An interesting methodology for describing and evaluating the internal business controls for corporations. I have been involved in compiling and completing the COSO framework documentation for audit purposes.
The excercise involved serves to provide a basis and comfort for the CEO and CFO certifications required with public corporations as part of the periodic external financials dissemination. It is a structure for outlining the business, its processes, perceived risks, and mitigation strategies. It also includes a means to evaluate and rate them, plus a document to use for discussion purposes.