Adding Value with COSO: Beyond Compliance
After a number of major corporate scandals involving companies such as Enron and WorldCom, publicly traded organizations became regulated with the passing of the U.S. Sarbanes-Oxley Act of 2002. Since then, the vast majority of organizations that comply with Sarbanes-Oxley have converted their control documentation to the updated Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control – Integrated Framework, which was revised in 2013.
While some organizations found implementing the COSO framework to be relatively easy, some found it rather burdensome. Others used it as an opportunity to take a fresh look at internal control over financial reporting and, as a result, gained added assurance. However, COSO did not intend the framework to be used solely for financial controls. It was designed to help organizations effectively develop a system of internal control that would meet the challenges of an ever-changing business and regulatory environment.
The research for this report focused on four organizations that are applying the framework to all three categories of business objectives—operations, reporting, and compliance—in different ways. Some key findings emerged from interviews conducted with the four organizations. Their examples may help readers implement COSO’s framework to improve risk management and control in their organizations.
As an added value to this report, several organizations have generously agreed to share samples of the documentation used in implementing the framework. The COSO Implementation Toolkit lets you customize the samples to meet your organization’s needs and is included in the purchase price of this report.
James Roth, PhD, CIA, CCSA, CRMA, is president of AuditTrends, LLC, a training firm devoted to identifying and communicating the best of current internal audit practice. Jim has 35 years of progressive internal audit and teaching experience. His work includes nine AuditTrends seminars, nine books, and seven other major works for The IIA. He wrote all of The IIA’s early research studies and training programs on COSO. His previous publications directly related to COSO are:
- Evaluating Internal Control: A COSO-Based Approach
- A COSO Implementation Guide
- Control Model Implementation: Best Practices
- Internal Audit’s Role in Corporate Governance: Sarbanes-Oxley Compliance
- Best Practices: Evaluating the Corporate Culture
In 2008, The IIA presented Jim with the Bradford Cadmus Memorial Award, which was “established…to honor individuals making the greatest contribution to the advancement of the internal audit profession.”
Item Number: 10.1229