All COSO articles – Page 2

  • Article

    Has the time arrived for a corporate overhaul of ERM?


    Corporate approaches to risk management are not keeping pace with the velocity and complexity of risk in today’s business environment. Is it time for an ERM refresh?

  • Article

    7 reasons to study COSO’s new Fraud Risk Management Guide


    COSO’s new fraud guide is not mandatory but, says Tammy Whitehouse, public companies would be wise to study and consider it anyway because it could eventually become a requirement.

  • Blog

    COSO issues new fraud risk management guide


    COSO, author of the most widely accepted internal control framework in the United States has released a new guide meant to help companies beef up their fraud risk management. More from Tammy Whitehouse.

  • AuditTechBackground

    CAQ: Audit’s role in cyber-security exams


    Public company auditors are suggesting that companies voluntarily submit to an independent cyber-security examination separate from the existing financial statement audit. Tammy Whitehouse explores a new process for examining and reporting on a company’s cyber-security risk management.

  • Blog

    COSO offers up new ERM framework for review


    The Committee of Sponsoring Organizations of the Treadway Commission, or COSO, has unveiled a proposed redraft of its 2004 ERM framework. “We wanted to create a more robust focus on risk in the strategic planning process,” says PwC Partner Dennis Chesley, a lead partner for the revision project. Tammy Whitehouse ...

  • Article

    How internal audit can help drive corporate culture


    Traditional notions of audit are focused on verifying quantified data, but can audit provide that same benefit in the ether space of business, verifying the presence or absence of intangible characteristics? The internal audit profession is starting to believe it is possible, and its leaders are calling on audit executives ...

  • Blog

    COSO ERM update will seek to elevate risk discussions


    Image: When COSO unveils the draft update to its Enterprise Risk Management framework (possibly by late April), it will propose companies take risk considerations to the highest level in an entity’s strategy-setting and decision-making processes. The framework update exercise is expected to advance the idea, says COSO Chairman Robert Hirth, ...

  • Blog

    COSO Announces Internal Control Certificate Program


    The Committee of Sponsoring Organizations of the Treadway Commission is offering an Internal Control Certificate Program that offers financial professionals, including internal auditors and CPAs, the opportunity to earn a professional certificate in the 2013 COSO Internal Control-Integrated Framework. The course includes self-paced learning, a hands-on workshop, and an online ...

  • Article

    Cloud Security Is a Challenge for Users and Providers


    As more cloud storage providers evolve from consumer-based products to enterprise-grade services, compliance challenges are evolving along with them. Before entering into a service contract, companies must determine whether their data will be safe and all is in compliance with a growing list of regulations and security frameworks. The added ...

  • Blog

    COSO Expects First-Quarter Release of ERM Update Draft


    Image: COSO expects to publish a draft of its Enterprise Risk Management Integrated Framework in the first quarter of 2016. First released more than a decade ago, COSO opted to make updates in light of modern business conventions and practices. COSO Chairman Bob Hirth says, “It will be ...

  • Article

    Frustrating Risk With the Right Internal Control Framework


    Image: As cyber-security and IT controls rise up the priority list in corporate audits, a new wrinkle is emerging: numerous frameworks (COSO, NIST, CoBIT) used by numerous parties, all trying to build effective control systems. That could lead to painful detours in mapping controls, if compliance executives don’t plan carefully. ...

  • Blog

    Mid-Year Look at Corporate Compliance in 2015


    Image: Six months ago Compliance Week Editor Matt Kelly picked six events to watch in corporate compliance for 2015: political risk, Republican activism, confusion over revenue recognition, and more. With the year half over—and in the interests of holding people accountable, including Compliance Week editors—now seems a good time to ...

  • Article

    Smaller Companies Struggle Forward on SOX Compliance, System Investments


    More grist for smaller reporting companies unhappy with your compliance burdens: A new report finds that although all businesses continue to invest in SOX compliance, smaller companies still report less benefit from the effort. Inside, we look at which parts of compliance are most troublesome for small filers (“If they ...

  • Article

    COSO Implementation Gets Gritty


    Whether you adopted the new COSO framework for internal control last year or stalled into 2015, a chorus of voices say now is the time for implementation (or even polishing last year’s implementation) once and for all. “This year is the time to adopt,” says KPMG partner David Middendorf. Inside, ...

  • Blog

    Compliance Leaders Like Three Lines of Defense


    Image: At Compliance Week’s annual conference this week, Jose Tabuena, chief compliance officer for NextHealth, advocated for the three lines of defense model. “I’ve worked with the accounting firms and those working with the COSO framework, and I find three lines of defense easier to explain,” he said. “The board ...

  • Blog

    Report: Majority Adopt New COSO Framework


    With more than 3,000 filings collected through early April, three-fourths of publicly traded companies have disclosed that they have adopted the 2013 COSO internal control framework, with the rest either remaining on the 1992 framework or not disclosing what framework they followed, according to a study published by Protiviti.

  • Blog

    The Logic Behind COSO’s ERM Framework Update


    Even as compliance officers are still digesting the updated COSO framework for internal controls, COSO has set its sights on what’s next: an update to its enterprise risk management framework, likely to arrive sometime in 2016 or so. Why ERM? Why now? Inside, Compliance Week columnist Rick Steinberg walks us ...

  • Article

    Smarter Assessments of Cyber-Risk


    Image: Every compliance and audit executive wants to manage cyber-security risks. That assumes, however, that the whole organization agrees on what a cyber-security risk is. Taxonomies do exist to build a more disciplined approach to cyber-security. Try to take all steps to manage all such risks, and “it’s going to ...

  • Article

    COSO Tacks Toward Cyber-Security


    As cyber-security works its way onto the corporate board agenda, COSO is suggesting ways that its frameworks for internal control and risk management can be a starting point for companies to anticipate fast-emerging risks. “Just as the board is responsible for enterprise risk management, this is very similar,” says Mike ...

  • Blog

    Poll Finds Uncertainty on COSO, Revenue Recognition


    Up to one-third of companies may not be implementing the new COSO framework for their 2014 financial reporting, and one-fourth don’t know when they will implement the framework.