If you are a compliance professional looking at your company’s GenAI rollout and wondering when the grown-ups will finally arrive, I have good news. They just did.
COSO has now stepped directly into the GenAI conversation with its new paper, Achieving Effective Internal Control Over Generative AI, and that matters a great deal. For those of us in compliance, internal audit, risk, and governance, COSO is not a shiny new acronym trying to catch the latest tech train. COSO is the train schedule. It is the framework that boards, auditors, controllers, and compliance professionals already understand. And with this publication, COSO has done something very important: it has translated GenAI risk into the language of internal control. That is exactly what the market needed.
Because up until now, too much of the GenAI discussion has lived in one of two places. Either it sat in the innovation lab with people talking breathlessly about transformation, or it sat in the legal department where everyone worried, quite correctly, about hallucinations, privacy, and bias. What has often been missing is the operational bridge between aspiration and assurance. COSO gives us that bridge. It says, in effect, GenAI is not outside your control environment. It is now part of it. And if it is part of it, then it must be governed, tested, monitored, and documented like any other significant business capability.
GenAI Does Not Change the Need for Control. It Changes the Terrain
One of the most important points in the COSO paper is that GenAI does not upend the COSO Internal Control-Integrated Framework. Rather, it changes the environment in which those controls operate. The five familiar COSO components remain the same: control environment, risk assessment, control activities, information and communication, and monitoring activities. What changes is the nature of the underlying risk. GenAI introduces probabilistic outputs, model drift, prompt injection, opaque reasoning, rapid configuration changes, and the adoption of shadow AI outside normal approval channels. That is a very useful framing for compliance officers.
It means we should stop treating AI governance as some exotic side project. If GenAI is used in operations, legal, finance, HR, procurement, investigations, or reporting, it belongs within your existing governance architecture. You do not need to invent a new religion. You need to apply the old disciplines to a new set of facts.
This is where compliance can and should lead. We understand what it means to build controls around fast-moving risk. We understand escalation, role clarity, training, monitoring, and accountability. COSO is effectively telling compliance professionals, “You already know more about governing GenAI than you think. Now apply that muscle memory with precision.”
A Capability-First Approach Is a Game Changer
The most practically useful innovation in the COSO guidance is its capability-first taxonomy. Rather than organizing AI controls by vendor, product name, or technical buzzwords, COSO focuses on what the GenAI system actually does. It identifies eight capability types: data extraction and ingestion; data transformation and integration; automated transaction processing and reconciliation; workflow orchestration; judgment, forecasting, and insight generation; AI-powered monitoring and continuous review; knowledge retrieval and summarization; and human-AI collaboration. That is enormously helpful because it is how compliance people actually work.
We do not manage risk by admiring the label on the software box. We manage risk by understanding what a tool does in a process, what can go wrong, how fast it can go wrong, and how the error propagates downstream. A GenAI tool that summarizes policies creates one set of risks. A GenAI agent that routes approvals, posts transactions, or helps shape regulatory disclosures creates another. COSO provides organizations with a common language for distinguishing among use cases and calibrating controls accordingly. That is not just elegant. It is actionable.
The Five Foundational Truths Every CCO Should Memorize
COSO also offers five foundational characteristics for GenAI internal control, and each should be printed and posted on the wall of every compliance office.
First, GenAI is probabilistic, not deterministic. In plain English, it can sound authoritative and still be wrong. Therefore, outputs must be treated as claims requiring validation, not facts to be accepted by default. Second, GenAI is dynamic. Models, prompts, and retrieval data evolve quickly, so controls and monitoring must keep pace. Third, GenAI is easily scalable, meaning it can scale both productivity and error rates. Fourth, it has a low barrier to entry, which is why shadow AI is such a real problem. Fifth, and perhaps most interestingly, GenAI can help govern GenAI through pattern detection, validation, and monitoring.
There is a lot packed into those five points. For compliance, the biggest takeaway is this: static governance will fail in a dynamic AI environment. Annual reviews will not cut it. A once-a-year policy refresh will not cut it. A single training session on acceptable use will not cut it. GenAI governance has to be living governance.
