Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

COSO Paper Plugs Framework Use Beyond Compliance

Tammy Whitehouse | February 11, 2014

COSO is trying to spread the word that its frameworks are good for more than just the internal controls and risk management that their titles suggest they were meant to address.

In a new paper authored by two risk and control experts, COSO says its frameworks can be used in tandem to improve overall organizational performance and governance, putting companies on a path to greater achievement of business objectives over the long term. “The paper relates the two frameworks and components of the two frameworks -- internal control and risk -- and shows how they enable sustainable business success,” says co-author Jeffrey Thomson, president and CEO of the Institute of Management Accountants and a past board member for COSO, more formally known as the Committee of Sponsoring Organizations of the Treadway Commission.

The two frameworks in questions are COSO's Internal Control – Integrated Framework, which COSO recently freshened up after 20 years in the market, and COSO's Enterprise Risk Management – Integrated Framework, published in 2004. The internal control framework is considered the most widely accepted framework in the United States for use in achieving and assuring compliance with internal control reporting requirements under Sarbanes-Oxley. When COSO published the updated framework it pointed out the framework can be applied to control over any business process, not financial reporting as it is so commonly used. The ERM framework is meant to serve as a blueprint for helping organizations ensure effective controls and proficient risk management.

The new thought paper outlines a holistic approach to relating the two separate frameworks to governance, strategy setting, and management processes. “Some might say internal control is important for compliance, but that's a narrow view,” says Thomson. “Some might say it's important for attestation or SOX purposes, and that's an even narrower view. We've tried to broaden the discussion.”

The paper explains the two frameworks in the context of a typical leadership approach to governing and managing a successful organization. Any organization is designed to achieve stated objectives, to develop strategies for achieving them, identify risks to achieving them, and mitigate those risks. The paper explains the link between the two frameworks and how they can help an organization effectively navigate those steps to achieve its objectives.

Co-author Jim DeLoach, a managing director at Protiviti, says through a statement the purpose for writing the paper was to relate the COSO frameworks to an overall business model and explain how the key elements of each framework contribute to long-term success. The frameworks use common risk-focused language, facilitating effective communication, he says. “The enhanced dialogue from implementing the frameworks can lead to strengthening organizations in significant ways as they serve their mission, stakeholders, and society,” he says.