A system of strong internal controls has been and continues to be the basis for effective operational and accounting business processes. Over the years in the United States, the term internal controls, although frequently referenced by auditors and business managers, did not have a consistent definition or use. However, a series of events in the United States in the 1970s led to the development and release of the Committee of Sponsoring Organizations (COSO) internal control framework. First recognized as a standard for assessing internal controls by U.S. internal and external auditors, the COSO internal control framework has received worldwide recognition and become the Sarbanes-Oxley Act's (SOx's) standard for building and measuring internal controls.

This chapter briefly discusses "how we got there"—the activities by auditors, regulators, and other professionals over recent years to develop a consistent approach to defining and understanding internal controls. The chapter will then introduce the COSO internal control framework and why its application is essential for establishing compliance with SOx internal accounting control requirements. It should be noted that there are two different COSO frameworks. The first COSO framework and the emphasis of this chapter provides a consistent definition for internal controls, and it is still often called just the COSO framework. However, after SOx became effective in 2004, COSO released ...