The Committee of Sponsoring Organizations (COSO) has given final approval to the newly revised Internal Control – Integrated Framework: 2013, but companies will have to wait until May 14 to get a copy.
COSO spokesman Scott McCallum says the board has approved the final language of the framework update, but will spend the next several weeks producing it, preparing for distribution, and planning the communication strategy. When the final document is published in mid-May, the original framework will remain available and deemed appropriate for use through Dec. 15, 2014, giving companies plenty of time to transition.
When the final framework is published, it will include the Illustrative Tools for Assessing Effectiveness of a System of Internal Control, an addendum the board developed to help companies better understand how to assess the effectiveness of their controls. At the same time, COSO also plans to release Internal Control over Financial Reporting: A Compendium of Approaches and Examples, a companion piece meant to help companies apply the updated framework to meet their financial reporting objectives.
The total package is intended to update the original 1992 COSO framework, which most public companies rely on to demonstrate compliance with internal control reporting requirements under Sarbanes-Oxley. COSO says the updated framework and related tools should also help companies adapt to increasing complexity, keep up with the constant pace of change, mitigate risks to the achievement of control objectives, and provide reliable information for purposes of business decision-making.
COSO says it still has faith in the key concepts and principles of the existing framework, making it acceptable for use through a lengthy transition period into the end of 2014. “During that period, the board believes that application of its Internal Control- Integrated Framework that involves external reporting should clearly disclose whether the original or 2013 version was utilized,” COSO said in a statement.
COSO Chairman David Landsittel said in the statement the board arrived at the final framework after two-plus years of surveying, drafting, gathering comments and other feedback, then deliberating final language. “While our original internal control framework, published in 1992, has stood the test of time, we are confident that the update will bring added benefits to users,” he said.
Landsittel is due to retire soon after the updated framework is released after four years as chairman. COSO has not yet appointed a new chairman for the next three-year term, which begins June 1. COSO launched the project to update the framework under Landsittel's leadership in late 2010. The board heard plenty of suggestions through the comment process that the framework should be more closely tied to risk, perhaps even by integrating the control framework with COSO's separate Enterprise Risk Management framework, published in 2004. COSO said such integration or reconsideration of the risk framework was beyond the scope of the internal control framework update.