Implementing the Revised COSO Internal Control Framework
AS WE HAVE STATED IN previous chapters, the COSO internal control framework is not a standard or firm set of rules requiring compliance but represents best practices guidance. In that context, COSO’s May 2013 revisions have introduced some changes to allow enterprises to better implement and understand their internal control processes. However, as part of an enterprise’s Sarbanes-Oxley Act (SOx) Section 404 internal control requirements, it is required to attest that its internal controls are in compliance with the COSO internal control framework. Yet with the new revisions to the framework, a manager might ask, “Which COSO framework should I use—the 1992 or the new version?”
To help in this process, COSO has outlined transition rules for converting to the revised internal control framework. In the final chapter in this book, we outline COSO’s proscribed transition rules for converting to the revised framework and attesting to their SOx Section 404 compliance. The revised standards do not require major changes to enterprise operating procedures, but enterprise executives should be aware of changes that need to be put in place.
UNDERSTANDING WHAT IS NEW IN THE 2013 FRAMEWORK
Perhaps the most significant changes to the revised COSO framework are the 17 principles highlighted in Chapter 3 and discussed further in subsequent chapters. Each of these principles is assigned to one of the five components of internal control, ...