The COSO Advisory Council met July 24 in Chicago to review the latest developments on the COSO Internal Control Integrated Framework update project. We reviewed updates to the Integrated Framework, the Approaches and Examples for Internal Control over External Financial Reporting document and the Assessment Tools document. All three documents will be available for review when the Approaches and Examples document is exposed for comments in September.
The COSO Board received considerable input on the Integrated Framework including 96 comment letters and over 100 submissions via the web questionnaire during the exposure period that ended in March. The Board has responded with many changes to address concerns raised in the exposure process. The 5 components and 17 principles will still exist, but the framework’s use of attributes will change (even the term attributes is being changed). There are many other changes as well that should make the framework even more useful and operational, but I don’t want to get ahead of myself. You will be able to see all of the changes for yourself in September.
Even though COSO is not a standard setter and the Internal Control Integrated Framework is not an official standard, working on the Advisory Council has given me a appreciation for what standard setters have to deal with. With the framework being used by 85% of public companies in the U.S. to comply with SOX 404b requirements, it has many commonalities with a standard. Comments ranged from too much was changed to not nearly enough was changed in the update. I expect the final product won’t make either of the extremes happy, but I am beginning to believe that is part of the standard setting process. If you balance the unhappiness of both sides, maybe that means you have struck the right balance in the final product.
You can decide for yourself if I am right and even let the COSO Board know your thoughts come November when comments on the Approaches and Examples for Internal Control over External Financial Reporting are due.
If you have kids you’ve probably heard the statement, “I can’t wait until I’m done with school and won’t have any homework any more.” I’m sure there are some of you in college thinking that once you are done your studies, you’ll get to do your 9-5 and then the rest of the time is yours. That will work if you want to be a staff accountant the rest of your life, but if you want to go further than that, it takes a little more than the simple 9-5.
According to my official time record, I was on vacation all of last week. Indeed, I didn’t set foot in the office and I did travel 870 miles with my family back to Athens to spend Thanksgiving with my Dad and my sister’s family. We had a great time eating turkey, watching football and going out at midnight to hit those early sales and pick up a few bargains. But having fun with the family wasn’t the only thing I did.
First off, I had two conference calls early in the week that I had to attend, including one, while I was in the middle of Mississippi on I-20. Fortunately, I didn’t have any follow up work from those calls. More time was spent reading two large exposure drafts. The first was the revised revenue recognition exposure draft from the FASB. At 218 pages, it took several hours to get through the document and list some initial thoughts about what works and what doesn’t. The second document was the preliminary draft of the Internal Control over External Financial Reporting guidance document.
The guidance document is the second of two documents that will be issued by COSO in the coming months. It’s a companion document to the revised Internal Control Integrated Framework which will be issued as an exposure draft in December. At 171 pages it was a shorter than the revenue recognition exposure draft, but it still took a long time to read considering I was providing editorial comments throughout the document as well.
Fortunately I made it through both documents, but as I looked up from my review and saw my daughter working on her U.S. History homework, I realized that the homework never really ends. It just changes form.
The COSO Advisory Council met for the fourth time last week. This meeting focused on the first full draft of the revised Internal Control Integrated Framework. Members of the Advisory Council received the draft for review in August and submitted comments to the PwC team that is leading the revision efforts. There were almost 1,400 comments submitted so I think it is safe to say that the Advisory Council and COSO Board are taking the revision very seriously. To set the stage of the public exposure period I want to let you know what is changing, but maybe more importantly what is not changing.
What is not changing:
- The definition of internal control
- The five components of internal control
- The criteria used to assess effectiveness of internal control; and
- The use of judgment in evaluating the effectiveness of systems of internal control
What is changing:
- Codification of the principles (17 Principles and 82 attributes) with universal application for use in developing and evaluating the effectiveness of internal control systems
- Expanding the financial reporting objective to address internal and external, financial and non-financial reporting
- Increasing the focus on operations, compliance and non-financial reporting objectives based on user input
- Updating the framework for changes in the business environment over the last 20 years.
It should also be noted that while the Internal Control Integrated Framework document will have a increased focus on non-financial reporting objectives, the COSO Board recognizes the importance of the framework for external financial reporting and is therefore planning to release a companion document on Internal Control for External Financial Reporting at the same time it releases the revised framework.
The current plan is to release the exposure draft for public comment on November 15 with and deadline for comments of January 31. I will keep you updated on when this very important exposure draft is released. The COSO Board and Advisory Council are looking forward to receiving your comments on this critical document that is an important building block for every company’s business processes.