More Related Content
Similar to MainPaper (20)
MainPaper
- 3.
2
Introduction
The Committee Of Sponsoring Organizations (COSO) plays an important role in
providing leaderships and guidance on internal control for companies and helping them
achieve their objectives. In 1992, COSO released the first version of their internal
control framework, which was widely accepted in the United States and other countries.
In 2002, Congress passed the SarbanesOxley Act, which required companies to
produce the internal control report along with their annual financial reports. Due to this
mandate, companies implemented the COSO internal controls framework, therefore,
leading to wider acceptance of the framework. The framework enables companies to
improve their internal control reporting practices and helps design and implement
efficient internal controls within their organizations.
In 2013, COSO released an updated version of the internal controlintegrated
framework, these actions prompted many questions from the public. Although, the
original version has been proven effective, changes in the business landscape continue
to demand updates to the current framework. The most recent economic events of the
housing and credit crunch revealed a series of internal control weaknesses at all levels
of business practices that require immediate attention. Moreover, questions like what
has changed and what has been added and enhanced are also worth people’s
attention. In order to fully understand and distinguish the differences between two
versions of internal control framework, it is necessary to address and answer these
questions in following sections.
- 5.
4
controls in order to remain competitive in a constantly changing business environment.
During the past 20 years a number of serious events have changed the business
landscape. Outdated internal controls have failed to maintain the integrity of
organizations, causing detrimental impacts on local and global markets. According to
Protiviti,
“Expectations for governance oversight have increased; risk and risk based
approaches now receive greater attention; globalization of markets and operations
has become a mega trend; the complexity of business and organization structures
has increased, including outsourcing and strategic suppliers; technology has
evolved dramatically; and the demands and complexities in laws, regulation and
standards have all increasedsubstantially”(Protivitionline 2013).
Despite the size of the organization, internal controls are an essential part of the
operation because without such processes, a company could not compete in the
market, fraud would be rampant, and mismanagement of resources would lead to the
inability to meet its goals and objectives. Ineffective reporting and inaccurate information
would lead to costly consequences that can lead a company to failure.
Original COSO Framework
In 1992, COSO published the original ‘Internal Control – Integrated Framework’
document. The document was designed to give firms the ability to create internal
control systems that accomplished the following: provide realistic promise of reaching
business objectives, goals and desired outcome while adhering to laws and regulations
which allows firms to accurately report outcomes to the public, and to act as a mutual
- 6.
5
foundation for management, directors, regulators, academics and others to understand
the benefits and limitations of enterprise risk management (SOXonline). Like the
updated version, COSO’s original purpose for the framework was to create a unified
approach to create effective internal control systems. The document outlined five
sections needed for an effective internal control system. These sections are
categorized as: control environment, risk assessment, control activities, information and
communication, and monitoring,which make up the COSO Cube.
The control environment section,which involves with a firm’s values and
philosophies, serves as the base of the COSO Cube. For example, a firm’s
organizational structure, management philosophy and style, and human resource
policies would be part of its control environment. The next level of the COSO Cube is
risk assessment,which is concerned with the objectives of the firm and the risks that
arise with reaching those objectives. In this level, a firm’s capability of change is also
examined. In the center of the cube are the control activities, which are the policies and
procedures established by management in order to reduce risk. Both preventive and
detective actions are practiced in this level. The information and communication level is
set above the control activities. Information is an important element of any organization
because it is set to assure that the information is accurate and that there is effective
communication to provide it. At the top of the cube is the level of monitoring activities,
which is to monitor the other segments of the COSO Cube. Monitoring activities are
involved with the evaluation of the levels and the decision making in regards to changes
that need to be made in those levels.
- 8.
7
technology has been improving and many companies have been relying on new
inventions, which can impact all components of internal control. The final important
difference the new framework has is that it provides more focus on antifraud by
providing “more discussion on fraud and also consider the potential causes of fraud as a
separate principle of internal control” (protiviti 2013). Overall, the changes the new
framework made are focusing on preventing fraud, to be current with the technological
events, to be more detail, and to accomplish internal control.
COSO’s Reasons to Update
The first update for COSO’s integrated framework took place in 2013. COSO
appointed Pricewaterhousecoopers (PwC) as the leading firm to update its 1992
framework, the project was also given a time frame of two years to complete the update.
In addition, the project also consisted of representatives from various business sectors
including academics, government agencies and nonprofit organizations in order to
provide input and updates on the project progress. The update process included online
surveys to COSO, public comment letters and drafts of the new framework open to
comment and further input by the public. PwC compiled this information and were able
to comprise the new updated framework.
It had been almost two decades since the original COSO framework was
released in 1992. The intention of COSO was not to fix a broken system, but instead
improve the existing one with necessary updates that reflected the changes in the
business landscape. Since it’s original release, a series of events have shook the
business world. According to Protiviti, “We also have seen the damaging effects of
- 9.
