COSO IC Framework Revision Update

The COSO Advisory Committee met again earlier this month. At this meeting we covered the final pre-exposure draft of the Internal Control Integrated Framework and the first draft of the Guidance document over Internal Control over External Financial Reporting .

The Internal Control Integrated Framework exposure draft was released last week and is now open for comment.  You can access the exposure draft at  The document is lengthy, but it will be well worth your time.  Proper controls are critical to a well functioning organization and the framework update should help you ensure your organization has a proper control structure in place. 

You can submit comments in two ways.  Traditional letters will be accepted and published on the COSO website.  You will also be able to access an online tool to submit your comments.  All of the online comments will be summarized and published as a single document so there will be some level of anonymity if that is what you are looking for in submitting comments.  The comment period runs through March 31 so, while it is a busy time of year, you have plenty of time to get your comments in.

The second document the COSO Advisory Committee is working on is a guidance document on how to implement the Internal Control Integrated Framework over External Financial Reporting.  This document is based on the 2006 guidance document on implementing the Internal Control Framework over financial reporting for small entities, but now it will cover all sizes of companies. 

As the team reviewed the 2006 guidance we realized that even though the document was designed with small companies in mind, much of the guidance was applicable to entities of all sizes.  The major reason for this is that the guidance focuses on the entire Internal control process as well as the point of internal control which is managing risk.  The small versus large entity differences are most often highlighted in control activities which is often view by many CPAs as “internal control.”  The reality is that is only a part of an internal control system is composed of control activities.  Other critical components include Control Environment, Risk Assessment, Information and Communications and Monitoring Activities.

The guidance document will include a general guidance section as well as illustrative approaches and examples covering all five of the Internal Control Components.  As such it should just as useful to someone updating an entire Internal Control Process as to someone who wants to focus on just one area to make improvements.  The Guidance document will also be released for public exposure during the summer of 2012 with both documents being finalized by the end of the year. 

I often hear comments from people about how the FASB, SEC and now COSO are doing things that to them that don’t make sense.  This is your opportunity to make sure that doesn’t happen.  Get involved in the comment process.  Your comments will be reviewed and considered.  It’s the only way to make sure the best possible document comes out in the end.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s