The compliance revolution after the passage of the Sarbanes-Oxley Act of 2002 (SOX) was accomplished in large part with the help of the internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
COSO's framework became part of a worldwide movement to enhance periodic accounting and reporting of financial results. Coupled with the global convergence to IFRS, this should provide for a new age of financial information reliability and comparability.
In the past few years, COSO has remained active, providing new guidance regarding monitoring, enterprise risk management (ERM), enhanced board oversight, and quantifying risk appetites for corporate America. In December, COSO released an exposure draft and several related discussion questions that convert the 20-year-old COSO model to an upgraded and enhanced 2.0 version. The ED is available at coso.org The previous model has been effective since SOX was signed into law in July 2002, but clearly needed updating and modifying for relevance to today's business environment.
Changes in the business and operating environment that drove this change noted by COSO are as follows:
* Expectations for governance oversight.
* Globalization of markets and operations.
* Changes in business models.
* Demands and complexities in laws, rules, regulations, and standards.
* Expectations for competencies and accountabilities.
* Use of, and reliance on, evolving technologies.
* Expectations relating to preventing and detecting corruption.
Audit committee chairmen and their members need to invest time to consider the new ED, which is scheduled to be issued in final form in the first quarter of 2013. The complete package of materials will include the framework, a document with more information on internal control over external financial reporting, and a document on evaluation tools. Audit committees should consider the following during this interim exposure and finalization period:
* Ensure that audit committee members read the COSO executive summary and related discussion questions. Encourage those with a greater appetite to read the 150-plus pages of the new framework.
* Develop a plan with the CFO, internal audit department, and independent accounting firm over the remaining months in 2012 to discuss the impact the new ED will have on the registrant.
* Provide to the full corporate board of directors summary reports of the key concepts in the ED and how they may affect the company in future years.
* Consider other COSO guidance for monitoring compliance with internal accounting controls and ERM, as well as how the audit committee is integrating this new guidance to provide a comprehensive assessment of the regulation.
* Ensure that the audit committee members understand the new codification set forth in the ED.
Since the audit committee is a key component to the control environment of any corporation, members should consider the five embedded principles applicable to the "control environment." COSO describes those as follows:
* Demonstrate commitment to integrity and ethical values.
* Exercise oversight responsibility.
* Establish structure, authority, and responsibility
* Demonstrate commitment to competence.
* Establish accountability
The updated COSO framework will provide refreshed objectives. It will increase focus on operations, compliance, and nonfinancial reporting objectives. Accordingly, the audit committee will need to educate itself about the enhanced framework. Audit committees should spend time with the CFO, accounting department, internal audit, and external audit management to translate the new 2.0 model into actionable and measurable enhancements in the company This will strengthen resistance to fraud, material weaknesses, and significant errors in financial reporting. …