8
spectacular, largescale governance and internal control breakdowns, including the
derivatives fiascoes of the 1990s, LongTerm Capital Management, the Enron era, and
the more recent global financial crisis.” (Protivitionline 2013)
In May 2013, COSO announced the release of their latest update to their Internal
Control Integrated Framework and Illustrative Documents. PwC was the author of the
updates, which is expected to address the recent changes in business demands and
operating practices. According to the American Institute of CPA (AICPA), “COSO’s goal
in updating the framework was to increase its relevance in the increasingly complex and
global business environment so that organizations worldwide can better design,
implement, and assess internal control.” (AICPAonline 2014) The events of the 90’s
attributed to a number of system breakdowns that prompted COSO to look at their
framework and institute appropriate system updates that could address the issues that
led to a decade of incidents that caused serious impacts on the economy According to
Protiviti,
“These breakdowns have taught valuable lessons around a number of themes
for example, the effects of management override, conflicts of interest, lack of
segregation of duties, poor or nonexistent transparency, siloed risk management,
ineffective board oversight, and unbalanced compensation structures that
enabled or drove dysfunctional and/or irresponsible behavior.” (Protivitionline
2013)
- 10.
9
With a slow recovering economy U.S. firms have to work harder to instilling trust
on the public while dealing with strict government oversight. The recent housing and
credit crisis brought to light a series of inappropriate and unethical behavior that left the
economy in pieces and consumers struggling to stay afloat. Internal controls within
financial institutions proved to be vulnerable to unsupervised management override,
leading to the collapse of the housing market and causing a domino effect in various
sectors of the economy. The involvement of the US Government and the use of
taxpayers’ funds to help bail out some of these irresponsible institutions prompted
higher governance oversight. New updates were necessary because it can prevent
such fiascos from repeating again.
Although, having a perfect framework is not realistic, updates can always help
keep things current. The events of the 90’s certainly left a long list of experiences that
nobody wants to see again. After the extensive intervention actions by the US
Government and taxpayers use of funds to bail out irresponsible industries, the
expectations for integrity, transparency, competency, and accountability have never
been so high. Management teams are now held to some of the highest standards,
shareholders, owners and government officials do not hesitate to scrutinize any
suspicious detail.
Relation to Accounting
COSO and the internal control framework is related to accounting in numerous
ways. According to COSO’s website, COSO was formed to study “the causal factors
that can lead to fraudulent financial reporting” (COSO). When COSO is trying to prevent
- 12.
11
the accounting profession. The internal control framework is part of what makes the
accounting profession it is today. This also makes management follow ethical
accounting procedures in order to prevent fraud and confident in their reports.
Conclusion
In conclusion, The COSO internal control framework has been successful since
the original version released. In order to in compliance with the SarbanesOxley Act
regulatory, company must attach a report about the effectiveness of the internal control
within company along with the yearend financial report. Plus,properly implementing
internal control framework in companies can reduce errors and irregularities, verify
accounting data, increase operation efficiency, and most importantly, it can prevent
fraudulent events from occurring. Moreover, the key function of internal control
framework is to help companies to meet their goals and objectives under the guidance
of internal control framework. So, it is important to implement internal control framework
within companies. In 2013, the new version of COSO internal control framework
released has drawn a lot of people’s attention. People have been contesting for the
intention and necessity of updating from the 1992 version to the new version while the
old version is still working well within companies. The COSO insists that it is time to
make changes to the original version because the world and the businesses have
changed over the last twenty years. Yet, the new COSO framework kept the original
definition of the internal control framework and the COSO cube, which is the core of the
framework. The differences are that the new version has increased more information
about technology and more focus on antifraud. The major update is that COSO has
- 14.
13
Works Cited
Coso. (n.d.). Retrieved May 1, 2015, from http://www.coso.org/aboutus.htm
Protiviti. The Updated COSO Internal Framework Frequently Asked Questions. (2013,
September 1). Retrieved May 1, 2015, from http://www.protiviti.com/enUS/Documents/
ResourceGuides/UpdatedCOSOInternalControlFrameworkFAQsSecondEditionPr
otiviti.pdf
The COSO Financial Controls Framework. (n.d.). Retrieved April 24, 2015, from
http://www.soxonline.com/coso_cobit_coso_framework.html
The Original COSO Cube. (n.d.). Retrieved April 24, 2015, from http://www.soxonline.com/
coso_cobit_coso_cubeold.html
KPMG. (2013). COSO Releases Internal Control – Integrated Framework (2013). Defining
Issues, 13 (26).
American Institute of CPAs. (2015). COSO Internal ControlIntegrated Framework. (2014, May
14). Retrieved May, 1, 2015, from http://www.aicpa.org/interestareas/businessindustry
andgovernment/resources/corporategovernanceriskmanagementinternalcontrol/pages/
coso_integrated_framework_project.aspx
Guide to Internal Control Over Financial Reporting. (n.d.). Retrieved May 1, 2015, from
http://www.thecaq.org/docs/reportsandpublications/caq_icfr_042513.pdf?sfvrsn=2
CEO suddenly resigns from Enron. (n.d.). Retrieved May 1, 2015. from
http://www.pbs.org/independentlens/enron/film.html
Lehman Brothers. (n.d.). Retrived May 1, 2015, from
http://www.technology.am/establishmenterrors10biggestcorporateblunders020229.
html