On May 14, 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued its final revised “Framework” for internal control reporting. Many accountants and other readers may raise the question, who is COSO and what do they do? Yes, accountants are quite familiar with guidance issued by the Financial Accounting Standards Board (FASB), the Securities and Exchange Commission (SEC), and other standard-setters, but COSO is not a standard-setter. So, this latest version of the COSO Framework arguably is a “sleeper” when it comes to guidance that may affect accountants.
This article is an update to my prior blog article, “Internal Controls—An Updated Framework Coming.” That article discusses the background of COSO and what they do, together with an explanation of good internal accounting controls.
Because COSO’s 1992 Framework is widely accepted throughout the world and used by many companies large and small, both public and private, to design and test their internal control structure, any change to the Framework has the potential to have far-reaching effects. The SEC is among those that accept the COSO Framework for evaluation and reporting on internal control.
The Updated COSO Framework
The updated COSO Framework consists of three parts plus an “executive summary,” as follows:
Internal Control—Integrated Framework
Internal Control—Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Internal Control—Integrated Framework, Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
Internal Control—Integrated Framework, Executive Summary.
COSO states that its enhanced Framework is not intended to alter the core principles first developed in 1992, but rather to facilitate more robust discussion of internal control. Certain concepts and guidance in the Framework were refined to reflect the evolution of the operating environment and changed expectations of regulators and other stakeholders. COSO believes the Framework has been enhanced by expanding the financial reporting category of objectives to include other important forms of reporting such as nonfinancial and internal reporting.
The Framework has also been updated to give effect to many changes over the years in the business and operating environments including:
Expectations for governance oversight.
Globalization of markets and operations.
Increased complexity of business.
Demands and complexities in laws, rules, regulations, and standards.
Expectations for competencies and accountabilities.
Technological changes, particularly in light of the Internet.
Expectations relating to preventing and detecting fraud.
Planning for the Revised Framework
A company that follows the COSO Framework should begin to study and compare the revised Framework with the existing 1992 Framework. This is not a simple task, and will likely require a dedicated team. A timeframe needs to be set to get all parties, including the external auditors and the audit committee, comfortable with the new Framework and possible changes or refinements to the company’s internal controls.
The revised Framework does not specify an “effective date,” which begs the question, “When do I need to comply?” This question was recently addressed by Paul A. Beswick, chief accountant at the SEC, in a speech on May 30, 2013:
I understand that COSO intends to supersede their 1992 Framework as of December 15, 2014, and we expect there will be questions about whether the SEC will provide management with any transition or implementation guidance to change from the existing framework to the new framework. COSO has publicly stated its belief that “users should transition their applications and related documentation to the updated Framework as soon as is feasible under their particular circumstances” and that “the key concepts and principles embedded in the original framework are fundamentally sound and broadly accepted in the marketplace, and accordingly, continued use of the 1992 framework during the transition period (May 14, 2013 to December 15, 2014) is acceptable.” COSO further explained “the COSO Board’s goal in updating the original Framework has been to reflect changes in the business and operating environments, to formalize more explicitly the principles embedded in the original framework that facilitate development of effective internal control and assessment of its effectiveness, and to increase the ease of use when applied to an entity objective.”
SEC staff plans to monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or Commission actions become necessary or appropriate at some point in the future. However, at this time, I’ll simply refer users of the COSO framework to the statements COSO has made about their new framework and their thoughts about transition.
Public companies and their auditors should also be alert for any guidance on the updated Framework from the Public Company Accounting Oversight Board (PCAOB), which sets auditing standards in the United States applicable to public companies. Whether the PCAOB will issue any guidance or provide informal views on the new COSO Framework is unknown. Either way, accountants must reserve some time for grasping the revised Framework.
Separately, accountants must also begin to prepare to study and implement the forthcoming new FASB revenue recognition standard. That new standard, arguably the most significant accounting rule change in the last 25 years, is due to be issued later in 2013, with a scheduled effective date of 2017.
Complicating matters further, is a pending change by the FASB on how companies should account for leasing transactions. The FASB issued its second proposal, as discussed in my prior blog article, “A Further FASB/IASB proposal to ‘Fix’ Lease Accounting,” but a finalization date has not been established.
About the Author
Ron Pippin is an experienced CPA based in Wheaton, IL. His 40 plus year career includes being an audit partner in Arthur Andersen, a member of Andersen’s Professional Standards Group (“national office”) in Chicago, the Director of Financial Reporting for a Fortune 50 company and most recently, the editorial director of CCH’s Accounting Research Manager. Currently, Ron does independent writing and analysis together with accounting consultation on a variety of topics.