COSO Releases Exposure Draft for Comment
Author: Eric DeCoursey
On September 18, 2012, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released for public comment an exposure draft of its Internal Control over External Financial Reporting: Compendium of Approaches and Examples. In 1992, COSO released its original Internal Control – Integrated Framework, which has become a leading framework for designing, implementing and conducting internal control and assessing the effectiveness of internal control.
Over the last 20 years, business and operating environments have become increasingly complex and technologically driven. The compendium was created to provide a fresh, modern approach to internal controls with explicit advice and more detailed implementation guidance.
The updated framework is fundamentally similar to the original, with the same core definition of internal control and no change to the five primary control components: control environment, risk assessment, control activities, information and communication and monitoring. The updated framework emphasizes the importance of management’s judgment in establishing a control environment and has enhancements and clarifications to help management better document and monitor the effectiveness of a company’s internal control structure.
There are three volumes to the compendium. The first volume, Executive Summary, provides a high-level overview of control structure, intended for the board of directors and executive management. The second volume, Framework & Appendices, establishes the framework for internal control and explores the five components and 17 principles supporting effective systems of internal control. The third volume, Illustrative Tools for Assessing Effectiveness of a System of Internal Control, provides templates and scenarios that may be useful in applying the framework. Specifically, this volume offers templates for evaluating the five internal control components over the 17 control principles, as well as a template for evaluating the severity of identified control deficiencies. The compendium also provides useful interpretive guidance and concrete examples on applying the concepts of the revised control framework.
Although the revised framework does not substantially alter widely accepted internal control concepts, organizations of all sizes should be aware of this guidance and the potential effect it will have on their company’s control structure. COSO acknowledges that smaller entities with less complex business models and organizational or legal structures may apply the prescribed control principles using different approaches than larger organizations, as circumstances dictate.
In the financial institutions environment, this documentation will be particularly useful to public companies and banks with more than $500 million in total assets, subject to FDICIA Part 363, as such entities require management attest to the design and operating effectiveness of internal controls on an annual basis.
The comment period on the three volumes of the compendium ends Tuesday, November 20, 2012. Release of the final documents is expected in the first quarter of 2013. For more information, contact your BKD advisor.