Changes to COSO Internal Control framework

Home/SOX/Changes to COSO Internal Control framework

In previous articles on the Edelkoort Smethurst Schein CPA’s LLP web-site, the evolution of internal controls has been discussed in detail. One of the key concepts in those articles was that the internal control practices that we see in practice today, evolved over many years from a collection of widely recognized but often loosely defined concepts.

The internal control concepts were formalized in the 1990’s, most notably in 1992 by the Committee of Sponsoring Organizations (COSO) in the United States. During that same time period, other countries formalized internal control concepts, including Canada’s “Criteria of Control” (CoCo) developed by the Canadian Institute of Chartered Accountants.

The internal control framework (ICFR) developed by COSO in 1992 emerged as the “gold standard of internal control guidance”, and is being used by the majority of publicly traded organizations throughout North America to underpin their internal control processes. As much as the COSO ICFR was a vast improvement compared to what existed previously, there was a huge amount of change in business world between 1992 and 2012. The changes included; advances in technology for collecting data and compiling financial statements, outsourced service providers becoming an integral part of many organizations, increased corporate governance resulting from accounting scandals, and the need for much more external reporting, to name a few. In response to these changes, many organizations developed additional best practices, which were not clearly defined in the original COSO guidance. In recognition of this, COSO after consultation with stakeholders released a draft update to its original ICFR in December 2011. The draft document is publicly available on the COSO web-site (see below link) and is anticipated to become effective in 2013.

The proposed new ICFR is significantly more comprehensive than its predecessor, providing specific guidance and instruction on roles and responsibilities.  A summary of the notable changes can be found on page 140 of the document.

What are the implications of the new COSO ICFR for organizations large and small, public and private, for profit and not for profit? For starters, there will be an onus on management to understand the new framework, review the existing practices within the organization, and ensure that any changes required are enacted to ensure compliance. This is of particular importance to publicly traded entities. For instance, in Canada, the interim and annual CEO and CFO certifications (NI 52-109) for non-venture companies includes an assurance regarding the design and effectiveness of internal control frameworks benchmarked against a specifically stated internal control framework – in most cases this is COSO.

Other organizations that are not publicly traded entities, often dovetail their best practices in tandem with public companies to the extent possible. Therefore, it will be important for all organizations to understand the changes to COSO in relation to their existing internal control processes, and to ensure that any changes are implemented.

As outlined by COSO, the following is a brief summary of updates and what’s changed, and what has not

What is not changing?

• Definition of internal control
• Five components of internal control
• The fundamental criteria used to assess effectiveness of systems of internal control
• Use of judgment in evaluating the effectiveness of systems of internal control

What is changing?

• Update to reflect current conditions in business and operating environments
• Codify principles that support the five components of internal control
• Expand financial reporting objective to include internal reporting and external non-financial reporting
• Increase focus on operations, compliance and reporting objectives

I hope this article has been helpful. If you require further information, assistance in this area, or wish to comment on this, please don’t hesitate to contact us:

Edelkoort Smethurst Schein Chartered Professional Accountants LLP
4145 North Service Road, Suite #200
Burlington, Ontario, Canada L7L 6A3

Office: 905-517-2297

Edelkoort | Smethurst | Schein CPAs LLP is located in Burlington Ontario servicing the Golden Horseshoe and Greater Toronto Area and beyond. The firm is fully licensed with CPA Ontario to provide assurance, tax and accounting services as well as registered as tax preparers with the Canada Revenue Agency (CRA) & Internal Revenue Service (IRS). The firm is also registered as an IRS Certified Acceptance Agent.

All blog posts published on this site are for informational purposes only and do not constitute professional advice. Readers should contact a professional to discuss their individual situation. Neither the author or the accounting firm shall accept any liability for any reliance placed on the information posted.


Leave A Comment