Coso Issues Updated Internal Control-Integrated Framework

4
 SEC ACCOUNTING AND AUDITING BRIEF COSO ISSUES UPDATED INTERNAL CONTROL-INTEGRATED FRAMEWORK Background Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) mandates that all publicly- registered companies must include with their audited annual financial statements a management report on the effectiveness of internal controls. Further, if a company is not a “smaller reporting company” it also must have its auditors provide an opinion on internal controls. When reporting on the effectiveness of internal controls, a public company must disclose the “framework” on which it assesses that effectiveness. Most companies use the framework promulgated by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Updated COSO Framework On May 14, 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published an update to its 1992 Internal Control–Integrated Framework  (original framework) and related illustrative documents. The goals of the update include:  Clarification of the requirements of effective internal control;  Update of the context for applying internal control to many changes in business and operating environments; and  Broadening its application by expanding the operations and reporting objectives Beginning with year-ends after December 15, 2014, the updated framework must be used. In this connection, COSO recommends that all organizations currently using the original framework should begin to align existing practices and related documentation to the updated framework as soon as feasible. In the meantime, the original framework can continue to be used during the transition, but the company must clearly disclose whether it utilized the original framework or the updated framework in its report on internal contr ol. The updated framework formalizes the fundamental concepts introduced in the original framework into 17 principles associated with the five components of internal control: Contact: New York, NY (downtown) 212.867.8000 New York, NY (midtown) 212.286.2600 Harrison, NY 914.381.8900 Stamford, CT 203.323.2400 Paramus, NJ 201.712.9800 New Windsor, NY 845.220.2400 Wethersfield, CT 860.257.1870 

Transcript of Coso Issues Updated Internal Control-Integrated Framework

7/27/2019 Coso Issues Updated Internal Control-Integrated Framework

http://slidepdf.com/reader/full/coso-issues-updated-internal-control-integrated-framework 1/4

 

SEC ACCOUNTING AND AUDITING BRIEF

COSO ISSUES UPDATED INTERNAL CONTROL-INTEGRATED

FRAMEWORK 

Background

Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) mandates that all publicly-

registered companies must include with their audited annual financial statements a

management report on the effectiveness of internal controls. Further, if a company

is not a “smaller reporting company” it also must have its auditors provide an

opinion on internal controls.

When reporting on the effectiveness of internal controls, a public company must

disclose the “framework” on which it assesses that effectiveness. Most companies

use the framework promulgated by the Committee of Sponsoring Organizations of 

the Treadway Commission (COSO).

Updated COSO Framework

On May 14, 2013, the Committee of Sponsoring Organizations of the Treadway

Commission (COSO) published an update to its 1992 Internal Control–Integrated

Framework (original framework) and related illustrative documents. The goals of 

the update include:

•  Clarification of the requirements of effective internal control;

•  Update of the context for applying internal control to many changes in

business and operating environments; and

•  Broadening its application by expanding the operations and reporting

objectives

Beginning with year-ends after December 15, 2014, the updated framework must be

used. In this connection, COSO recommends that all organizations currently using

the original framework should begin to align existing practices and related

documentation to the updated framework as soon as feasible. In the meantime, the

original framework can continue to be used during the transition, but the company

must clearly disclose whether it utilized the original framework or the updated

framework in its report on internal control.

The updated framework formalizes the fundamental concepts introduced in the

original framework into 17 principles associated with the five components of 

internal control:

Contact:

New York, NY

(downtown)

212.867.8000

New York, NY

(midtown)

212.286.2600

Harrison, NY

914.381.8900

Stamford, CT

203.323.2400

Paramus, NJ

201.712.9800

New Windsor, NY

845.220.2400

Wethersfield, CT

860.257.1870 

7/27/2019 Coso Issues Updated Internal Control-Integrated Framework

http://slidepdf.com/reader/full/coso-issues-updated-internal-control-integrated-framework 2/4

  Control Environment 

1)  The organization demonstrates a commitment to integrity and ethical

values.

2)  The board of directors demonstrates independence from management

and exercises oversight of the development and performance of 

internal control.3)  Management establishes, with board oversight, structures, reporting

lines, and appropriate authorities and responsibilities in the pursuit of 

objectives.

