Executive Summary
COSO, the Committee of Sponsoring Organizations, has a mission to offer thought leadership and guidance by developing comprehensive guidance and frameworks on risk management for risks, fraud deterrence and internal control. This program is primarily designed to enhance organizational governance and performance as well as reducing the level of fraudulent actions and claims in organizations. This program has an aim and vision to be a renowned thought leader all over the world in all marketplaces. COSO, by design, is a voluntary organization in the private sector that is dedicated to the improvement of quality in financial reporting. It attains this through effective internal control, corporate governance and business ethics. This organization was initially formed in the late 20th century in 1985. It had an aim to support the National Commission on Fraudulent Financial Reporting- a private sector organization or initiative that is independent and studies causal factors leading to fraudulent transactions in finance and reporting of the same. The internal control of the COSO commission was released in 1992 in an integrated framework. The original structure gained huge acceptance and is currently used around the globe. It is considered a leader framework for designing, evaluating and implementing the efficacy of internal control. Over the years, the management of COSO has changed as it became friendlier, incorporated technology and became more complex. Most of the stakeholders are seeking more accountability and transparency. COSO has faith that the framework will allow organizations to efficiency and effectively maintain or develop systems of internal control.
History of COSO
COSO, the Committee of Sponsoring Organizations, has a mission to offer thought leadership and guidance by developing comprehensive guidance and frameworks on risk management for risks, fraud deterrence and internal control (DUGGAN and PEO 12). This program is primarily designed to enhance organizational governance and performance as well as reducing the level of fraudulent actions and claims in organizations. This program has an aim and vision to be a renowned thought leader all over the world in all marketplaces. The program is based on a guidance development in control and risk areas that allow good governance within an organization and fraudulent issues reduction. This committee can be described as a joint venture or initiative of 5 major private industry organizations. These organizations are; American Accounting Association, American Institute of CPAs, Financial Executives International, the Institute of Internal Auditors and the Association of Accountants and Financial Professionals in Business.
COSO, by design, is a voluntary organization in the private sector that is dedicated to the improvement of quality in financial reporting. It attains this through effective internal control, corporate governance and business ethics. This organization was initially formed in the late 20th century in 1985. It had an aim to support the National Commission on Fraudulent Financial Reporting- a private sector organization or initiative that is independent and studies causal factors leading to fraudulent transactions in finance and reporting of the same. The initiative also came up with recommendations for the SEC as well as other regulators regarding public companies and educational institutions. This national initiative was sponsored jointly by a number of financial professional organizations within the United States. They include; American Institute of CPAs, American Accounting Association, the Association of Accountants and Financial Professionals in Business, Financial Executives International, and the Institute of Internal Auditors. Entirely independent of every sponsoring organization, this commission had representatives from public accounting, the New York Stock Exchange and investment firms. Treadway James was the first chairperson of this commission. This explains why it is now famously referred to as the Treadway Commission.
The internal control of the COSO commission was released in 1992 in an integrated framework. The original structure gained huge acceptance and is currently used around the globe. It is considered a leader framework for designing, evaluating and implementing the efficacy of internal control. Over the years, the management of COSO has changed as it became friendlier, incorporated technology and became more complex. Most of the stakeholders are seeking more accountability and transparency. COSO has faith that the framework will allow organizations to efficiency and effectively maintain or develop systems of internal control. Through COSO’s goal of providing thought leadership in enterprise risk management, the organization has created a number of structures. This began in 2004. Later in 2009, the organization began publishing other papers that are related to ERM.
During the consecutive years after the initial publication of the internal control unit in 1992, the framework has continuously been revised as well as being re-issued. The latest publication, revision and re issue was in 2013. In Areas of deterring fraud, COSO has published a number of thought studies. The initial research occurred in 1999 and the latest was published in 2010. According to this history, it can be concluded that the organization is committed to its vision, mission and objective of development in control and risk areas that allow good governance within an organization and fraudulent issues reduction.
