PREFACE

MUCH HAS BEEN learned in the decade since corporations, other entities, and auditors started re-reading the 1992 COSO Internal Controls Framework document to understand their mandates to document and assess internal controls. We have been through a version of the guidance targeted to smaller public companies (2006) and special guidance for unscrambling what is meant by Monitoring (2009). In 2013 we were presented with the updated Framework that will replace that prior COSO literature after December 15, 2014, and serve as our basis for going forward. Many entities that began the COSO process in 2002-2003 have not made major changes in their approach since that time. The revised Framework provides an excellent opportunity to re-examine past practices and seek improvements and efficiencies, since some level of change is likely to be necessary anyway.

It is likely that the COSO Internal Controls Framework will be around in some form throughout our working lives. Some still fail to embrace its goals and others work hard to find ways to try to change the laws and standards or short-cut the required assessment procedures. Still others are starting to recognize some of the benefits that can be realized from effective controls and more orderly and automated processes.

This book will look back on some of the “lessons learned” as experienced by entities and auditors. We will examine some of the academic and professional literature that provides wider insight than can be obtained from ...