control framework

A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a commonly used framework for internal controls. The COSO framework is designed to provide a model that corporations can use to run an efficient and well-controlled financial environment.

COSO's main components:

  • Internal control environment
  • Objective setting
  • Event identification
  • Risk assessment
  • Risk response
  • Control activities
  • Information and communication
  • Monitoring.

According to COSO, those components constitute a viable framework for describing and analyzing an organization's internal control system in a way that conforms to financial compliance regulations. COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting.

IT controls are a subset of internal controls related to information technology (IT). IT control frameworks include COBIT (Control Objectives for Information and Related Technology),  ISO/IEC 17799: Code of Practice for Information Security Management and ITIL (Information Technology Infrastructure Library).


See also: PCI-DSS, enterprise risk management (ERM), compliance, governance, risk and compliance (GRC), GRC software

This was last updated in March 2011
Posted by: Margaret Rouse
View the next item in this Essential Guide: incident management (IcM) or view the full guide: IT services management and best practices: An enterprise CIO guide

More News and Tutorials

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Research More Tech Terms

  • Search thousands of tech definitions
  • Browse tech definitions
    Browse Alphabetically:

Powered by

File Extensions and File Formats

File Extension and File Formats List:

Powered by