/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

About The Author

David Dunkelberger
During his 25-year career, David has successfully delivered
assurance, business advisory and investigative services to the
financial institutions industry, primarily commercial banks and
insurance companies. Additionally, he possesses solid
competencies in risk-based auditing and internal control
evaluation, and has generated significant cost savings for clients
engaged in Sarbanes-Oxley compliance. He has held senior
positions in both public accounting and private industry.

Prior to joining IS Partners, LLC, David managed forensic

investigations at a nationally-recognized accounting firm and
provided fraud detection, forensic investigation and litigation
support services for the FDIC.

David graduated from Temple University in Philadelphia, PA.

RELATED CONTENT

Gain Deeper Insights

For optimal performance, please accept cookies.

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 6/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

Internal Audit

How Do Internal Audits Work?

March 30, 2023

Internal Audit Risk Management

The Evolution of COSO Compliance Objectives 

December 31, 2022

Cloud Security Internal Audit

How Internal Auditing Differs when Applied to Cloud Environments

December 22, 2022

For optimal performance, please accept cookies.

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 7/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

GET STARTED

Get a Customized Quote

Please fill out the form below to schedule a free 30 minute consultation. This consultation will
allow us to create a customized plan and an accurate, no-obligation quote.

Want to speak to us now? Call us at (866) 335-6235 or start a live chat!

For optimal performance, please accept cookies.

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 8/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

First Name* Last Name*

Your Work Email Address*

Phone

Company Name

What industry does your organization operate in?*

Biotech & Pharma

Consulting / B2B
Energy & Utilities
Financial Services & Fintech
Healthcare
Info / Data
Insurance
Legal
Manufacturing
Software / SaaS / aps
Other

How Can We Help You?*

I.S. Partners is serious about privacy.  By clicking request a quote below, you consent to
allow us to store and process the personal information submitted above.  We will never
share your information with third parties and you can unsubscribe anytime.  Please have
a look at our Privacy Policy for more information

I agree to receive other communications from I.S. Partners.

GET A QUOTE

For optimal performance, please accept cookies.

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 9/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

Great companies think alike.

Join hundreds of other companies that trust .S. Partners for their compliance, attestation and
security needs.

1668 Susquehanna Rd
Dresher, PA 19025
 (866) 642-2230
 Click Here

SIC Code: 73,87

NAICS Code: 541,54121

AWA International Group

Careers
For optimal performance, please accept cookies.

Contact Us

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 10/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

Get Free Quote

Portal Login

Testimonials

Certification & Attestation

SAAM ™ Compliance Software

SOC 1

SOC 2

SOC 3

SOC for Cybersecurity

SOC for Vendor Supply Chain

Green Power Pass

HITECH-HIPAA

HITRUST

ISO 27001

ISO 50001

PCI DSS

Cybersecurity Assessment & Advisory Services

CCPA Compliance

CISO Advisory

Cloud Environment Assessment

FISMA Audit

GDPR Compliance

GLBA Compliance

ISMS Risk Assessment

NERC CIP Compliance

For optimal performance, please accept cookies.

NIST Compliance

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 11/12
7/1/23, 10:12 AM Internal Control: 5 Key Principles of COSO Framework | I.S. Partners

NYDFS Compliance

PCI Transformation

Pandemic Preparedness Planning

Penetration Testing Services

External Pen Testing

Internal Pen Testing

PCI Compliance Testing

Social Engineering

Web App Pen Testing

Audit & IT Assurance

Agreed-Upon Procedures

Internal Audits

Internal Audit Outsourcing

MAR/SOX Compliance

Policy & Procedure Development

Remote Auditing

Vendor Risk Assessment

© 2023 I.S. Partners | Privacy | Terms | Sitemap

   

For optimal performance, please accept cookies.

https://www.ispartnersllc.com/blog/5-key-principles-of-coso-framework/ 12/12