January 2012

COSO Releases Updated Internal Control – Integrated Framework for Public Comment

On December 19, 2011, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released for public comment an updated Internal Control-Integrated Framework (Framework).

The comment period ends March 31, 2012.

Release of a final Framework is expected in the fall of 2012. COSO also is developing a companion document to the Framework intended to assist management in designing and implementing a system of internal control over external financial reporting. This is expected to be released for public comment this summer.

The Framework, updated to reflect changes in the business and operating environment since COSO’s original publication in 1992, retains the core definition of internal control and the five components of a system of internal control including: 1) control environment, 2) risk assessment, 3) control activities, 4) information and communication, and 5) monitoring activities.

The broad criteria used to assess the effectiveness of an internal control system also remain unchanged, and the Framework continues to emphasize the importance of management judgment in the design, application, and assessment of the effectiveness of a system of internal control.

One significant enhancement in the Framework is the codification of internal control concepts introduced in the original framework into 17 principles and supporting attributes. These principles and attributes provide clarity for the user in the design and development of systems of internal control in an increasingly complex and rapidly changing environment.

Other objectives of the Framework are to clarify the role of objective-setting in internal control, reflect the increased relevance of technology, enhance governance concepts, expand the reporting category of objectives, enhance consideration of anti-fraud expectations, and consider different business models and organizational structures.

Principles and Attributes

The Framework includes 17 principles representing the fundamental concepts associated with each component of a system of internal control. Supporting each principle are attributes, representing characteristics associated with the principle. A summary of the 17 principles by component is provided below. Further information regarding related attributes is available within the Framework.

Summary of Principles

Control Environment – 5 principles and 21 attributes

Principle 1: The organization demonstrates a commitment to integrity and ethical values.

Principle 2: The board of directors demonstrates independence of management and exercises oversight for the development and performance of internal control.

Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.

Principle 4: The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.

Principle 5: The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

Risk Assessment – 4 principles and 19 attributes

Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.

Principle 7: The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.

Principle 8: The organization considers the potential for fraud in assessing risks to the achievement of objectives.

Principle 9: The organization identifies and assesses changes that could significantly impact the system of internal control.

Control Activities – 3 principles and 16 attributes

Principle 10: The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.

Principle 11: The organization selects and develops general control activities over technology to support the achievement of objectives.

Principle 12: The organization deploys control activities as manifested in policies that establish what is expected and in relevant procedures to effect the policies.

Information and Communication – 3 principles and 14 attributes

Principle 13: The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control.

Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control.

Principle 15: The organization communicates with external parties regarding matters affecting the functioning of other components of internal control.

Monitoring – 2 principles and 11 attributes

Principle 16: The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.

Principle 17: The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

ParenteBeard LLC: Confidence Through Clarity

If you want to discontinue receiving communications from ParenteBeard LLC,
please place UNSUBSCRIBE in the subject field and reply.

If you have trouble viewing this email,
please click the following link or copy and paste into your web browser.
http://www.parentebeard.com/email/2012/cgrm/cgrm_e-alert_1201_1.htm

ParenteBeard LLC | One Liberty Place | 1650 Market Street | Suite 4500 | Philadelphia, PA 19103