Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

SEC Drops New Hint: Update to New COSO Framework

Tammy Whitehouse | November 12, 2013

The Securities and Exchange Commission has offered another subtle hint that it expects companies to transition to the newly updated COSO framework for internal control if they are relying on the old framework to comply with internal control reporting requirements.

In a meeting of SEC staff members with the Center for Audit Quality's SEC Regulations Committee, SEC staff said they continue to defer to COSO's own remarks that the 1992 framework will be superseded by the 2013 framework after Dec. 15, 2014, and that companies that choose to remain under the old framework should disclose that fact. The recently released meeting summary also includes a forewarning: “The staff indicated the longer issuers continue to use the 1992 framework, the more likely they are to receive questions from the staff about whether the issuer's use of the 1992 framework satisfies the SEC's requirement for a suitable, recognized framework,” especially after the Dec. 15, 2014, transition date.

COSO, more formally known as the Committee of Sponsoring Organizations of the Treadway Commission, updated its Internal Control -- Integrated Framework and released the final version in May. Nearly all U.S. public companies rely on the 1992 framework to comply with internal control reporting requirements under Sarbanes-Oxley. COSO issued the framework in May to give companies plenty of time to review their control environment and update it as necessary to comply with the new framework by the end of 2014.

SEC Chief Accountant Paul Beswick said in a speech soon after the release that the staff would monitor the transition and determine whether any SEC action would be necessary or appropriate at some point in the future. He fell short of saying the staff firmly expected all companies to transition to the new framework, leading some to wonder whether they would be safe continuing to rely on the old framework. Beswick said only that the SEC staff would defer to the COSO board's determination that the old framework would, in essence, cease to exist after Dec. 15, 2014.

Experts who work with companies on internal controls say most companies are waiting until 2014 to begin  implementing the new framework. A recent survey by the Institute of Internal Auditors suggests internal auditors are not expecting significant challenge in transitioning to the new framework. More than 71 percent of internal audit executives at public companies said they they expect adoption of the new framework to be not significant or somewhat significant; only 22 percent said they expect implementation to be moderately or extremely significant.