While some organizations found implementing the COSO framework to be relatively easy, some found it rather burdensome. Others used it as an opportunity to take a fresh look at internal control over financial reporting and, as a result, gained added assurance. However, COSO did not intend the framework to be used solely for financial controls. It was designed to help organizations effectively develop a system of internal control that would meet the challenges of an ever-changing business and regulatory environment.
The research for this report focused on four organizations that are applying the framework to all three categories of business objectives—operations, reporting, and compliance—in different ways. Some key findings emerged from interviews conducted with the four organizations. Their examples may help readers implement COSO’s framework to improve risk management and control in their organizations.
As an added value to this report, several organizations have generously agreed to share samples of the documentation used in implementing the framework. The COSO Implementation Toolkit lets you customize the samples to meet your organization’s needs and is included in the purchase price of this report.