In a bid to reflect changes that have occurred in the business environment in the last two decades, the Committee of Sponsoring Organizations of the Treadway Commission, COSO, recently updated its internal control framework.
COSO is a joint initiative of five private organizations – the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the institute of Management Accountants (IMA) which prides itself as the association of accountants and finance professionals in business and Finance Executives International (FEI) – and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.
According to its press release made available on May 14, 2013, COSO explained that it had issued an “updated Internal Control–Integrated Framework (Framework) and related illustrative documents.”
The original Framework was published in 1992 and has been is recognized globally as the leading guidance for designing, implementing and conducting internal control and assessing its effectiveness.
The updated Framework “is expected to help organizations design and implement internal control in (the) light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control.”
Since the Internal Control –Integrated Framework was issued in 1992, COSO has had two related publications, Internal Control over Financial Reporting – Guidance For Smaller Public Companies (2006) and Guidance on Monitoring Internal Control systems (2009). However, the project timetable that culminated in the just issued Updated Framework went through four phases commencing in 2010 with assessment and survey by stakeholders, progressing to design and build in 2011, public exposure, assessment and refinement in 2012 and finalization in 2013.
The review resulted in two separate publications: one, Internal Control – Integrated Framework consisting of three parts – Executive Summary, Framework and Appendices and Illustrative Tools for Assessing Effectiveness of a System of Internal Control and two, Internal Control over External Financial Reporting: A Compendium of Approaches and Examples.
It is instructive to note that even with the update, there are some things that have not changed. These are:
- Core definition of internal control
- Three categories of objectives and five components of internal control
- Each of the five components of internal control are required for effective internal control
- Important role of judgment in designing, implementing and conducting internal control, and in assessing its effectiveness
However, in the update, changes in business and operating environments have been considered, operations and reporting objectives expanded, fundamental concepts underlying five components articulated as principles and additional approaches and examples relevant to operations, compliance, and non-financial reporting objectives added.
In all, the updated framework articulates 17 principles of effective internal control. In otherwords, embracing these principles let companies know that they are running an effective system of internal controls. Three of the principles contained in this framework deal with information and communication and reflect the growth of the Internet, cell phones and other changes in business.
With regards to transition arrangements, COSO believes that users should transition their applications and related documentation to the updated Framework as soon as is feasible under their particular circumstances. During the transition extending to December 15, 2014, the organization says it will continue to make the original Framework available after which time it will consider it as superseded by the 2013 Framework. During the transition period, organizations reporting externally are required by the COSO Board to clearly disclose whether the original Framework or the 2013 Framework was utilized.
According to the COSO press release, the publications are available for purchase at its website www.coso.org. The Framework, Illustrative Tools, and ICEFR Compendium are available for purchase in both hard copy and electronic formats. An Executive Summary can, however, be downloaded by the public free of charge from www.coso.org.
This is laudable and is bound to be appreciated by accountants, finance professionals, enterprise risk managers, internal auditors and internal control professionals worldwide.