
MONTH-IN-BRIEF (Apr 2023)
Internal Control Organization Issues Guidance on Sustainability Controls
By Thomas W. White, Retired Partner, WilmerHale
“COSO,” an organization sponsored by several major associations of accountants, financial executives, and internal auditors, promulgates the leading framework for designing, implementing, and assessing internal control over a company’s operations, reporting, and compliance. COSO’s Internal Control—Integrated Framework (2013) is used by most US public companies to perform the management assessments and external audits of internal control over financial reporting required by section 404 of the Sarbanes-Oxley Act. (Notably, the COSO Framework is broader than just financial reporting, covering also operational controls and legal and regulatory compliance controls.) The COSO Framework consists of five components of internal control, each of which contains three to five principles, for a total of seventeen principles.