COSObased

COSObased (often written COSO-based) describes internal control, risk management, and compliance approaches that follow principles and guidance issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO is an industry group that published widely adopted frameworks for internal control (originally in 1992, updated in 2013) and enterprise risk management (ERM, updated in 2017). Organizations and auditors use COSObased approaches to design, assess, and report on control systems intended to provide reasonable assurance about achievement of objectives such as reliability of financial reporting, compliance with laws, and effectiveness of operations.

A COSObased internal control system typically addresses five components: control environment, risk assessment, control activities, information

Benefits attributed to COSObased frameworks include a structured, principle-driven approach that supports consistent assessments and external