The Committee of Sponsoring Organizations of the Treadway Commission, which provides guidance on internal control, enterprise risk management, and fraud deterrence, has issued a new article to help public companies make the transition to COSO’s recently updated internal control framework.
COSO released the long-awaited internal control framework last month in the first update since 1992 (see COSO Releases Updated Internal Control Framework). The new article explains how public companies can use the updated framework to comply with Section 404 of the U.S. Sarbanes-Oxley Act of 2002. The article outlines an example of one approach to transitioning to COSO’s 2013 Internal Control–Integrated Framework from the original framework published a decade before Sarbanes-Oxley was enacted by Congress.
“We’re very pleased to issue this very timely article that outlines a logical approach to transitioning to the 2013 Internal Control – Integrated Framework. It’s a practical ‘call to action’ for publicly traded companies that comply with Section 404 of Sarbanes-Oxley,” said COSO chair Bob Hirth, who began serving his three-year COSO chairman term on June 1 (see COSO Taps Hirth as New Chairman).
The article was written by J. Stephen McNally, CPA, a finance director and controller for Campbell Soup Company, under the direction of the COSO board. It discusses a five-step SOX 404 transition process including: (1) review and understanding of the recently released updated Framework publications and the changes as contrasted with the original framework, (2) conducting a preliminary impact assessment, (3) facilitating broad awareness, training and a more comprehensive assessment, (4) developing and executing a COSO transition plan and (5) driving continuous improvement.
“In the spirit of continuous improvement, you should periodically re-assess your company’s system of internal control over external financial reporting to identify opportunities to improve its efficiency and effectiveness,” said McNally. “Leveraging COSO’s 2013 Framework is an effective way to do so.”
Along with the updated Framework issued on May 14, COSO has also issued the Illustrative Tools for Assessing Effectiveness of a System of Internal Control and the Internal Control over External Financial Reporting (ICEFR): A Compendium of Approaches and Examples. The ICEFR Compendium is particularly relevant to those who are required to report under Section 404.
A member of the COSO Advisory Council, McNally has contributed thoughts and insights into the revised Framework over the past two years. His article will also appear in the June issue of Strategic Finance magazine, which is published by the Institute of Management Accountants, a COSO sponsoring organization.
COSO said it believes that users should transition their applications and related documentation to the updated Framework as soon as is feasible under their particular circumstances. As previously announced, COSO will continue to make available its original Framework during the transition period extending to Dec. 15, 2014, after which time COSO will consider it as superseded by the 2013 edition. During the transition period (May 14, 2013 to Dec. 15, 2014) the COSO board believes that organizations reporting externally should clearly disclose whether the original Framework or the updated Framework was utilized.
The Securities and Exchange Commission’s Office of the Chief Accountant has shown interest in the new framework. During a speech last week at the 32nd Annual SEC and Financial Reporting Institute Conference, SEC chief accountant Paul Beswick discussed COSO’s updated framework.
“I understand that COSO intends to supersede their 1992 Framework as of Dec. 15, 2014, and we expect there will be questions about whether the SEC will provide management with any transition or implementation guidance to change from the existing framework to the new framework,” he said. “COSO has publicly stated its belief that ‘users should transition their applications and related documentation to the updated Framework as soon as is feasible under their particular circumstances’ and that ‘the key concepts and principles embedded in the original framework are fundamentally sound and broadly accepted in the marketplace, and accordingly, continued use of the 1992 framework during the transition period (May 14, 2013 to Dec. 15, 2014) is acceptable.’ COSO further explained, ‘the COSO Board’s goal in updating the original Framework has been to reflect changes in the business and operating environments, to formalize more explicitly the principles embedded in the original framework that facilitate development of effective internal control and assessment of its effectiveness, and to increase the ease of use when applied to an entity objective.’
“SEC staff plans to monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or Commission actions become necessary or appropriate at some point in the future,” Beswick added. “However, at this time, I’ll simply refer users of the COSO framework to the statements COSO has made about their new framework and their thoughts about transition.”