4)  The organization demonstrates a commitment to attract, develop, and

retain competent individuals in alignment with objectives.

5)  The organization holds individuals accountable for their internal control

responsibilities in pursuit of objectives.

Risk Assessment

6) 

The organization specifies objectives with sufficient clarity to enable the

identification and assessment of risks relating to objectives.

7)  The organization identifies risks to the achievement of its objectives

across the entity and analyzes risks as a basis for determining how the

risks should be managed.

8)  The organization considers the potential for fraud in assessing risks to

the achievement of objectives.

9)  The organization identifies and assesses changes that could significantly

impact the system of internal control.

Control Activities

10)  The organization selects and develops control activities that contribute

to the mitigation of risks to the achievement of objectives to acceptable

levels.

11)  The organization selects and develops general control activities over

technology to support the achievement of objectives.

12) The organization deploys control activities through policies that

establish what is expected and procedures that put policies into action.

Information and Communication

13) The organization obtains or generates and uses relevant, quality

information to support the functioning of internal control.

14)  The organization internally communicates information, including

objectives and responsibilities for internal control, necessary to support

the functioning of internal control.

15) The organization communicates with external parties regarding matters

affecting the functioning of internal control.

7/27/2019 Coso Issues Updated Internal Control-Integrated Framework

http://slidepdf.com/reader/full/coso-issues-updated-internal-control-integrated-framework 3/4

  Monitoring Activities 

16)  The organization selects, develops, and performs ongoing and/or

separate evaluations to ascertain whether the components of internal

control are present and functioning.

17) The organization evaluates and communicates internal control

deficiencies in a timely manner to those parties responsible for takingcorrective action, including senior management and the board of 

directors, as appropriate.

For public companies that currently apply the original framework for compliance

with Section 404 (a) or (b) of SOX, COSO has indicated that the updated framework

is not expected to fundamentally change an entity’s internal control over financial

reporting or related assessment process.

COSO recommends that senior management discuss with the board of directors its

plan to adopt the updated framework as soon as practical. The board of directors

should oversee management’s assessment of any implications of applying the

updated framework as well as its determination of appropriate actions. The original

framework will be considered to be superseded as of December 15, 2014. 

Further information is available on the COSO website at www.coso.org. 

A complimentary Executive Summary can be downloaded here. 

Please feel free to contact your PKF O’Connor Davies team if you have any questions

or concerns.

About Our Firm: 

PKF O'Connor Davies, a division of O’Connor Davies, LLP is a full service Certified Public Accounting and consulting

firm that has a long history of serving domestic and international clients and providing specialized professional

services of the highest quality. With roots tracing to 1891, seven offices located in New York, New Jersey and

Connecticut, and approximately 400 professionals including 70 partners, the Firm provides a complete range of 

accounting, auditing, tax and management advisory services. O'Connor Davies is ranked as number 36 in

 Accounting Today's 2013 list of the "Top 100 Firms" in the United States. The Firm is also within the 20 largest

accounting firms in the New York Metropolitan area according to Crain's New York Business and the Westchester 

and Fairfield County Business Journals. 

O'Connor Davies is a member firm of the PKF International network of legally independent member firms and does

not accept any responsibility or liability for the actions or inactions on the part of any other individual member firm

or firms.

IRS CIRCULAR 230 DISCLOSURE: To comply with IRS regulations, we are required to inform you that unless expressly

stated otherwise, any discussion of U.S. federal tax issues in this correspondence (including any attachments) is not

intended or written to be used, and cannot be used, (i) to avoid any penalties imposed by the Internal Revenue

Code, or (ii) to promote, market, or recommend to another party any transaction or matter addressed herein. Our

firm provides the information in this e-newsletter for general guidance only, and it does not constitute the provision

of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind.

The information provided herein should not be used as a substitute for consultation with professional tax,

accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult

a professional adviser who has been provided with all pertinent facts relevant to your particular situation.

7/27/2019 Coso Issues Updated Internal Control-Integrated Framework

http://slidepdf.com/reader/full/coso-issues-updated-internal-control-integrated-framework 4/4