Skip Ribbon Commands
Skip to main content

The IIA COSO Resource Exchange

Video: Enterprise Risk Management — Aligning Risk with Strategy and Performance

Hear from members of the COSO ERM Framework Update Advisory Council as they offer their insights on the proposed changes to the Framework and the need for public input. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is accepting comments on the update, Enterprise Risk Management — Aligning Risk with Strategy and Performance, from June 15 through Sept. 30.

Watch the Video 

ERM Framework Update Exposure Period Now Open

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has unveiled an update to its Enterprise Risk Management – Integrated Framework and is seeking public comment of the proposal, from June 15 through Sept. 30. The update, Enterprise Risk Management — Aligning Risk with Strategy and Performance, is designed to address the needs of all organizations to improve their approach to managing new and existing risks as a way to help create, preserve, sustain, and realize value.

Go to ERM Framework Update Page
Read Press Release

NEW COSO Certificate Program

NEW COSO Certificate ProgramThrough a blend of self-paced learning and live, interactive training, the COSO Internal Control Certificate offers participants a unique opportunity to develop their expertise in designing, implementing and monitoring a system of internal control.

This new certificate includes an exam to verify that participants have gained the knowledge and skills critical to this program, plus, they will earn up to 25.5 hours of CPE.

Learn more about The IIA’s COSO Internal Control Certificate inaugural offering.

Leveraging COSO Across the Three Lines of Defense: White paper explains how to leverage COSO framework, 3 Lines of Defense

In Leveraging COSO Across the Three Lines of Defense, The IIA's Audit Executive Center makes a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.

Read Thought Leadership

COSO in the Cyber Age: Report offers guidance on using Frameworks to assess cyber risks

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released COSO in the Cyber Age, a thought leadership paper that provides direction on how the Internal Control-Integrated Framework (2013) and the Enterprise Risk Management-Integrated Framework (2004) can help organizations effectively and efficiently evaluate and manage cyber risks.

Read Thought Leadership

COSO Launches Online Survey for ERM – Integrated Framework Update

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has launched an online survey for its current project to review and update the 2004 Enterprise Risk Management – Integrated Framework (Framework). The survey, created by the PricewaterhouseCoopers (PwC) project team, seeks input and feedback from interested parties and is designed to capture views and insights regarding the current Framework and to collect suggestions for improvements. The deadline to complete the survey is Dec. 20, 2014.

Originally published by COSO in 2004, the Framework is widely accepted as a management tool that enhances an organization’s ability to manage uncertainty and to consider how much risk to accept as it strives to increase stakeholder value.

COSO is a voluntary private-sector organization formed in 1985 that is dedicated to improving organizational performance and governance through effective internal control, enterprise risk management, and fraud deterrence.

The IIA is one of five sponsoring organizations for COSO and plays an important role in providing assistance with the development of content for and hosting COSO’s website.

In addition to The IIA, COSO is jointly sponsored by the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA).

Take the Survey

IIA Resources

Video Broadcasts

Considering COSO 2013 From a Risk Perspective Controls exist to manage risk and keep it at acceptable levels. Norman Marks, retired CAE and Ia Online blogger, discusses how COSO's 2013 Internal Control–Integrated Framework fits into a top-down, risk-based approach to audits. View now.

COSO's Updated Framework: Global Applicability COSO Chairman Bob Hirth says regardless of your company's size, maturity, industry, or location, the enhanced 2013 Internal Control–Integrated Framework can be used to help improve its system of internal control. View now.

2013 Pulse of the Profession Survey Results – IIA President and CEO Richard Chambers discusses the results of the latest survey. Internal audit departments are expecting a greater focus on compliance risks, with implementation of COSO 2013 and the U.S. Affordable Care Act on the horizon. View now.

COSO with Keith Kawashima – Keith Kawashima of The IIA's Sacramento chapter discusses the changes with COSO and how it affects internal auditors. View now.

