The following original COSO documents are available in the AICPA store:

Internal Control – Integrated Framework: Executive Summary, Framework and Appendices, and Illustrative Tools for Assessing Effectiveness of a System of Internal Control (3 volume set)
Issued by COSO, the 2013 Internal Control–Integrated Framework (Framework) is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework in 1992.

Internal Control – Integrated Framework: Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples
This publication has been developed to assist those users of the Internal Control – Integrated Framework (2013) who are responsible for designing, implementing, and conducting a system of internal control over external financial reporting that supports the preparation of financial statements and other external financial reporting.

Internal Control – Integrated Framework and Compendium Bundle
Save when you purchase the 2013 Internal Control – Integrated Framework (3 Volume Set) with the Internal Control Over External Financial Reporting: A Compendium of Approaches and Examples.

Fraudulent Financial Reporting: 1998–2007, An Analysis of U.S. Public Companies (2010)
This 2010 COSO study provides a comprehensive analysis of 10 years of fraudulent financial reporting events investigated by the SEC, covering fraud techniques, issues related to external auditors, and consequences to companies and individuals.

Guidance on Monitoring Internal Control Systems (2009)
This 2009 COSO document brings together leading practices at large and small organizations and provides in-depth guidance for implementing the monitoring component of COSO's Internal Control — Integrated Framework.

Internal Control over Financial Reporting—Guidance for Smaller Public Companies (2006)
This 2006 COSO document provides guidance on how to apply concepts in the COSO framework. It is directed at smaller public companies – although also usable by entities of all sizes and types – that are using the framework in designing and implementing internal control over financial reporting.

Enterprise Risk Management—Integrated Framework (2004)
This 2004 COSO document provides a benchmark for organizations to consider when evaluating and improving their enterprise risk management (ERM) processes.

Internal Control—Integrated Framework (1992)
This landmark 1992 COSO report was commissioned by the Committee on Sponsoring Organizations of the Treadway Commission (COSO). It establishes a common definition of internal control that services the needs of different parties for assessing and improving their control systems.


Additional guidance on internal control