COSO Users Are Eager for Time Line

Auditors and companies are gearing up for the new COSO internal-control guidelines, but they need some of the details clarified.
Kathy HoffelderNovember 30, 2012

Auditors and companies looking to adhere to a proposed internal-control framework for financial reporting were told yesterday at a Baruch College auditing conference not to sweat the actual implementation date when the draft framework is finalized in March 2013.

Comparing the new framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) with Microsoft’s Windows 8, David Landsittel, chairman of COSO, said users may initially favor the older framework, which will be “available as long as the market wants it.” But the new version will be “more robust” than the previous version, which dates back to 1992.

In anticipation of adopting the framework, some CFOs and auditors want a more concrete implementation time line. That would help those looking to use the guidelines, according to Deloitte partner Jennifer Burns. She is hopeful the Public Company Accounting Oversight Board and the Securities and Exchange Commission will stipulate some period of time for compliance.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

COSO, a joint initiative of the American Accounting Assn., the American Institute of CPAs, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors, updated the “Internal Control–Integrated Framework” to keep up with current business conditions. In particular, the new framework expands the financial-reporting objective to address nonfinancial reporting issues, outlines formal principles as opposed to just concepts in assessing the effectiveness of internal-control systems, and increases the focus on operations and compliance.

COSO also issued a document last September that outlined some practical approaches and examples for using the proposed framework, dubbed “Internal Control over External Financial Reporting: Compendium of Approaches and Examples (ICEFR).” The deadline for comments on that document has been extended until December 4 to give extra time to businesses that were affected by Hurricane Sandy. COSO’s previously published enterprise risk management framework, the ERM Framework, is intended to be complementary to the internal-control framework.

Companies with less-sophisticated internal-control practices should benefit from the new framework, as it may help point out what they have been missing, said J. Stephen McNally, finance director and controller at Campbell Soup and part of the COSO Advisory Council. “The framework will really help companies in developing their internal=control systems,” he said.

Other firms with more advanced internal-control operations will need less help, added McNally. “At Campbell Soup, we’ve always had very controlled environments,” he said.