Update (10/6/2013) — A quick follow-up to this post: Anyone interested in more information can catch me on a live FEI webcast on October 17, during which I’ll discuss the COSO control environment – here’s a link for details: bit.ly/1aFYKpU
Following up on my June 26 post about the 2013 COSO Internal Control – Integrated Framework, Protiviti has published a second edition of our guide, The Updated COSO Internal Control Framework: Frequently Asked Questions. Our new edition includes more than a dozen new questions as well as updates to existing answers.
This guide addresses various questions about the New Framework, including the reasons why it was updated; what has changed; the process for transitioning to its use; and steps companies should take now.
Additional commentary in the second edition includes, but isn’t limited to, the following:
– The SEC’s position on transitioning to the New Framework
– When to apply the New Framework for purposes of complying with Section 302 of
– If the 2013 New Framework will affect the way companies evaluate their controls over technology
– The level of effort required to map the 17 principles to the existing controls
– What to communicate to the audit committee
Along with our updated COSO FAQ guide, I also invite you to view our recorded webinar, on which current COSO Chair Bob Hirth (whom I’ve been proud to call a colleague and friend for more than 35 years), Protiviti Managing Director Keith Kawashima and me discuss key challenges and address numerous questions being raised about implementing the New Framework. We asked the participants in advance to share their questions to ensure we were focusing on what people wanted to know. With respect to questions we received during the webinar that we didn’t have time to address on the air, we sent written responses to the individuals raising the questions. While we covered a lot of ground, there is more to come in subsequent webinars we will be conducting.
As we’ve been communicating to our clients and the market over the past few months, COSO’s New Framework is an important development, as it facilitates efforts by organizations to develop cost-effective systems of internal control to achieve critical business objectives and sustain and improve performance. It also supports organizations as they adapt to the increasing complexity and pace of a changing business environment, manage risks to acceptable levels and improve the reliability of information for decision-making.
Companies using the 1992 framework for Sarbanes-Oxley compliance and other purposes should familiarize themselves with the New Framework and companion materials, determine their transition plan, and communicate to the appropriate stakeholders the release of the New Framework and its implications to the organization. For interested parties, the New Framework is available at http://www.coso.org.