Coming COSO Update - 17 Principles

1. Demonstrates Commitment to Integrity and Ethical Values—The organization demonstrates a commitment to integrity and ethical values.

2. Exercises Oversight Responsibility—The board of directors demonstrates independence from management and exercises oversight for the development and performance of internal control.

3. Establishes Structure, Authority, and Responsibility—Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.

4. Demonstrates Commitment to Competence—The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.

5. Enforces Accountability—The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

6. Specifies Suitable Objectives—The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.

7. Identifies and Analyzes Risk—The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.

8. Assess Fraud Risk—The organization considers the potential for fraud in assessing risks to the achievement of objectives.

9. Identifies and Analyzes Significant Change—The organization identifies and assesses changes that could significantly impact the system of internal control.

10. Selects and Develops Control Activities—The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.

11. Selects and Develops General Controls over Technology—The organization selects and develops general control activities over technology to support the achievement of objectives.

12. Deploys through Policies and Procedures—The organization deploys control activities through policies that establish what is expected and procedures that put the policies into action.

13. Uses Relevant Information—The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control.

14. Communicates Internally—The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control.

15. Communicates Externally—The organization communicates with external parties regarding matters affecting the functioning of other

components of internal control.

16. Conducts Ongoing and/or Separate Evaluations—The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.

17. Evaluates and Communicates Deficiencies—The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.