Who is responsible for internal controls?

COSO white paper's 'three lines of defense' can establish risk management duties.

September 1, 2015

Please note: This item is from our archives and was published in 2015. It is provided for historical reference. The content may be out of date and links may no longer function.

September 4, 2025

Summing up economic sentiment and concerns about inflation and tariffs

September 4, 2025

Business outlook brightens somewhat despite trade, inflation concerns

July 24, 2025

AICPA & CIMA Business Resilience Toolkit — levers for action

Management Accounting
- Enterprise Risk Management

Establishing who is responsible for specific internal controls can be a challenge at many organizations.

Effective internal controls help organizations manage risks in a systematic, effective way. The internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) helps many organizations manage risks. But the framework does little to establish who is responsible for the specific duties it describes.

A new COSO white paper, Leveraging COSO Across the Three Lines of Defense, describes how organizations can better establish and coordinate duties related to risk and control. The AICPA is a member of COSO.

Coordination under this model can help minimize gaps in controls and eliminate unnecessary duplication of assigned duties. The model proposes that senior management and the board oversee and direct three separate groups (or lines of defense) that contribute to effective management of risk and control. These separate groups:

Own and manage risk and control (operating management).
Monitor risk and control in support of management (risk, control, and compliance functions put in place by management).
Provide independent assurance about effectiveness of risk management and control to the board and senior management (internal audit).

FROM THIS MONTH'S ISSUE

Flip out with the latest Tech Q&A

The September Technology Q&A column shows how to create dynamic to-do lists with Excel's checkboxes and also how to set up multifactor authentication texts that don't rely on phones. Flip through both items and view a video walkthrough in our digital format.

From The Tax Adviser

August 30, 2025

MAGAZINE

September 2025

August 2025

July 2025

June 2025

May 2025

April 2025

March 2025

February 2025

January 2025

December 2024

November 2024

October 2024

view all

View All

Who is responsible for internal controls?

Summing up economic sentiment and concerns about inflation and tariffs

Business outlook brightens somewhat despite trade, inflation concerns

AICPA & CIMA Business Resilience Toolkit — levers for action

Features

Calming nervous clients nearing retirement

7 retirement tips for small firm CPAs

Building a better CPA firm: Stepping up service offerings

2025 tax software survey

FROM THIS MONTH'S ISSUE

Flip out with the latest Tech Q&A

From The Tax Adviser

2025 tax software survey

Are you doing all you can to keep the cash method for your clients?

Current developments in S corporations

Paid student-athletes: Tax implications for universities and donors

MAGAZINE

HOME

ABOUT

SUBSCRIBE

AICPA & CIMA SITES