Despite calls for integration, the update to the COSO internal control framework will not include any effort to fold in the concepts of COSO's Enterprise Risk Management framework.
Marie Hollein, president and CEO of Financial Executives International, said the COSO board has considered and dismissed the idea of integrating COSO's ERM framework into its Internal Control -- Integrated Framework as part of its current project to update the 20-year-old framework. Speaking at Compliance Week 2012 this week, Hollein said the scope of the project doesn't permit the board to consider integration at this time. “It would take much longer to do it,” she said. “We may in the future. It's just that at this time, we made a determination to not.”
Hollein is a member of the COSO board that is undertaking a refresh of the internal control framework that is widely accepted in the United States for achieving compliance with Sarbanes-Oxley. The board published a proposed update in December and accepted comments and feedback through March. Hollein said the board is distilling the feedback to determine what further changes should be made before finalizing the updated framework in the first quarter of 2013. Although the comment period is officially closed, Hollein said the board is still open to further feedback as it considers its next moves.
The board will not, however, make any move toward integrating its ERM framework, published in 2004, with the internal control framework, as suggested in some comment letters. The Institute of Internal Auditors, a member of COSO with its president and CEO Richard Chambers seated on the COSO board, called on the board to consider more integration of risk principles into the internal control framework. Hollein said the board hasn't entirely dismissed the idea, even if it is beyond the scope of its current update project. “It is still up for whether we should consider (integrating the frameworks),” she said.