Santa's Gift from COSO
Richard Steinberg 270004HRBG email@example.com | | Tags:  erm coso | 0 Comments | 806 Visits
In case you were too busy watching your kids open their holiday presents you might have missed a “gift” for you – COSO’s updated internal control framework. During the holiday season the draft was exposed for public comment, so if you haven’t already done so, you might want to get your hands on it and tell COSO what you think, and how it might be further improved.
In looking over the draft you’ll see that the fundamental concepts and structure remain. The definition of internal control, the five components, and the COSO cube are unchanged. So are the three categories of objectives, except that the reporting category is expanded to include all reporting by an entity: financial and non-financial, internal and external. This brings the internal control framework in line with how the reporting category of objectives is defined in COSO’s Enterprise Risk Mana
Other enhancements include:
You’ll see the term “ICEFR” (pronounced ice-eh-fer), which is the acronym for internal control over external financial reporting. Because of the importance of the internal control framework for reporting under such requirements as Sarbanes-Oxley, COSO decided to offer a separate guidance document highlighting how the framework can be effectively applied for that purpose. It’s organized around the five internal control components, containing approaches for and examples of their application, with direct linkage to the principles and attributes in the framework. It’s important to keep in mind that the ICEFR guidance is just that, guidance; it will neither replace nor modify the framework. It will be exposed for comment later on this spring.
Well, it’s a case of speak now, or…. If you’re involved in any way with internal control, you’ll want to provide your input on the document. By the way, I’m biased in a positive way – for full disclosure, I was the lead PwC project partner of the team that developed the original Framework, played a similar role with the COSO ERM framework, and advised the project team that developed this updated framework. But you may have different views, and it’s important to make them known. The comment period ends March 31.