The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released for public comment the exposure draft of its much-anticipated Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting.
The 189-page draft outlines 26 fundamental principles associated with the five key components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The report also lists a variety of approaches that smaller companies can use to incorporate the principles and includes real-world examples of how they have been effectively applied.
Reactions to corporate misstatements, according to the report, “clearly signal that the market does not readily tolerate inaccurate reporting, regardless of a company’s size.” Added COSO: “A company, and particularly a smaller company, may incur additional costs to design effective controls over financial reporting and demonstrate they are in place. A company can lessen the amount of those incremental costs and still maintain appropriate levels of internal control by implementing the principles contained in this report.”
The report recommends that smaller companies broaden their pool of audit-committee members to include, for example, chief financial officers; management accounting experts; accounting professors with detailed knowledge of business, accounting, and auditing; chief audit executives or internal audit directors who have experience in internal control and business strategy from their own businesses; and retired partners from public accounting firms.
In a statement, COSO chairman Larry Rittenberg noted that “it was important for us to demonstrate how smaller public companies can implement effective internal control in a different manner than do their larger counterparts.” For example, he observed, management’s hands-on approach in smaller businesses may allow controls to be less formal without decreasing their quality. He also noted that “the scale of those controls may differ, and the opportunity to shift many of the controls from a fixed cost to a variable cost structure may be available to smaller companies.”
The guidance, which serves as a supplement to COSO’s Internal Control: Integrated Framework, originally published in 1992, focuses on the needs of smaller public companies regarding compliance with Section 404 of the Sarbanes-Oxley Act.
The COSO internal-control framework has been widely used by management and auditors in fulfilling Section 404 requirements, according to the Securities and Exchange Commission. After expressing concerns that existing frameworks are not appropriately tailored to a small-business control environment, the SEC staff encouraged COSO to address the needs of smaller businesses.
The comment period for COSO’s draft report ends on December 31; final guidance is expected in the first quarter of 2006.