A control framework is a conceptual basis for formulating a set of controls for an organization. This set of controls is intended to minimize risk through the use of practices and procedures in a coordinated manner. The best-known control framework is the Integrated Framework, which was developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. This framework defines internal control as a process that is designed to provide reasonable assurance regarding the achievement of objectives in the following three areas:
The efficiency and effectiveness of a firm’s operations
The reliability of a firm’s financial reporting
The compliance of a firm with applicable laws and regulations
The framework includes the following general concepts:
Internal control is not an end in itself; rather, it is a process that is intended to support the requirements of a business.
Internal control is impacted by individuals throughout a business; it is not simply a set of policies, procedures, and forms.
Internal control can only provide reasonable assurance to an organization’s management and board of directors; it cannot provide absolute assurance.
Internal control is targeted at achieving specific objectives within a business.