All COSO articles – Page 3

  • Blog

    COSO Relates Frameworks to Cyber Risks


    COSO is urging companies to look at its framework with not just financial controls in mind, but cyber-security as well. A paper from the Committee details how the five components of internal control apply to the assessment of cyber-risks, with discussion on how the principles underlying the risk assessment, control ...

  • Blog

    Six Compliance Events to Watch in 2015


    Image: Welcome back! Before everyone returns to the raw thrill of audit committee meetings, internal control testing, e-discovery requests, and vendor proposals for GRC software upgrades, let’s take a moment to contemplate what lies ahead for compliance, risk, and audit executives in 2015. Editor Matt Kelly has his top picks ...

  • Blog

    Another Step Forward in Tackling Cyber-Security Risk


    Image: Dec. 31—COSO’s Internal Control — Integrated Framework talks a good game about being useful beyond financial reporting risks, but Compliance Week Editor Matt Kelly has always wondered how that works in practice. Then came a nifty piece of guidance: a taxonomy of operational risks in cyber-security, published by the ...

  • Article

    More Hints on Putting New COSO to Work


    It’s official: The SEC will not roast companies over an open flame if they continue to use the old COSO framework for internal controls into 2015. That said, SEC staffers also warned at the annual AICPA conference last week that their largesse will not last long, and a bevy of ...

  • Blog

    Janus, COSO, FCPA Compliance and Enforcement


    The U.S. Sentencing Guidelines have long been one path to kinder treatment from the Justice Department for FCPA violations. On the civil side enforced by the SEC, something similar may be emerging: the COSO 2013 framework for effective internal control. How different are those two paths? Not as much as ...

  • Blog

    IT Experts Offer Updated Guidance on IT Controls


    Image: Companies struggling with information technology controls may gain tips from ISACA’s new guidance on scoping and assessment ideas for IT-related aspects of the COSO framework. “This latest guide will help professionals align with these changes in the industry,” said Ken Vander Wal, former ISACA president.

  • Documentation

    Are Auditors Making Unnecessary Demands on Internal Control Documentation?


    As many companies finish work on a new framework for internal controls, a small number of them are starting to question their external auditors’ documentation requirements and are considering pushing back. Lillian Barlett, vice president of risk management and internal audit at SunOpta, for example, says the documentation requests are ...

  • Article

    COSO Framework Has Applications Beyond Financial Reporting


    Image: As companies put the finishing touches on the adoption of the updated framework for internal controls, many are realizing that there are hidden benefits to the work. Audit experts say there are several other areas where elements of the updated COSO framework can apply, such as divisional reporting, customer ...

  • Article

    All Eyes on Internal Controls as Year-End Close Approaches


    Image: Title: DurbinAs companies begin preparing for the year-end close, audit experts are warning them to take these final months of the year to check documentation. The Public Company Accounting Oversight Board is pressuring audit firms to scrutinize internal controls and other areas, and that scrutiny is likely to trickle ...

  • Article

    Bridging the Divide Between COSO Frameworks Old and New.


    As companies work to implement the updated COSO internal controls framework, they are hearing a common refrain: “mind the gap.” That would be the gap between internal controls under the old framework and the added elements of the new one. Companies aren’t just closing that gap, though; they are also ...

  • Article

    Buying Time on COSO’s Internal Control Framework Update.


    With no explicit regulatory mandate to adopt the recently revised internal control framework by the end of 2014, companies sweating the sunset of the old framework are starting to ask: “Can we take another year to work on this?” Ever so cautiously, auditors are starting to say: “Sure. Just disclose ...