Two decades ago, the Committee on Sponsoring Organizations (COSO) published its original framework for internal controls. Since then, it has served as the most comprehensive resource for companies (both public and private) to evaluate the effectiveness of their internal controls.

The COSO framework was updated in 2013 for the first time to reflect the changes in business and operating environments that have occurred since its initial publication. Although private companies are not required to adopt and follow COSO guidelines, any company can benefit by putting them into practice. After all, sound internal controls are the best defense against employee theft, fraud and embezzlement, no matter the size of your company.

The revised COSO framework retains its fundamental definition of internal control and its five components:

• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring Activities

The revised framework states that all five of these components must be in place for an internal control environment to be effective. However, it now presents the five components in terms of 17 principles. Approaches and examples for these principles as a reference point during implementation of the new framework are also included. Most importantly, the new framework continues to emphasize the importance of management judgment in designing, implementing and conducting internal controls and assessing their effectiveness.

As a commercial lender, you are in the position to do your borrowers a favor; make them aware of the COSO framework and get to know their business from the COSO perspective to see how their internal controls measure up to the guidelines. Given the growing incidences of fraud and embezzlement that are occurring within many companies today, these guides can prove to be especially relevant.

If you have any questions about the COSO framework or how it fits with your business, please contact our professionals at (417) 576-3465 or go to