I was recently able to speak with Jim DeLoach, a managing director at Protiviti, about how the implemention of the updated Committee of Sponsoring Organizations (COSO) Internal Control – Integrated Framework (Framework) during 2014 has been an important endeavor for many public companies in their efforts to comply with Section 404 of the Sarbanes-Oxley Act of 2002 (SOX).
Jim and his colleague, Keith Kawashima, also a managing director, will be speaking on our free webinar on April 22 at 11:00 a.m. CDT: COSO 2013 - Why Should You Still Care?
- What percentage of the companies (that are required to do so) have already implemented the updated Committee of Sponsoring Organizations (COSO) Internal Control – Integrated Framework (Framework)?Through April 2, over 3,500 companies with fiscal years ending after December 15, 2014 (the date COSO ceased supporting the original 1992 Framework) have filed annual reports. Of those companies, only 18 percent disclosed they did not transition to the 2013 Framework.
- What lies in store for companies that have decided to defer transition to the updated framework? Given the strong majority of companies that have transitioned successfully this year, we can reasonably anticipate that the U.S. Securities and Exchange Commission (SEC) staff will expect these companies to transition next year except perhaps in the most extreme circumstances.
- Are there really companies who are just outright refusing? Or are they just declining to disclose their reasons for deferring?
Not really. It was not a requirement because the SEC elected not to initiate rulemaking on the matter and the SEC staff signaled a passive stance to the marketplace noting they intended to monitor the transitions by filers. COSO is not a regulator. As a result, most filers perceived they had an option to transition this year or defer the transition until next year. The advice of the audit firm may have also had a bearing on the decision by individual filers. - Beyond assuring the effectiveness of internal controls over financial reporting, what might be another way to use in framework, perhaps in an operating arena?
The 2013 Framework offers further guidance on its application to other objectives beyond external financial reporting. Specifically, the Framework may be applied to objectives relating to operations, compliance, internal reporting and other external reporting (e.g., sustainability reporting). While compliance with Sarbanes-Oxley Section 404 has commanded the air waves, it makes sense for companies to improve their internal controls on other fronts. - What is one big “lesson learned” so far by companies that have implemented the new framework?
Certainly a major lesson learned is that the top-down, risk-based approach used in prior years when evaluating internal control over financial reporting is not changed by the filer’s transition to the 2013 Framework. There are many more granular lessons starting from there.
Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. Named one of the 2015 Fortune 100 Best Companies to Work For®, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
Connect with Mary Driscoll on LinkedIn: www.linkedin.com/in/marydriscoll