The Committee of Sponsoring Organizations, the private sector group working to improve the financial reporting process, has issued a draft to help small filers comply with internal controls requirements on a cost-effective basis.
COSO's newly issued guidance outlines 26 fundamental principles associated with five components of internal control: control environment, risk assessment, control activities, information and communication; and monitoring.
The report defines each principle and lists examples that smaller companies can use to incorporate the principles, and includes case studies of how smaller companies have effectively applied the principles.
"Small companies have unique challenges regarding compliance with SOX 404 requirements," says Larry E. Rittenberg, Ph.D, CIA, CPA, COSO chairman and Ernst & Young Professor of Accounting at the University of Wisconsin. "The guidance provided by this new project is not intended to replace or modify the Control Framework, but rather it will demonstrate its broad applicability by providing concrete control examples that smaller businesses can use to achieve their financial reporting objectives."
Since the 2002 passage of Sarbanes-Oxley, public companies are required to annually assess their internal controls over financial reporting under the act's Section 404. Large filers were required to be in 404 compliance beginning in November 2004, while smaller companies were given a reprieve until 2007.
However, detractors have claimed that the costs of compliance to small business have been unfairly exorbitant.
"This is what smaller public companies need to help them comply with Section 404," said Chuck Landes, American Institute of CPAs vice president and COSO board member. "Regulators and others view COSO's framework as the standard to be followed by organizations implementing and evaluating internal control in compliance with the Sarbanes-Oxley Act. However, it is clear that smaller public companies need guidance in understanding the breadth, depth and value of COSO's framework."
The guidance, developed at the request of the Securities and Exchange Commission, was conducted by a task force led by Big Four firm PricewaterhouseCoopers.
The report is available at www.ic.coso.org.
COSO was formed in 1985 to make recommendations on how companies and auditors might identify and attack fraudulent financial reporting. The group consists of the AICPA, the American Accounting Association, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors.
