Friday, March 5, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Enterprises Unprepared for New COSO Framework, Study Shows

by Timothy O'Hara
October 16, 2014
in Risk
Enterprises Unprepared for New COSO Framework, Study Shows

The new framework for risk management, internal control and fraud deterrence is changing, but a majority of organizations are not prepared.

A significant number of companies are still in transition when it comes to updating their internal control framework to manage risk, internal controls and fraud.

That’s according to the 2014 Sarbanes-Oxley Compliance Survey by the global consulting firm Protiviti. It found that 48 percent of respondents haven’t started to map the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 Internal Control–Integrated Framework. The new 2013 framework, released last year, was designed to help organizations implement internal controls in response to changes to business and operating environments since the issuance of the original framework in 1992.

The framework also broadens requirements for the application of internal controls, clarifying what constitutes an effective control. The process may seem daunting and the deadline is looming, but education and a reasonable transition plan is the answer.

“Interestingly, many companies – at least one in five, or more when considering ‘unsure’ responses – appear to be moving rather slowly to adopt the new COSO framework, even though it is recommended for fiscal year-end dates beginning on or after December 15, 2014,” Protiviti’s study reads.

While it’s not mandatory to adopt the COSO framework, the U.S. Securities and Exchange Commission (SEC) requires a “suitable framework” for public companies to comply with internal control of financial reporting. Companies are then required to assess and report annually on the design and operating effectiveness of their internal controls.  The COSO framework has been used by virtually every public company to achieve compliance.

So What’s New?

The framework hasn’t been updated since 1992, so the 2013 framework offers organizations a significant opportunity to make improvements. There are now 17 principles to leverage within the new framework, including models for data monitoring and reporting, IT controls and integrating the entire enterprise so departments and risk management efforts are not siloed.

In the past, most of the resources and attention by management and auditors have been focused on financial controls, such as approvals and reconciliation processes. While these remain very important, the industry has recognized there’s been some overkill here, and other areas at times (entity controls and IT controls) have been neglected. As a result, the 2013 COSO Framework steers organization to a more balanced approach in the allocation for resources and controls across finance, entity-level controls and IT.

The new emphasis on balanced coverage is the reason for the five mandatory components and 17 supporting principles.  There are also 87 suggested points of focus for companies to consider and customize in support of the five components and 17 principles. That’s compared to just five mandatory components in the 1992 framework.

The impact of increasing the number of mandatory topics to 17 will vary by organization depending on the size, industry and complexity. For those organizations who voluntarily adopted the 20 suggested principles from the COSO guidance released in 2006, the changes will be much easier. But regardless of whether a company followed the 2006 guidance, each enterprise must now show evidence that the new 17 mandatory principles are functioning as intended in support of the five original components in an integrated manner from the 1992 framework.

Choose not to follow the new framework, and you risk a comment letter from the SEC. That’s combined with not optimizing your internal control efficiency and effectiveness, putting your business at greater risk.

What’s Not Changing?

While there are plenty of changes being addressed with the implementation of the COSO 2013 Internal Control Framework, a few things haven’t changed. First, the core definition of what internal control is remains the same. Second, the three categories of objectives – operations, reporting and compliance – remain relatively unchanged, although the reporting category was expanded to internal and non-financial reporting objectives.

Third, the five components of internal control remain the same and are still required for effective control, just as it was in the 1992 framework. Those components include: control environment, risk assessment, control activities, information and communication and monitoring activities.

And finally, the important role of judgment in designing, implementing and conducting internal control evaluations cannot be over-emphasized. This human element in assessing effectiveness is exceptionally critical to any framework and is especially true for the 2013 COSO Framework.

The Clock is Ticking

The updated COSO 2013 Internal Control–Integrated Framework is not a magic potion, but many stakeholders fail to realize that their external auditors will take a closer look at entity-level controls through the 17 principles. This year, more than ever, there will be an emphasis on information technology and entity-level controls, rather than mostly on financial controls.

That means it’s time for a checkup. Are there any gaps in your transition plan and controls analysis? Do all the right people in the organization know about the December 15 deadline? And is your organization on track to complete the transition? The clock is ticking.

 


Tags: COSO
Previous Post

The Move to “New IT:” Driving Digital Innovation in Enterprise IT

Next Post

Ringo, Sir Paul and an Effective Compliance Program

Timothy O'Hara

backgroundTimothy O’Hara is an account executive, CPA and ICCS with Infogix, Inc., a pioneer in data integrity and analytics solutions that unites predictive analytics with comprehensive data controls and protection. As an advocate for his clients, Tim helps them maximize their return on investment through data integrity and data analytics solutions. These solutions improve the efficiency and effectiveness of their processes, information content and systems. His clients include Fortune 500 and mid-sized companies in various industries including telecommunications, media, government, financial services, manufacturing, retail, business services and consumer goods. The foundation of his experience is his CPA and ICCS Risk Certification where he mastered transaction processing (Order-To-Cash, Purchase-to-Pay, etc.), financial reporting, business information exchanges (B2B, B2C, B2G, G2G) and fraud. Tim used these skills, knowledge and his passion for helping people to enable his clients to transform their operations over time. Tim is continuing his learning in business analytics, social media, and forensic accounting. Tim received his B.S in Accounting from the University of Scranton. Tim has lectured and published articles on Big Data, Data Warehouse Testing and Monitoring, and Information Risk Audit and Control.  

Related Posts

blue road sign with arrow on black asphalt background

Dynamic Risk Governance: Linking Strategy and Risk Management

February 15, 2021
three red dice on green felt tabletop

The COVID Trio: 3 Top Risks from a Year of Upset

February 4, 2021
Deloitte: Global Risk Management Survey, 12th Edition

Deloitte: Global Risk Management Survey, 12th Edition

February 2, 2021
illustration of businessman holding giant shield to protect him from falling arrows

Is Your Risk Culture Aligned With the Realities of the Digital Age?

February 2, 2021
Next Post
Ringo, Sir Paul and an Effective Compliance Program

Ringo, Sir Paul and an Effective Compliance Program

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights