Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

COSO Finalizes New Internal Control Framework

Tammy Whitehouse | May 14, 2013

COSO has published the final version of its newly revised internal control framework, along with two additional resources, which should set public companies in motion to fully review their internal controls to assure they reflect the latest guidance.

The Committee of Sponsoring Organizations of the Treadway Commission has updated its Internal Control-Integrated Framework to reflect changes in business and operating environments in the past two decades. The 1992 framework was overhauled by the COSO board with the help of PwC to help organizations update the design and implementation of internal controls based on modern business conventions. The COSO board also means for the update to broaden the application of internal control in addressing operations and reporting objectives, and to clarify the requirements for determining what constitutes effective internal control.

In addition to the updated internal control framework, COSO also finalized and published two companion documents that are available for purchase with the updated framework. The Illustrative Tools for Assessing Effectiveness of a System of Internal Control is intended to help companies assess whether their particular system of internal control meets the requirements of the updated internal control framework. The second document, Internal Control over External Financial Reporting: A compendium of Approaches and Examples, provides some examples that are especially pertinent to public companies because they prepare financial statements for external reporting purposes.

COSO Chairman David Landsittel says the board chose to update the framework for three fundamental reasons. “The context of business compared with what we have today has changed significantly,” he says. “Business models have become more complex. We have more outsourcing, more joint ventures, and these kinds of things affect controls.” Governance expectations have increased, he says, especially for boards of directors, audit committees, and compensation committees, so the framework needed to be updated to reflect those newer demands. Finally, technology has changed drastically. “We may have had Internet and e-mail in 1992 but not like they are used today,” he says. “Plus we have mobile technology and cell phones, and they all impact controls.”

COSO's framework is the most widely used means of assuring compliance with Sarbanes-Oxley requirements to maintain an effective system of internal control over financial reporting, even endorsed by the Securities and Exchange Commission. The board spent more than two years drafting the updated framework and taking in feedback and comments before finalizing it.

The COSO board says it believes users should transition their applications and related documentation to reliance on the new framework as soon as possible. To facilitate transition, COSO says it will continue to make the old framework available for use through Dec. 15, 2014. However, the board says all organizations should clearly disclose which framework they are relying on in any external reporting. After Dec. 15, 2014, COSO will regard the old framework as obsolete. The new framework also supersedes COSO's internal control framework targeted specifically to smaller companies on the same date.