Skip to Main Content

Internal control over financial reporting: COSO best practices


Are you in control?
Preparing the internal control documentation required by the COSO framework can be difficult and daunting for some financial institutions. In our work with clients who are preparing to meet COSO requirements, we see a handful of areas banks can address to keep their implementation on track:

  1. Control environment
  2. Risk assessment
  3. Control activities
  4. Information and communication
  5. Monitoring activities

Because the framework is not highly prescriptive about specific internal controls, there are several practical considerations and actions to take that can help you focus on areas that are easily overlooked. Spreadsheet controls, sample sizes, exception monitoring, testing, and commonly missed controls make up the bulk of the what to consider. By focusing your efforts on these areas, you can more efficiently reduce potential audit findings by making changes to your internal control process.

My colleagues and I provide more detail specifically about how and what to address in our COSO internal controls white paper.

The bottom line? 
Prepare now to save time—and potentially reduce audit findings—later. Once you have your process in place, you won't have to scramble to implement controls during the year you become subject to an integrated audit under SOX 404 / FDICIA.

Learn more about improving your institution's internal controls: Download our COSO internal controls white paper and get ready now!

Related Industries

Related Services

Accounting and Assurance

Related Professionals


BerryDunn experts and consultants