Page Action:

COSO's Updated Internal Control Framework To Be Released in May; Get Ready to Roll Your SOX Up

Earlier today, the Committee of Sponsoring Organizations of the Treadway Commission, commonly known as COSO, announced the expected release date of the 2013 updated version of its its landmark 1992 Internal Control-Integrated  Framework, along with transition guidance for the interim period until the 2013 framework supercedes the 1992 framework.  

2013 Internal Control-Integrated Framework To Be Released May 14, 2013
According to COSO, the updated framework is scheduled for release on May 14, 2013. The final framework takes into consideration comments received on prior Exposure Drafts.
1992  Framework To Be Superceded by 2013 Framework on Dec. 15, 2014
COSO noted the 2013 version of the framework will supercede the original framework as of Dec. 15, 2014, and provided 'transition guidance' for the interim period.

Transition Guidance Provided by COSO
The following 'transition guidance' is provided by the COSO board in COSO's press release issued earlier today, as pertaining to the period between the upcoming release date of COSO's 2013 Internal Control-Integrated Framework (May 14, 2013) and the date on which the 1992 framework becomes superceded (Dec. 15, 2014).

The COSO Board also announced today that it will continue to make available the original framework during the transition period extending to December 15, 2014, after which time COSO will consider it as having been superseded.
The Board believes that the key concepts and principles embedded in the original framework are fundamentally sound and broadly accepted in the marketplace, and accordingly, continued use of the original framework during the transition period (May 14, 2013 to December 15, 2014) is appropriate. During that period, the Board believes that application of its Internal Control-Integrated Framework that involves external reporting should clearly disclose whether the original or 2013 version was utilized. 
The COSO Board’s goal in updating the original framework has been to reflect changes in the business and operating environments, to formalize more explicitly the principles embedded in the original framework that facilitate development of effective internal control and assessment of its effectiveness, and to increase ease of use when applied to an entity objective.   Accordingly, the Board believes that users should transition to the 2013 Framework in their applications and related documentation as soon as is feasible under their particular circumstances.

Why is the COSO Framework Important?

COSO's Internal Control-Integrated Framework is inherently significant to public and private companies as a frame of reference for good corporate goverance and internal control.

It is critically important for all public companies in terms of Sarbanes-Oxley Section 404 internal control assertions, as it is cited in SEC and PCAOB rules for the management report on internal control [Sarbox Section 404 (a)] and auditor's report on internal control [Sarbox Section 404(b)], respectively, as a suitable internal control framework.

Private companies are impacted in a number of ways as well, e.g. if they are contemplating an IPO, or if they engage an audit firm to perform an attestation on their internal controls in conformity with certain AICPA standards referencing COSO's internal control framework.  

More About COSO
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was founded in 1985 as a joint private sector initiative to provide anti-fraud guidance, and Chaired by former SEC Commissioner James C. Treadway. The current chairman is David L. Landsittel.

The five founding (sponsoring) organizations of COSO are: the American Accounting Association (AAA), the American Institute of CPAs (AICPA), Financial Executives International (FEI), the Institute of Internal Auditors (IIA),  and the Institute of Management Accountants (IMA). Read more about COSO at

More About COSO's Project to Update Its Internal Control Framework

COSO established a separate website on which the Exposure Drafts and Comment Letters relating to the update of its Internal Control-Integrated Framework can be found, as well as background information about this project: As noted on the "About the Project:" page on that website: 

COSO has engaged PwC to support its update of the Framework. As such, PwC will be working under COSO's leadership and direction in developing the updated Framework. To help ensure a broad representation of perspectives, COSO has formed an Advisory Council comprised of representatives from industry, academia, government agencies, and not-for-profit organizations to provide input as the project progresses.

COSO also engaged PwC to author Approaches and Examples Relating to Internal Control over External Financial Reporting (ICEFR Approaches and Examples) and ICIF Practice Aid. These documents illustrate how the principles set forth in the Framework can be applied in designing, implementing and maintaining internal control over external financial reporting and in assessing effectiveness of internal control. 

FEI President and CEO Marie N. Hollein serves as FEI's representative on the COSO Board. FEI member Ray Purcell, Director of Financial Control at Pfizer, chairs FEI's Working Group on COSO, which submitted two comment letters on COSO's Exposure Drafts. 
My Two Cents: Why YOU Should Roll Up Your SOX (and Sleeves) and Learn About COSO's Updated Framework!

(Please refer to the disclaimer which appears on the right side of this blog.) 

The COSO internal control framework is viewed by many -although COSO is not a 'standard-setter' per se -  as the de facto internal control standard in the U.S. This is due in large part to, for all intents and purposes, the universal use of COSO's 1992 internal control framework in the U.S., which is pretty much embedded at this point, in companies' internal control frameworks since COSO '92 came out, and it's wide use or reference in other parts of the world.

And it is for that very reason - because COSO has become so embedded in companies' internal control frameworks, after two decades of use, that in some cases a new generation is becoming familiar with the COSO framework per se.

In my opinion, that is why COSO decided not only to update the internal control framework for changes in the business environment and technology that have taken place since the 1992 framework was published, but also articulated 17 principles and additional points of focus that underlie the original five components of internal control set forth in the 1992 internal control framework, which are carried forward in COSO's 2013 framework, as seen in the Exposure Drafts issued to date by COSO.

Although the updated framework will thus be 'principles-based,' it will not only represent a change and new information, but there will also be a number of companion volumes of information published which will be helpful, but like anything else, will be time consuming to grasp and will require consideration and comparison to the current state of - in this case - internal control, and for most readers of this blog, internal control over financial reporting in particular.

That is why it will be so important to pay attention when COSO releases its 2013 Internal Control-Integrated Framework on May 14. FEI is planning to host some educational events around the country to familiarize its members and nonmembers with the updated COSO framework. Watch our website - in particular our conferences page, and this blog for more information. (If you received this blog post from 'a friend' and you'd like to receive the FEI blog by email, please click here to join our email list.)

Posted: 3/20/2013 3:30:14 PM by Edith Orenstein | with 0 comments
Filed under: COSO 2013,COSO internal control transition guidance,COSO transition guidance,internal control transition guidance,Internal Control-Integrated Framework,Section 404,transition guidance,404(b),COSO,Sarbanes-Oxley,Sarbox,SOX,404(a)

Trackback URL:;-Get-Ready-to-Roll-Your-SOX-Up.aspx

Blog post currently doesn't have any comments.
Leave comment

Enter security code:
 Security code

Subscribe to Financial Reporting Blog

Submit your email address to receive notifications of new posts by email.

Search Blog:

clear results Rss


Skip Navigation Links.
Expand 20132013
Skip Navigation Links.
Expand 20122012
Skip Navigation Links.
Expand 20112011
Skip Navigation Links.
Expand 20102010
Skip Navigation Links.
Expand 20092009
Skip Navigation Links.
Expand 20082008