Tuesday, August 20th, 2019 

COSO Treadway Commission

COSO Treadway Commission Picture “When evaluating the effectiveness of internal control, management should consider it as an integrated whole.”
The Committee of Sponsoring Organization of the Treadway Commission ("COSO") framework describes five interrelated components of internal control.
  • Control environment. Senior management must set an appropriate "tone at the top" that positively influences the control consciousness of entity personnel. The control environment is the foundation for all other components of internal controls and provides discipline and structure.

  • Risk assessment. The entity must be aware of and deal with the risks it faces. It must set objectives, integrated throughout all value chain activities, so that the organization is operating in concert. Once these objectives are set, the entity must then identify the risks to achieve those objectives, analyze them, and develop ways to manage them.

  • Control activities. Control policies and procedures must be established and executed to help ensure the actions identified by management to address risk are effectively carried out.

  • Information and communications. Surrounding the control activities are information and communication systems, including the accounting system. These systems enable the entity's people to capture and exchange the information needed to conduct, manage, and control its operations.

  • Monitoring. The entire control process must be monitored, and modifications made as necessary. In this way, the systems can react dynamically, changing as conditions warrant.

These individual components are tightly integrated with each other. Each component has a relationship with and can influence the functioning of every component. When evaluating the effectiveness of internal control, management should consider it as an integrated whole. Weak controls in one area can be offset by stronger controls in another area.
© 2006-2019 HRMSI - COSO Treadway Commission