The Committee on Sponsoring Organizations of the Treadway Commission (COSO) has had a framework in place since 1992 outlining the important components of the design, implementation and monitoring of internal control to aid organizations with effective risk management. Since the inception of the original framework, much has changed in the environment of business. Technology has improved and taken a greater role in day-to-day operations, transactions have become far more complex and stakeholders expect a higher degree of transparency and accountability than they ever have. COSO saw the necessity to expand and strengthen the established framework to help businesses navigate our modern economic landscape.
Expanded COSO Framework
The updated framework retains many of the same characteristics as the original version. There are still five components of internal control: control environment, risk assessment, control activities, information and communication and monitoring activities. COSO updated the components to include seventeen expanded principles for effective internal control, which are intended to provide more guidance as organizations work to improve their existing control activities. Special attention is now given to risk regarding outside service providers and business partners, fraud, increased dependence on technology and automated systems, protection of sensitive information, internal and external communication and more integrated monitoring of the control structure currently in place. In addition to the expanded principles, COSO has also included eighty one points of focus that will hopefully help organizations integrate their operations with the updated framework.
So what does this mean for your company? The expanded framework now provides more flexibility and guidance for different types of businesses. Whereas it may have been somewhat difficult for smaller companies or nonprofits to integrate their internal control environment with the original framework due to tight budget constraints, fewer and more involved staff members and acutely focused mission statements, the new framework is built around the need for pointed guidance considerations regarding the many diverse businesses in today’s marketplace. The seventeen expanded principles and eighty one points of focus allow management to more easily determine how to implement an effective internal control strategy that befits their organizational structure. Every company must manage risk, from the small, family-owned shop to the large, publicly-traded conglomerate. The updated framework has been issued with this goal in mind.
For an executive summary of the updates and to determine how your organization may benefit from them, click here.