In 1977, upon SEC’s recommendation, Congress enacted the Foreign Corrupt Practices Act (FCPA). The FCPA requires issuers to devise and maintain a system of internal controls.

In 1985, a private sector initiative known as the National Commission on Fraudulent Financial Reporting (referred to as the Treadway Commission) was formed to study and report on the factors that can lead to fraudulent financial reporting. The Commission was sponsored by five professional associations, called the Committee of Sponsoring Organizations, or COSO.

In 1992, COSO published ‘Internal Control – Integrated Framework’ or The COSO Framework.

In 1995, the American Institute of Certified Public Accountants (AICPA) incorporated the COSO definition of internal control in Statement on Auditing Standards (SAS) No. 78.
The PCAOB recognizes the COSO Framework as an internal controls standard in Auditing Standard No. 5 (AS5).

In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework called ‘Enterprise Risk Management – Integrated Framework’. The 2004 executive summary explains that the ERM – Integrated Framework does not replace Internal Control – Integrated Framework, “but rather incorporates the internal control framework within it” for companies to both satisfy internal control needs and “move to a fuller risk management process.”