2.2. COSO INTERNAL CONTROL INTEGRATED FRAMEWORK
In 1985, the Committee of Sponsoring Organizations of the Treadway Commission was formed to sponsor the National Commission on Fraudulent Financial Reporting, whose charge was to study and report on the factors that can lead to fraudulent financial reporting. Since this initial undertaking, COSO has expanded its mission to improving the quality of financial reporting. A significant part of this mission is aimed at developing guidance on internal control. In 1992, COSO published Internal Control—Integrated Framework, which established a framework for internal control and provided evaluation tools that business and other entities could use to evaluate their control systems.
 In 2003, COSO published a draft of a document entitled Enterprise Risk Management Framework, whose purpose was to provide guidance on the process used by management to identify and manage risk across the enterprise. This new framework does not supersede or otherwise amend its earlier internal control framework. Internal control is encompassed within and an integral part of enterprise risk management. Enterprise risk management is broader than internal control, expanding and elaborating on internal control to form a more robust conceptualization focusing more fully on risk. Internal Control–Integrated Framework remains in place for entities and others looking at internal control by itself.
The COSO internal control framework describes five components of internal ...