In the world of regulatory compliance, you need all the help you can get in order to remain aligned with those policies and procedures to which your company is subject. Nowhere is this need for policy compliance greater than with publicly traded companies. Not only do you have a duty to provide products or services to your clients, but you also owe it to your shareholders to ensure their confidence in the stability of your company’s internal controls is not misplaced.
The good news is that personnel responsible for enterprise risk management are not left to work without a net! Thanks to the Internal Control-Integrated Framework (ICIF) established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), you and other compliance officers have been given a set of ground rules to help you establish a sound internal framework to ensure that your company remains in line with industry standards. Yet standards, as you are aware, often change.
What is COSO?
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was created and designed to provide thought leadership through the development of comprehensive frameworks and guidance on internal control, fraud prevention and enterprise risk management. The overarching goal of a COSO Framework is to enhance and improve organizational performance and oversight, as well as reducing the extent of the risk of fraud.
COSO is the acronym used to refer to a compliance framework used for testing and evaluating internal control and processes. The COSO Framework gets its name from its origins; in 1992, the Committee of Sponsoring Organizations of the Treadway Commission created the benchmarks and standards used to measure internal control effectiveness within a given organization. This initiative has come to be known as COSO, and provides a definition and insights into best practices for a brand’s operations.
How and Why Was COSO Formed?
Formed in 1985 to support the National Commission on Fraudulent Reporting, also known as the Treadway Commission, COSO began as a joint initiative, sponsored and funded by the five following private sector organizations:
- American Accounting Association (AAA): Serves as a benchmark organization in the promotion of excellence in accounting education, research and practice.
- American Institute of Certified Public Accountants (AICPA): This U.S. professional organization for Certified Public Accounts has more than 400,000 members from 145 countries around the world. The organization works to enhance the careers, experience and knowledge for CPAs by providing support through education and research for professionals in various industries. Perhaps most importantly, the AICPA sets the ethical standards, code of ethics, and alignment with the public’s interest in the field of accounting that is essential for professional CPA members to comply and uphold.
- Financial Executives International (FEI): Primarily serving as a member-based service organization for financial executives at all types and sizes of companies, public and private. Featuring a network of over 10,000 financial professionals in over 75 chapters around the globe, FEI offers practical and ethical support and information for dedicated financial professionals−delivered by fellow members serving in a leadership role−at all levels. FEI allows each member the opportunity to serve as leader or mentor, as needed and appropriate.
- Institute of Management Accountants (IMA): This professional U.S. organization raises awareness in management accounting and includes jobs in decision support, planning and control positions. With additional offices in Switzerland, UAE and China, and including more than 70,000 management accounting professionals, IMA certification and an ever-increasing collection of resources for management accounting industry support.
- The Institute of Internal Auditors (IIA): When it comes to internal audits and enterprise risk management, the IIA serves as the guidance-setting body. Active in more than 195 countries, the IIA has more than 185,000 members across the country and around the world. The IIA’s primary mission is to provide “dynamic leadership” for anyone associated with the internal auditing profession. Through continuing education and research to improve internal auditing methods, shared experiences among members who serve as leaders and mentors, and promotion of the field itself, the IIA helps to continually improve the field for everyone, from the internal auditors to the clients.
Each of these organizations brings its own unique professional philosophy, skills, mission and approach to the development of integrated guidance on internal control.
What Is the Significance of COSO Compliance Objectives?
The COSO compliance objectives define internal control; an ongoing process that is managed and impacted by management and a brand’s board of directors. Internal control, used properly, can help ensure success in operations, enhance efficiencies and even help an organization stay in compliance with regulations and laws. COSO is broken down into five distinct areas to make it easier to implement and ensure nothing is missed.
In a healthy and effective system, the components below help move an organization towards fulfillment of its goals and mission and allows it to better reach its defined objectives.
How Have COSO Compliance Objectives Evolved Over Time?
In September 1992, COSO released a four-volume report called Internal Control-Integrated Framework. The report established a common definition of internal control and provided a coordinated framework that companies might use as a reference point against which they might compare the health of their own internal control systems to make improvements.
With minor amendments in 1994 and 2013, Internal Control — Integrated Framework served as the benchmark for organizations trying to improve the outcomes of internal audits and the overall status of enterprise risk management. Now considered “institutional knowledge,” the report provides a solid foundation for organizations to make improvements in the following areas:
- Higher expectations for governance oversight
- Advanced complexities in business
- Globalization of operations and markets
- Meeting complex demands in industry rules, regulations, laws and standards
- Anticipated results for industry competencies and accountabilities
- Adoption and adaptation of evolving technologies
- Expectations surrounding detection and prevention of fraud, along with other effective enterprise risk management improvements
- Improvement of reliability of financial reporting
New Concepts Introduced in 2013 – Internal Controls
The business world saw dramatic shifts in practices from when the COSO framework was first established in 1992. Due to the market’s dynamic nature, the COSO board saw the need to revisit many of the standards they set forth, and to update them accordingly. That recognition led to the release of a newer version of the Internal Control-Integrated Framework (ICIF) in May of 2013. While this new version reaffirms the timelessness of many of the concepts presented in the 1992 framework, it also further defines many of that version’s original principles, among which are:
- Reporting: While the 1992 framework tackled the issue of reporting from an external perspective, the 2013 version more clearly addressed both internal and external financial and non-financial reporting.
- Internal control principles: The 2013 framework further elaborated upon the 17 codified principles of internal control set forth in the 1992 version. It also called for documented rationalization for those principles that companies don’t feel are relevant.
- Requirements and deficiencies: Standards for principles being “present” and “functioning” are explained and major deficiencies in following the framework’s internal control principles were better defined, placing the responsibility on management to use its own good judgement in deciding how principles are integrated into their company’s operations.
- Points of focus: Advice on how and where management can focus its energies on implementing the framework’s 17 principles was added.
New Concepts Introduced in 2017 – Enterprise Risk Management
One of the primary distinguishing characteristics of the 2017 update to the COSO ERM framework is the tight connection between risks, strategy, and performance.
- Risks are examined and taken into account at the highest levels of the business.
- The organization practices risk management as a routine aspect of daily operations.
- Risks aren’t simply seen as bad ones; they may also be prospective good ones that are worthwhile to take, given their value and alignment with corporate goals.
- Risks are related to judgments about strategy and how they will affect performance.
Twenty principles make up the COSO ERM framework, which is divided into five groups to support different aspects of the framework: governance and culture, strategy and goal-setting, performance, review and revision, and information, communication, and reporting.
With the use of the components and the guiding principles behind them, the board and senior leadership may assess how well they are able to connect strategy, performance, and risks. Additionally, businesses are likely to enhance their resilience skills and their capacity to identify problems and choose the best course of action to navigate around — or even through — them as a result of having a clear vision and strong participation.
Related article: the Growing Role of Internal Auditors in ERM.
Get Help with COSO Compliance Objectives
Compliance monitoring is a vital aspect of your company’s operations, yet such tasks need not demand all of your time and attention. By taking advantage of services we offer at I.S. Partners, LLC, you are made aware of any governmental or industry policy changes that could affect your company’s approach to compliance.
It can be tough to evaluate your own internal teams and established methods accurately and objectively. Working with a brand that specializes in COSO and in enhancing efficiencies ensures nothing is missed and allows you to get the most from the process. If you’re not sure how to best use the COSO Framework or need help, get in touch. Our team makes it easy to define and then fulfill key initiatives that allow your business to run as efficiently as possible.