The American Bankers Association (ABA) recently urged The Committee of Sponsoring Organizations of the Treadway Commission (COSO) to be mindful of the challenging nature of the proposed revisions to the COSO Internal Control – Integrated Framework. COSO views internal control as the cornerstone for a well-designed enterprise risk management process that assists organizations in identifying and mitigating potentially adverse events in keeping with their business objectives. In its efforts to revise the framework, COSO has introduced seventeen principles with 81 points of focus, or characteristics that tie to the core five components of the framework. The ABA agrees that the existing framework, having recently enjoyed its twenty-year anniversary, is overdue for a facelift to maintain its relevance. The ABA believes “the draft is written in a consistent and logical manner and, for companies that are new to the assessment or attestation process, it can greatly assist in the documentation and assessment of an entity’s internal control system.” However, it has two major concerns that it asserts needs to be addressed prior to issuance of a final revised framework: Due process and level of detail. The ABA asserts that:
(1) An open and transparent process is needed so that stakeholder input can be provided and discussed throughout the review process – since without understanding the expectations of regulators and auditors, the revised framework can open the door to undue external audit and regulatory oversight and documentation burdens. Unlike other authoritative bodies’ processes, in which stakeholders have the opportunity for direct involvement and input throughout the development of a standard, COSO does not follow such a process.
(2) The updated framework could lead internal auditors down the path of using restrictive checklists, leaving little room for flexibility and judgment in the process. The ABA suggests that COSO change the term “points of focus” to “internal control considerations,” with these considerations geared toward management’s use and not only for use by the internal audit function. Additionally, the many attributes will necessitate an amount of documentation required to evidence compliance which will present an excessive hurdle to overcome.
With this in mind, the ABA desires a more continuous dialogue with COSO as it pertains to the revision and issuance of guidance and recommends that the principles along with the points of focus be deleted from the final framework. It proposes a non-authoritative guidance document, capturing these principles and points of focus be published as a best practice piece that complements the revised framework. The ultimate conclusions reached by COSO will be apparent in the soon-to-be released approved revised COSO framework.
Learn more about services for financial services companies or contact us to discuss the proposed COSO Internal Control – Integrated Framework.
© 2013 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter