Committee of Sponsoring Organizations (COSO) is a voluntary private-sector organization. COSO is dedicated to guiding executive management and governance entities toward the establishment of more effective, efficient, and ethical business operations on a global basis. It sponsors and disseminates frameworks and guidance based on in-depth research, analysis, and best practices. Two of them are particularly important and strongly integrated with each other: Internal Control – Integrated Framework and Enterprise Risk Management – Integrated Framework.
The Enterprise Risk Management Framework describes the critical principles and components of an effective enterprise risk management process, setting forth how all important risks should be identified, assessed, responded to and controlled. It also provides a common language, so that when executives, directors and others talk about risk management, they are truly communicating.
The Internal Control Framework focuses on control and helps organizations design and implement internal controls in light of many changes in business and operating environments. The ERM Framework is a broader framework that incorporates the internal control framework within it. In other words, one approach to risk is to develop controls to mitigate the risks. The frameworks are compatible and are based on the same conceptual foundation.