What COSO Says About the Control Environment
COSO starts where it should: tone, structure, and accountability. The paper says organizations need a GenAI acceptable use policy, clear ethical boundaries, oversight and accountability responsibilities, named owners for each AI tool or platform, role-based training, and accountability mechanisms tied not only to adoption but also to safety, compliance, and performance. Boards and cross-functional oversight groups need visibility into adoption, incidents, changes, and risk indicators.
That is a direct message to compliance leaders. If nobody owns the prompts, the retrieval connectors, the model configurations, the escalation path, or the approval structure, then nobody owns the risk. And in a regulatory environment moving steadily toward AI accountability, “nobody owned it” is not a defense. It is an indictment.
I particularly liked COSO’s emphasis that prompts, system prompts, and retrieval connectors should be treated as governed configurations. That is exactly right. Too many companies still treat prompting like an informal user habit rather than a control-relevant configuration choice. In a high-impact context, the prompt is not casual. It is part of the system.
Risk Assessment Must Get More Dynamic
COSO’s discussion of risk assessment is equally strong. It calls for use cases to have clearly defined objectives, acceptable and unacceptable boundaries, and success criteria. It also warns that organizations must first ask whether GenAI is even the right tool for the task. In some cases, traditional automation or deterministic systems may be safer and more reliable. The risk assessment should account for hallucinations, drift, provenance gaps, prompt injection, bias, third-party dependencies, and significant changes such as vendor updates, connector changes, or evolving regulations.
This is where compliance earns its keep. We are the ones who should be asking: What if the model changes quietly? What if the source data becomes stale? What if the retrieval layer excludes a critical policy update? What if the system routes something to the wrong approver? What if the tool is used in a context where a simpler and safer solution would do the job better?
COSO is right to emphasize scenario analysis and living risk registers. In the GenAI era, risk registers that only update annually are museum pieces.
Human-in-the-Loop Is Not Optional
When COSO turns to control activities, it gets very practical. It says GenAI outputs should be subject to human corroboration proportionate to risk, and in high-impact business, legal, or regulatory contexts, AI assistance should be segregated from authoritative decision-making. The paper also calls for version control, audit trails, access restrictions, change management, source citation requirements, segregation of duties, confidence thresholds, and documented approvals for configuration changes. That is the heart of responsible AI governance.
I was also struck by COSO’s discussion of reliance in an ICFR setting. The paper draws an important distinction between situations in which management relies on AI output as evidence of control effectiveness and situations in which a human independently re-performs the work. When true reliance exists, the evidentiary expectations rise: documented prompts, model versions, sampling rationale, exception resolution, and retained evidence.
Even beyond financial reporting, that concept is vital for compliance. The moment your team starts relying on GenAI output for sanctions reviews, due diligence summaries, monitoring alerts, investigative chronology, or policy interpretation, you have to ask a simple question: What is our evidence that this output was reliable enough to trust?
Monitoring Is Where the Real Work Begins
COSO’s final major lesson is that monitoring GenAI is not a one-and-done exercise. Organizations need continuous metrics and periodic deep reviews. They need to track precision, recall, exception volumes, latency, fairness, drift, and outcome quality. They need retraining triggers, rollback protocols, remediation logs, and playbooks for common AI control failures. COSO also makes the excellent point that in probabilistic systems, control failure may no longer be a simple pass-fail matter. Organizations may need multi-metric tolerance ranges across dimensions such as accuracy, bias, leakage, explainability, and change velocity.
That is a sophisticated and realistic view. Compliance teams should take it seriously because it reflects the world we are moving into. AI control effectiveness will not be judged solely by whether a control exists on paper. It will be judged by whether the organization can show that it monitors performance, investigates deviations, remediates failures, and adapts as the technology changes.
The Bottom Line
The real genius of the COSO GenAI framework is that it takes AI out of the abstract and puts it where it belongs: inside the machinery of governance. It turns the conversation from “Do we have an AI policy?” to “Do we have effective internal control over AI use?” That is a far better question.
For compliance officers, the action items are clear. Inventory your GenAI use cases. Classify them by capability. Identify owners. Assess risk dynamically. Put human review where the stakes justify it. Govern prompts and configurations, such as controlled assets. Monitor continuously. And do not let your AI strategy outrun your control environment.
Because in the end, the organizations that benefit most from GenAI will not be the ones that moved fastest with the fewest guardrails. They will be the ones who figured out how to innovate with discipline. That is not bureaucracy. That is a competitive advantage.
