Lots of people say the new COSO framework for internal control isn’t substantively different than the old COSO framework we’ve all been using for 10 years to push our way through the annual financial audit and compliance with the Sarbanes-Oxley Act. And to a certain extent, I agree with those voices.
The COSO cube looks the same. The five elements of effective internal control are the same. The people who put their brainpower to work drafting the new COSO framework remember the howls of frustration when companies adopted the old framework circa 2004, and those people took great pain to ensure this new framework is both useful and relatively easy to implement. Nobody wanted another debacle like compliance officers of a certain age will remember from those first days of SOX.
