COSO Releases ED On Monitoring; Can Impact Sarbanes-Oxley 404, SAS 112 On Internal Control
June 4, 2008
On June 4, 2008, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released for public comment its Exposure Draft (ED) entitled, "Guidance on Monitoring Internal Control Systems." The comment period ends August 15, and final guidance is anticipated by Fall 2008.
COSO's 1992 Internal Control-Integrated Framework (as supplemented by COSO's 2006 Guidance for Smaller Public Companies - which can be applied by companies of all sizes) is recognized by the U.S Securities and Exchange Commission's (SEC) rule on management reporting, and in the Public Company Accounting Oversight Board's (PCAOB) internal control audit standard (AS5) as a suitable and generally accepted framework on which to base assertions as to the effectiveness of internal control under Sarbanes-0xley Section 404. For all intents and purposes in the U.S., the COSO framework is "the" internal control framework. (The SEC and PCAOB permit reference to certain other frameworks used outside the U.S., such as Turnbull in the U.K.)
Similarly, private companies are subject to the American Institute of Certified Public Accountants (AICPA) standards, like SAS 112 on "Communicating Internal Control Related Matters Identified in an Audit," which reference the COSO framework.
The proposed guidance contained in COSO’s Exposure Draft released June 4 more fully develops the Monitoring component of COSO's internal control framework. (The five components of COSO's internal control framework are: control environment, risk assessment, control activities, information and communication and monitoring.)
The objective of the Monitoring ED is to assist companies in improving monitoring to make it more efficient and effective, including to better leverage management's work in terms of reliance by auditors on that work, as part of the overall efficiency and effectiveness of internal control assessments.
Links to the three-volume Exposure Draft (Exec Summary, Guidance and Application Guidance or Examples) as well as an introductory letter from the COSO Chairman, Dr. Larry E. Rittenberg, and a related press release issued June 4, can be found on COSO's newly redesigned website here. Be sure to check out other aspects of COSO's redesigned website at www.coso.org.
COSO selects a firm to lead a project team in developing its guidance. The project team includes representatives from COSO’s five sponsoring organizations (the American Accounting Association (AAA), AICPA, FEI, Institute of Internal Auditors (IIA) and Institute of Management Accountants (IMA)) and other experts. Audit firm Grant Thornton, LLP was selected last year to lead the development of the Monitoring guidance under the auspices of the COSO project team. The project leader is R. Trent Gazzaway, managing partner of Corporate Governance, Grant Thornton LLP.
FEI President and CEO Michael P. Cangemi is FEI’s COSO board representative. Rick Brounstein, CFO of NewCardio Inc. is FEI's member representative on the COSO Monitoring project task force, with input from members of FEI’s Task Force on Monitoring (TFM).
In fall 2007, COSO released a Discussion Document on Monitoring, a precursor to the current ED. Comments sent on the Discussion Document by FEI and others are posted here.
Check back to FEI’s website www.financialexecutives.org later this week for a summary of the COSO ED.
Prepared June 4, 2008 by Edith Orenstein, Director, Technical Policy Analysis, Financial Executives International (FEI). This summary does not represent FEI opinion unless specifically noted above.