No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Enterprises Unprepared for New COSO Framework, Study Shows

by Timothy O'Hara
October 16, 2014
in Risk
Enterprises Unprepared for New COSO Framework, Study Shows

The new framework for risk management, internal control and fraud deterrence is changing, but a majority of organizations are not prepared.

A significant number of companies are still in transition when it comes to updating their internal control framework to manage risk, internal controls and fraud.

That’s according to the 2014 Sarbanes-Oxley Compliance Survey by the global consulting firm Protiviti. It found that 48 percent of respondents haven’t started to map the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 Internal Control–Integrated Framework. The new 2013 framework, released last year, was designed to help organizations implement internal controls in response to changes to business and operating environments since the issuance of the original framework in 1992.

The framework also broadens requirements for the application of internal controls, clarifying what constitutes an effective control. The process may seem daunting and the deadline is looming, but education and a reasonable transition plan is the answer.

“Interestingly, many companies – at least one in five, or more when considering ‘unsure’ responses – appear to be moving rather slowly to adopt the new COSO framework, even though it is recommended for fiscal year-end dates beginning on or after December 15, 2014,” Protiviti’s study reads.

While it’s not mandatory to adopt the COSO framework, the U.S. Securities and Exchange Commission (SEC) requires a “suitable framework” for public companies to comply with internal control of financial reporting. Companies are then required to assess and report annually on the design and operating effectiveness of their internal controls.  The COSO framework has been used by virtually every public company to achieve compliance.

So What’s New?

The framework hasn’t been updated since 1992, so the 2013 framework offers organizations a significant opportunity to make improvements. There are now 17 principles to leverage within the new framework, including models for data monitoring and reporting, IT controls and integrating the entire enterprise so departments and risk management efforts are not siloed.

In the past, most of the resources and attention by management and auditors have been focused on financial controls, such as approvals and reconciliation processes. While these remain very important, the industry has recognized there’s been some overkill here, and other areas at times (entity controls and IT controls) have been neglected. As a result, the 2013 COSO Framework steers organization to a more balanced approach in the allocation for resources and controls across finance, entity-level controls and IT.

The new emphasis on balanced coverage is the reason for the five mandatory components and 17 supporting principles.  There are also 87 suggested points of focus for companies to consider and customize in support of the five components and 17 principles. That’s compared to just five mandatory components in the 1992 framework.

The impact of increasing the number of mandatory topics to 17 will vary by organization depending on the size, industry and complexity. For those organizations who voluntarily adopted the 20 suggested principles from the COSO guidance released in 2006, the changes will be much easier. But regardless of whether a company followed the 2006 guidance, each enterprise must now show evidence that the new 17 mandatory principles are functioning as intended in support of the five original components in an integrated manner from the 1992 framework.

Choose not to follow the new framework, and you risk a comment letter from the SEC. That’s combined with not optimizing your internal control efficiency and effectiveness, putting your business at greater risk.

What’s Not Changing?

While there are plenty of changes being addressed with the implementation of the COSO 2013 Internal Control Framework, a few things haven’t changed. First, the core definition of what internal control is remains the same. Second, the three categories of objectives – operations, reporting and compliance – remain relatively unchanged, although the reporting category was expanded to internal and non-financial reporting objectives.

Third, the five components of internal control remain the same and are still required for effective control, just as it was in the 1992 framework. Those components include: control environment, risk assessment, control activities, information and communication and monitoring activities.

And finally, the important role of judgment in designing, implementing and conducting internal control evaluations cannot be over-emphasized. This human element in assessing effectiveness is exceptionally critical to any framework and is especially true for the 2013 COSO Framework.

The Clock is Ticking

The updated COSO 2013 Internal Control–Integrated Framework is not a magic potion, but many stakeholders fail to realize that their external auditors will take a closer look at entity-level controls through the 17 principles. This year, more than ever, there will be an emphasis on information technology and entity-level controls, rather than mostly on financial controls.

That means it’s time for a checkup. Are there any gaps in your transition plan and controls analysis? Do all the right people in the organization know about the December 15 deadline? And is your organization on track to complete the transition? The clock is ticking.

 


Tags: COSO
Previous Post

The Move to “New IT:” Driving Digital Innovation in Enterprise IT

Next Post

Ringo, Sir Paul and an Effective Compliance Program

Timothy O'Hara

Timothy O'Hara

backgroundTimothy O’Hara is an account executive, CPA and ICCS with Infogix, Inc., a pioneer in data integrity and analytics solutions that unites predictive analytics with comprehensive data controls and protection. As an advocate for his clients, Tim helps them maximize their return on investment through data integrity and data analytics solutions. These solutions improve the efficiency and effectiveness of their processes, information content and systems. His clients include Fortune 500 and mid-sized companies in various industries including telecommunications, media, government, financial services, manufacturing, retail, business services and consumer goods. The foundation of his experience is his CPA and ICCS Risk Certification where he mastered transaction processing (Order-To-Cash, Purchase-to-Pay, etc.), financial reporting, business information exchanges (B2B, B2C, B2G, G2G) and fraud. Tim used these skills, knowledge and his passion for helping people to enable his clients to transform their operations over time. Tim is continuing his learning in business analytics, social media, and forensic accounting. Tim received his B.S in Accounting from the University of Scranton. Tim has lectured and published articles on Big Data, Data Warehouse Testing and Monitoring, and Information Risk Audit and Control.  

Related Posts

man on tablet with cloud

COSO Releases New Guidance: Enterprise Risk Management for Cloud Computing

by Corporate Compliance Insights
July 28, 2021

Lake Mary, FL (July 28, 2021) – With increased need for more remote and flexible work environments as a result...

businessman jumping between increasingly taller stacks of coins

The Board-Management Risk Appetite Dialogue

by Jim DeLoach
December 17, 2019

Considering unpredictable markets, myriad uncertainties and unprecedented market opportunities, how should the board and executives engage with respect to the...

illustration of scattered financial reports on green background

Financial Reporting Control Considerations

by Ron Kral
September 18, 2019

Ron Kral espouses the benefits of a well-designed system for financial reporting controls and provides five ways organizations can improve...

illuminated light bulb with brain inside, in businessman's hands

A Cognitive Risk Framework for the 4th Industrial Revolution

by James Bone
June 10, 2019

As we move into the 4th Industrial Revolution (4IR), risk management is poised to undergo a significant shift. James Bone...

Next Post
Ringo, Sir Paul and an Effective Compliance Program

Ringo, Sir Paul and an Effective Compliance Program

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT