COSO Framework Changes Coming

Risk Advisory/Internal Audit

By Karen McCash

Initially published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in 1992, the Internal Control - Integrated Framework (COSO Framework) has become the most widely applied global standard for the implementation, design and evaluation of internal control environments. In response to increased complexities in current business structures, operations, and regulations, the COSO Framework is in the process of being updated, incorporating what might be called a “roadmap” to promote compliance with the framework. The roadmap consists of 17 principles that aid in the design, implementation and evaluation of an internal control environment.

Like its predecessor in 1992 (and the Enterprise Risk Management – Integrated 2004), the proposed revised COSO Framework retains the definition of internal control, three business objectives, five internal control components, and emphasis on appropriate and accurate management judgments. The revisions, however, provide a more micro-level approach in defining control components by more explicitly defining control practices (i.e., control principles).

The COSO Framework retains the objectives of operations, reporting (financial) and compliance and the five components of effective internal control (i.e., control environment, risk assessment, control activities, information and communication, and monitoring activities). Within the proposed revised COSO Framework, the 17 principles (roadmap) are aligned to the respective internal control component. This principles-based approach encompasses the operational, reporting and compliance activities throughout an organization.

Although the proposed COSO Framework provides enhanced guidance, its application does not come without challenges similar to those realized in the past, primarily management judgment and oversight. An organization’s efforts to align with the changes in the proposed COSO Framework will vary by organization depending on the organization’s system of internal control. Additionally, focus on fraud and mitigation of its risk has been elevated in the proposed framework. Approval of the revised COSO Framework is anticipated to occur in the second half of 2012; however, the current draft is available for download (available until March 31, 2012), and early incorporation of the principles is encouraged.

Schneider Downs & Co., Inc. can assist you with implementing the COSO Framework and other internal audit needs. Learn more about our firm’s Internal Audit and Risk Advisory Services practice.

© 2012 Schneider Downs. All rights reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.