skip to content
Primary navigation

Components & Principles of the Framework

The Green Book approaches internal control through a hierarchical structure of 5 components. The 5 components represent the highest level of the hierarchy of standards for internal control in government. These must be effectively designed, implemented, and operating together in an integrated manner, for an internal control system to be effective. The related 17 principles support the effective design, implementation, and operation of the associated components and represent requirements necessary to establish an effective internal control system.

Additional information on each of the 5 interrelated components and related 17 principles of internal control is provided below.

Image of COSO Internal Control Pyramid

Control Environment

The control environment is the foundation for an internal control system and begins with the "tone at the top" - the words and actions of agency leadership.

Risk Assessment

Internal and external risks must be assessed and managed in order for the organization to achieve its objectives and mission. Control activities are actions put in place by management to address and mitigate risk.

Information & Communication

The presence of effective information and communication systems is a key component of a strong internal control structure.


Monitoring ties the other four components together, and enables management to detect changes and deficiencies in other components.
back to top