The required implementation of COSO
In 2002, the Sarbanes–Oxley or SOX was enacted. In the senate, this enactment is also referred to as the 'Public Company Accounting Reform and Investor Protection Act'. Additionally, in the House, it is also referred to as the 'Corporate and Auditing Accountability and Responsibility Act'. This federal law passed in the US sets new improved standards for every public company boards in the US, management as well as public accounting companies. The Bill has 11 sections. It was enacted as a counter measure to several corporate accounting issues and scandals that include Worldcom and Enron. These sections of that bill cover the role of public corporation boards, include criminal penalties for a number of misconduct and require the SEC (Security and Exchange Commission) to form regulations that define complying frameworks for public corporations.
Sarbanes–Oxley or SOX was crafted from the main sponsors of the bill, Senator Sarbanes Paul and Representative Oxley Michael (White 35). Consequently, the law required top management to personally certify the correctness of any company financial information. Additionally, the law set penalties for any financial fraudulent activities. in the same way, Sarbanes–Oxley or SOX raised the oversight responsibility of company boards of directors as well as the independence of external auditors who make revisions to the accuracy of financial statements in corporate. As mentioned earlier, the enactment of the bill was as a result of several accounting scandals in different companies like Worldcom, Tyco International, Peregrine Systems and Adelphia. Investors were cost billions in dollars after the share prices were affected due to loss of public confidence within the United States Stocks Market.
The Act requires the SEC to carry out rulings on requirements of complying with this law. The 26th chairman of SEC was the first to lead a team in the implementation and adoption of these new laws in the form of Sarbanes–Oxley or SOX Act. The act created a somewhat new public agency, Public Company Accounting Oversight Board (PCAOB). This agency was mandated with regulating, overseeing, disciplining and inspecting accounting companies in their responsibility as auditors in public firms. Also covered in the act include issues like corporate governance, auditor independence, internal control review as well as improved financial disclosure. Other issues included in the act are; analysts’ conflicts of interest, commission resource and authority, studies and reports, corporate tax returns, corporate fraud accountability, white collar crime penalty enhancement and corporate and criminal fraud accountability (DUGGAN and PEO 12).
The creation of this act followed a number of factors and failures. They include conflicts of interests from the auditors operating in public companies, boardroom failure conflicts of interests from securities analysts, underfunding of the Security and Exchange Commission, poor banking practices and the internet bubble as well as executive compensation that involved stock options (DUGGAN and PEO 12). This law was enacted to curb the issues presented above. The law has continued to work well in allowing managers to adequately manage the business on behalf of the shareholders in the allocation of firm resources to their best use. The law helps to instill improvements and accuracy as well as reliability in financial statements of a public company.
Changes to COSO since Inception
The initial COSO framework of internal control was drafted ten years before the Sarbanes–Oxley or SOX Act was enacted. As seen above, the main objective of forming the COSO framework was to offer thought leadership and guidance by developing comprehensive guidance and frameworks on risk management for risks, fraud deterrence and internal control. The program was primarily designed to augment organizational governance and performance (DUGGAN and PEO 12). The program was also initiated to help in reducing the level of fraudulent actions and claims in organizations. The 1992 structure of internal control addressed the 3 objectives of financial reporting, compliance and operations (Melendy et al 345). The COSO program intended for a broad application of the framework.
In 1992, the COSO framework made an introduction of three categories of objectives to the public; compliance, financial reporting and operations. Additionally, the framework introduced 5 internal control components; control activities, control environment, risk assessment, information and communication as well as monitoring. Through presentation of such concepts, public companies could make considerations on how every objective and concept would work on each level of the entity. In the newer version of the framework, the term financial has been dropped. (White 35) The rest of the components have remained the same. This shows that external financial reporting, in internal controls, is not the only vital type of reporting. In the newly developed framework, the order of components has been altered to enable control environment to lead at the top.
