CHAPTER 1 The Architect’s Blueprint Establishing the Framework

IN 1992, THE COMMITTEE of Sponsoring Organizations of the Treadway Commission (known as COSO), developed and issued a framework for internal control design. According to its website,, “the Committee is a joint initiative of The American Accounting Association, The American Institute of CPAs, Financial Executives International, The Association of Accountants and Financial Professionals in Business, and The Institute of Internal Auditors. COSO is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.”

The COSO internal control framework is a picture of the proper design of an internal control structure. It contains certain elements that must be included in developing internal controls as a part of an anti-fraud program. There have been certain modifications of the framework recently, but the overall elemental design has stood the test of time for more than 20 years.


The original COSO framework outlines five elements of internal control design: (1) the control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring. While keeping with the intent of this structure, I have modified the names and format ...

Get Internal Control/Anti-Fraud Program Design for the Small Business: A Guide for Companies NOT Subject to the Sarbanes-Oxley Act now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.