A recently released exposure draft by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) may have been designed for smaller businesses, but it has applications for larger companies as well.
Chuck Landes, vice president of the professional standards group
for the American Institute of Certified Public Accountants (AICPA) — one of COSO’s five member organizations — notes that the 189-page draft is aimed at smaller public companies that typically do not have the internal depth and breadth of in-house talent to help them embrace the criteria of the original COSO framework.
Landes maintains, however, that Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting can help businesses both large and small. “We were not interested in creating ‘COSO-lite’,” says Landes, the AICPA’s representative on the COSO board. “Because the framework is principles-based, we feel organizations and non-public entities of any size can use the framework and adapt it.”
The draft lists 26 control principles of the original COSO framework that relate to the five elements of internal control: control environment, risk assessment, information and communication, control activities, and monitoring. The principles provide templates for how companies can assess their internal controls, provide alternative examples of how a company can achieve compliance, and make it easier for companies to understand the original framework, says Landes.
“The principles give companies something more solid as a benchmark when they look at internal control,” he explains. He notes that the document also offers illustrations of how companies can scale COSO to fit their own needs, so they can have less-formal controls without decreased quality.
One control aspect of special concern for small companies is segregation of duties. COSO’s guidance offers alternative ways to help companies comply, such as using compensating controls; having high-level executives perform some monitoring of the effectiveness of internal controls; establishing a more active audit committee; and outsourcing the internal-audit function.
Another principle related to the control environment concerns developing and communicating strong ethical values on financial reporting — activities that can be implemented at any business with different levels of formality, depending on the company’s size.
The draft is open to comments until December 31. Landes expects the COSO board to produce final guidance in the first quarter of 2006.