IA20 ● Internal control framework COSO 2013 I Insight sign𝒾𝓃sight

For more than 20 years, the COSO has been a key reference in the field of internal control worldwide. The COSO Internal Control framework – an Integrated Approach published in 1992 – defined the fundamentals of internal control. To better reflect the evolving business and regulatory environment in which organisations operate – new risks, increased expectations for governance, a growing role for technology, increased reliance on outsourcing, and reporting requirements in financial communication – an update of the framework was published in May 2013.


  • Understanding an internal control system starts with a refresh of the definition of risk and internal control, the three lines of defence, and the role of COSO 2013 for the various stakeholders.
  • Evaluate your organization's current control system with regard to the new COSO principles.

Through the practical use of the COSO framework, the control functions can position your organisation's current control system according to the new COSO 2013 principles.


Particular emphasis will be placed on the content of the COSO 2013 framework::

  • 5 components,
  • 17 principles and
  • 81 points of attention of internal control.

The course is structured according:

Module 1 : Internal control

  • Definitions
  • Risk concepts
  • Control typology
  • Control strategy
  • Stakeholders and lines of defence
  • Pratical exercice : process, objectif, risks, control measures

Module 2 : COSO framework

  • COSO evolution
  • COSO cube
  • COSO 2013 major changes
  • COSO 2017

Module 3 : Control environment

  1. Integrity and ethical values
  2. Oversight responsibility
  3. Structure, authority and responsibility
  4. Competence
  5. Accountability
  • Practical exercise

Module 4 : Risk assessment

  1. Objective specification
  2. Risk identification and analysis
  3. Fraud risk
  4. Significant change
  • Practical exercise

Module 5 : Control Activities

  1. Control activities selection and development
  2. General technology controls
  3. Policies and procedures
  • Practical exercise

Module 6: Information and communication

  1. Relevant information
  2. Internal communication
  3. External communication
  • Practical exercise

Module 7:Monitoring activities

  1. Ongoing and separate evaluations
  2. Deficiencies management

Course information sheet

  • Internal control and information systems questions

Target audience

  • Auditors, risk officers and internal controllers,
  • Novice internal auditors,
  • Experienced internal auditors,
  • IT/IS auditors,
  • Internal Audit managers.




The training can be provided by either trainer

  • Monique Garsoux, internal audit professional and an expert in audit methodologies and techniques.
  • Patrick Soenen, professional in internal and IT audit, risk management and IT technologies.


The standard course lasts 1 day and it can be tailored to your specific requirements.


Have a look at our training calendar for the next training dates.

General information

  • Description: Product sheet
  • Continuing Professional Education: 7 CPE hours.
  • Course level : This course corresponds to level 2 "Understanding" on the 6 level scale of Bloom's taxonomy, a hierarchy used to classify educational levels.
  • References: IIA Belgium, SPW
  • We can coach your staff in internal control.
  • We would welcome the opportunity to make you a tailored offer.


Back to overview