Training and Events


COSO Internal Control Certificate

COSO 2013: Implementing the Framework

Are You COSO Ready? A Free Webcast Overview of the Updated COSO Framework discusses key changes to the Framework and how they will impact your organization:

  • Why the change is occurring now and what factors influenced the update.
  • What has not changed from the original guidance.
  • The nine elements that have changed and which seven directly impact internal audit.
  • How to continue your education and understanding of the Framework.

This is a good starting point to assess how these changes will impact your current practices. Access now.

Articles, Books, and Reports

COSO Internal Control‒Integrated Framework: Turning Principles into Positive Action Book – Larry Rittenberg, COSO’s chair emeritus, provides a high-level, 100-page companion guidebook that will help internal auditors in all industries to quickly identify the implications for their organizations. This easy-to-read guide, sponsored by The IIA's Milwaukee Chapter, is an indispensable companion for the 2013 Framework. The book is included with the two-day COSO 2013: Implementing the Framework course registration and is also available for purchase online through The IIA Research Foundation Bookstore.

Management’s Guide to Sarbanes-Oxley Section 404 – This new release provides detailed guidance to ensure programs reflect the updated 2013 COSO Framework and readers understand the relationship between Sarbanes-Oxley Sections 302 and 404.

COSO Features in IIA Publications

These features in Internal Auditor magazine and IIA Today highlight the key changes, what you need to know, and resources available for implementation:

The Audit Executive Center COSO Roundtable Report provides insight gathered during the Center’s three roundtable sessions held in early 2012, where CAEs discussed proposed updates, revisions, and enhancements to the 1992 Framework. The sessions brought together more than 30 CAEs from Fortune 250 companies and other distinguished organizations.

COSO Roundtable Report

About COSO

The IIA is a member of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), a joint initiative of five private sector professional associations collaborating to provide thought leadership, frameworks, and guidance on enterprise risk management, internal control, and fraud deterrence. As one of the five sponsoring organizations for COSO, The IIA provides its members with exclusive access and discounts through its COSO Resource Exchange.

About the COSO Resource Exchange

The IIA COSO Resource Exchange provides the most comprehensive and up-to-date list of resources, tools, and training to support implementation of the COSO Internal Control–Integrated Framework. The Framework is the most widely recognized guidance on what constitutes effective internal control, which is vital for the success of any organization. It is broad-based and can be applied by organizations, businesses, governmental agencies, and not-for-profit enterprises of all sizes.


Jan. 14, 2015 - COSO in the Cyber Age

Nov. 5, 2014 - COSO Announces Online Survey for ERM Update

Oct. 21, 2014 - COSO Announces Project to Update Enterprise Risk Management-Integrated Framework

Aug. 12, 2014 - COSO-based Internal Auditing Course Coming to San Francisco and New York

Feb. 10, 2014 - COSO Releases New Thought Leader Paper Demonstrating How Frameworks Improve Organizational Performance and Governance

June 25, 2013 - Managing Sustainability Risks the Focus of COSO's Latest Thought Leadership

June 6, 2013 - COSO Issues Article Discussing Transition to the 2013 Internal Control - Integrated Framework for SOX Section 404 Compliance

June 3, 2013 - New COSO Chairman Announced

May 14, 2013 - COSO Issues Updated Internal Control - Integrated Framework and Related Illustrative Documents

COSO Resources

Improving Organizational Performance and Governance: How the COSO Frameworks Can Help

Demystifying Sustainability Risks

The 2013 COSO Framework & SOX Compliance: One Approach to an Effective Transition

Internal Control — Integrated Framework Executive Summary


COSO Framework Overview (PPT)

2013 COSO Framework

Additional information regarding the release of the updated Framework may be found on the COSO website and the following products may be purchased through The IIA Research Foundation Bookstore.

Member Savings

The IIA is a sponsoring organization of COSO. IIA members may purchase the COSO Framework and related documents at a reduced rate through The IIA Research Foundation Bookstore.