HN

Last month COSO (Committee of Sponsoring Organizations of the Treadway Commission) announced a project to modernize the COSO internal control - integrated framework.

According to the COSO chairman David Landsittel the core principles of the initial framework are still valid and companies of course can continue to apply the current version. In his opinion only the more detailed guidance and the examples are somehow dated. He says: "This project is not intended to change how internal control is defined, assessed, or managed, but rather provide more comprehensive and relevant conceptual guidance and practical examples."

Let’s have a look on the history of the COSO frameworks:

The initial COSO framework (often called COSO I) was described in a document from 1992: Internal Control - An Integrated Framework. Later in 1994 it was republished with minor amendments. This report presented a common definition of internal controls and provided a unified approach for the evaluation of internal control systems. Since the SEC (U.S. Securities and Exchange Commission) later specifically mentioned COSO Internal Control -Integrated Framework as an appropriate framework for the management of internal controls, many companies found and still find it safe to follow it. In the initial version the COSO framework looks at controls across three dimensions which you can see in the following picture of the COSO I cube.

 

 

Years later many business scandals and failures (like Enron (2001) and WorldCom (2002)) led to calls for an enhanced corporate governance and risk management. In response to a need for a principles-based guidance to help entities design and implement effective enterprise-wide approaches to risk management, COSO issued the Enterprise Risk Management - Integrated Framework. It was published in 2004 and was developed together with PricewaterhouseCoopers (PwC).

In this extended framework the internal control is seen as an integral part of enterprise risk management (ERM). The framework expands on internal control concepts by providing a more robust focus based on the broader subject of enterprise risk management. To emphasize the importance of identifying and managing risks across the enterprise some new components have been added to the COSO ERM framework as you can see in the new cube.

 

(For more information about COSO ERM please also have a look here.)

 

So to answer my question from the title: No, it will not be a complete new COSO framework.

The lately by COSO announced enhancements will also be based on the original framework from 1992 and will facilitate a more robust discussion of internal control. Like before COSO has engaged PwC to support its update of the framework and the PwC team leader says: "Additionally, it will further explain the interconnections with the Enterprise Risk Management - Integrated Framework, the 2006 Internal Control over Financial Reporting - Guidance for Smaller Public Companies, and the 2009 Guidance on Monitoring Internal Control Systems."

Interesting from my point of view is that the updated framework will also be exposed for public comment. The idea is to capture any additional input from the general public. The release is planned for 2012, the 20th anniversary of the initial framework.

I am curious about the new enhancements.

 

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock