Now that COSO has completed the update of its widely used internal control framework, it’s time for companies to lay it out against their existing systems of internal control and determine where control changes might be in order.
COSO has published a final overhauled version of its Internal Control—Integrated Framework, giving public companies a new foundation for how to establish internal controls over financial reporting that will pass muster with auditors and the Securities and Exchange Commission. The 1992 framework has long served as the means most accepted by the SEC for achieving compliance with Sarbanes-Oxley Act Section 404 reporting requirements, but COSO’s board saw a need to update the framework to reflect two decades of changes in business and technology.
