Internal Control - Integrated Framework - 20 Years Later
Almost 20 years ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), of which the AICPA is a member, produced the landmark Internal Control – Integrated Framework. With this published framework, COSO, an organization providing thought leadership and guidance on internal control, enterprise risk management and fraud deterrence, established a common internal control model against which companies and organizations may develop and assess their control systems. It became the world’s most widely used internal control framework.
But a lot has happened since 1992, such as the Internet! With advances in technology and business operations, the time was right for the framework to be updated so it could remain relevant and useful. In November 2010, COSO announced such a project. An online survey in January 2011 gleaned input from a broad audience. Last month COSO released the proposed updated Internal Control – Integrated Framework Exposure Draft to obtain input from the users of the framework and the general public. As a member of COSO, the AICPA has a representative on the COSO Board and a representative on the project’s Advisory Council.
Updated COSO Cube
You might be familiar with the COSO Cube, which represents a depiction of the COSO Internal Control – Integrated Framework. The good news is that the COSO Cube has proven the test of time and remains the same in terms of the definition of internal control and the five components of internal control (changed only in their positioning in the cube).
So what has changed? The updated and enhanced framework:
- Clarifies the application of the framework in today’s environment with the various business models, technology and related risks.
- Codifies criteria that can be used in the development and in evaluating the effectiveness of systems of internal control – making explicit 17 principles and attributes.
- Expands reporting objectives to support internal and non-financial reporting and operational and compliance objectives.
The COSO Board believes these updates will result in a more flexible, reliable and cost-effective approach to the design and evaluation of internal control systems for organizations looking to achieve operational, compliance and reporting objectives. The framework applies to all sizes and types of organizations: public companies, privately held companies, not-for-profits and governmental entities. I also want to emphasize that companies that currently have effective internal control systems will not experience additional responsibilities under the clarified framework.
Comments on the proposal are due March 31. AICPA members and other stakeholders are encouraged to review and provide feedback on the exposure draft. For more information on the COSO Internal Control – Integrated Framework Exposure Draft, visit aicpa.org/COSO. A free webinar being held jointly with The Institute of Internal Auditors for both organizations’ members will take place at 12:30 to 2 p.m. ET on Jan. 31.
Kayla Briggs, CPA, Senior Technical Manager – Business, Industry & Government, American Institute of CPAs. Kayla is responsible for providing information, tools and resources for internal controls, enterprise risk management and audit committee effectiveness that enable members practicing in business, industry, and government with tools and resources needed to move organizations forward.