The Current Structure of COSO and Proposed Changes
Among the major changes to the COSO framework from the 1992 structure is the incorporation of information and technology to the requirements. COSO currently references concepts of outsourced processes in business in a number of places within the framework as well as addressing IT controls in many areas. This is basically done since IT is intertwined throughout the current business setting and therefore must be incorporated into the framework. Recently, COSO incorporated changes that state that, any data obtained from an outsourced service or services provider managing business processes for a company is subject to equal expectations in internal control as it is expected of other entities. The chart below shows the major changes that have occurred within the COSO framework since it was instituted up to last year (D'Aquila and Houmes 55).
The 2013 COSO Framework is not so different from the one instituted two decades ago in 1992. This is because the initial framework was still applicable to the modern day business operations, save for a number of alterations that necessitated the upgrade (D'Aquila and Houmes 55). The new framework provides management teams and audit committees with a chance to take a better look into internal controls. It also provides an opportunity for the said to create better value for the organization without taking into consideration the maturity of a firm’s system of internal control. The table below helps to synthesize the changes.
As seen above, the updated version of the 1992 COSO framework has put more emphasis on the role played by the board and the audit committee depending on the structure of governance. The role played with regards to creation of an efficient control surrounding and having a vibrant process of assessing risks that includes addressing and identifying fraud risks is clearly defined. From the diagram above, it can be seen that the updated version of the framework offers additional structure through a definition of 17 principles within internal control of a company. The enhanced structure of the new framework has increased the level of harshness and severity in the requirements for design evaluation and the efficiency of company internal control. According to the updated version of the framework above, every principle must be functioning so as to make an inference that there is efficiency of internal control over financial reports.
A number of essential topics connected to internal control over financial reports have been discussed in a clearer picture in the updated framework. The said include the accountability and competence of the people conducting activities and operations in internal control. Additionally, the identification of fraud risk and the consequential response, the quality of data used within internal control and changes necessitated by business changes in internal control have been addressed.
The Importance of COSO in the Tax Field
In previous tax years, digging up for information and data has always presented a problem for businesses and the tax administration. COSO was initially created to redefine business internal control after a number of significant audit failures in the 20th century. Primarily, the Committee of Sponsoring Organizations has a mission to offer thought leadership and guidance by developing comprehensive guidance and frameworks on risk management for risks, fraud deterrence and internal control. The COSO framework takes into consideration not only the assessment of hard controls in a business such as duty segregation, but also soft control like professionalism and competence of the employees. Currently, there is an unprecedented concentration on corporate responsibility and risk. This requires tax functions in corporate to increase control. This happens as businesses embrace enterprise risk management. In this new enterprise and environment, corporate tax functions must ensure that sustainable tax frameworks are embedded into the overall system of the organization in internal control. The COSO framework is a leader framework for designing, evaluating and implementing the efficacy of internal control (D'Aquila and Houmes 55). It is believed that tax executives will look beyond the practical tax control surrounding to help out in clearing issues relating to tax opportunities, risks and responsibilities. Tax risks and issues relating to the same have the power to affect the organization. The tax function has the power to affect the financial outlook of an organization. In this regard, the internal control guidelines presented by the COSO framework will assist in keeping the tax function in check.
Works Cited
DUGGAN, JOSEPH W., and CHRISTIAN PEO. "Preparing To Implement The 2013
COSO Framework." Financial Executive 29.7 (2013): 12-13. Business Source Premier. Web. 22 Nov. 2014
D'Aquila, Jill M., and Robert Houmes. "COSO's Updated Internal Control And Enterprise
Risk Management Frameworks." CPA Journal 84.5 (2014): 54-59. Business Source Premier. Web. 22 Nov. 2014.
Melendy, Sara, and Ronald J. Huefner. "Monitoring Legal Compliance: The Growth Of
Compliance Committees." Accounting Perspectives 10.4 (2011): 241-263. Business Source Premier. Web. 22 Nov. 2014.
White, John. "How To Use COSO To Assess IT Controls." Journal Of
Accountancy217.5 (2014): 34-38. Business Source Premier. Web. 22 Nov. 2014.