COSO stands for the Committee of Sponsoring Organizations, which created internal controls standards to help make sure corporations run a tight ship. COSO requires that a formal risk assessment be performed to evaluate the internal and external factors that impact an organization's performance. The results of the risk assessment will determine the controls that need to be implemented. COSO focuses on financial controls but also has implications for functions like information security. Although COSO has been around for some time, the framework came to prominence through the Enron-Worldcom governance and accounting scandals and subsequent Sarbanes-Oxley legislation.