Introduction
It is two decades since the Committee of Sponsoring Organizations (COSO) of the Treadeway Commission started developing an internal control integrated framework. This was to enable companies move away from electronic data interchange; it was necessitated by the fact that internal control measures were not sophisticated. Accounting firms were struggling to address the evolving client-server system. This resulted in COSO developing a conceptually sound control framework which has withstood test of time.
After several years of audit failures beginning in 1980s, COSO decided to redefine internal control and the criteria for determining the effectiveness of the internal control system. This was changed by the 1992 internal control integrated framework. This framework considered the evaluation of hard controls and duty segregation and soft controls like competence and the professionalism of the employees.
COSO developed a conceptually sound control framework that has stood the test of time. The modern control framework is user friendly and it is applicable to the ever-changing modern environment. There has been a revised process that has resulted in COSO 2013 internal control integrated framework. This modern framework provides more implementation guidelines while establishing effective internal controls that cost the organization less (Rittenberg, Karla and Audrey 206).
The value of COSO based auditing framework is that it facilitates the effective evaluation of soft controls that are espoused by COSO while at the same time, helping in avoiding faulty and negative findings that could result from traditional methods of auditing. Because it is outcome-oriented and customer-focused, COSO internal control framework can help in addressing the systematic root causes produces workable solutions every time and avoids placing blames. This is because it can define the key issues and reportable conditions, determine the strengths and weaknesses of control system, identify corrective actions and make final assessment (Rittenberg, Karla and Audrey 206).
The main differences between the 1992 and 2013 framework
Since its development, the 1992 framework revolutionized the evaluation and the design of organization internal control. This was updated in 2013 to make it more relevant to shareholders and investors and to meet the demands of the rapidly changing business environment. The 2013 framework is designed to enhance organizational control structures in the modern business environment.
The main difference between the 1992 and the 2013 edition is the codification of 17 principles in order to support the five components. The 17 principles were fundamental and implicit in 1992 framework; for effective controls, however, the 2013 framework requires that each of the five components and the seventeen principles to be present and functioning. The five components should operate in an integrated manner. The 2013 version also feature the following, different from the 1992 framework: Increased insight into governance concept, heightened focus on globalization and on changing business models, additional guidance on the role of technology and expansion of reporting objectives. The principles aid in codifying the core parameters of COSO and to provide clarity and what makes up effective control. The 2013 framework also includes points of focus that help in enumerating the specific characteristics that are linked to 17 principles. According to COSO, the point of focus can help the management in implementing, designing and in conducting internal controls and assessing whether the requisite principles are present and functioning ((Protiviti 1).
Please outline why you think COSO changed/updated their framework.
The very many reasons for the upgrading from the 1992 version to 2013 version were aimed at achieving the following: enhanced governance, extended applicability and coverage, to achieve enhanced risk assessment and antifraud practices and improved adaptability. In the spirit of the need to continuous improvement, the decision by COSO to upgrade from 1992 to 2013 framework was motivated by changes in business environment over the 20 years. Furthermore the changes were motivated by valuable lessons learned in the Enron era, derivative fiascoes on 1990s, global financial crisis and long term capital management. This exposed issues such as management override, conflict of interest, siloed risk management, unbalanced compensation and ineffective board. This necessitated the upgrade to enhance competencies and accountabilities (Protiviti 1).
Please outline considerations for companies to consider when transitioning from the 1992 to 2013 framework.
In transitioning, companies should disclose the framework that they use as the criteria for the evaluating of ICRF effectiveness. Companies should also use language that matches the criteria lines that are established in COSO’s internal control integrated framework. The practice will evolve when the companies issue internal control report during the period of transition. Companies should familiarize themselves with the 2013 framework and they should attend available training. Based on the timing and transition, companies should deploy a centralized management office to ensure cost effective approach. Companies should also ascertain whether there is existence of internal controls (Protiviti 18).
Conclusion
Internal controls framework are very critical in search for accountability. Companies are required to adhere to the U.S Sarbanes Oxley Act of 2002 and its compliance requirements to related financial controls. Organizations that comply with this Act have identified critical controls that can be solved by the internal controls integrated framework.
Works Cited
Rittenberg, Larry E, Karla M. Johnstone, and Audrey A. Gramling. Auditing. Mason, Ohio: South-Western, 2011. Print.
Protiviti. The Updated COSO internal control framework: Frequently asked questions. 2013. Web. 5th April, 2014, <http://www.protiviti.com/en-US/Documents/Resource-Guides/Updated-COSO-Internal-Control-Framework-FAQs-Second-Edition-Protiviti.pdf >
