Click me to close


High-lights of COSO's Update on Internal Control - Integrated Framework

January 21, 2015

On December 19, 2011, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an exposure draft to update the 1992 Internal Control - Integrated Framework (ICIF) for public comments. The comment period concluded on March 31, 2012 and the final ICIF is expected to be issued during the first quarter of 2013.

The 20 year-old ICIF model has been widely used in the US and around the world. Since 1992, the inception of the original framework, business models and environments changed dramatically. COSO believes the updated ICIF model will help organizations to design, develop, and maintain their internal control system more effectively and efficiently.

How the new framework may affect your company


Companies which has been effectively applied the original frameworks should have little, if any, additional work because of the update. Companies which are in the process of implementing their internal control systems are provided with more clear guidance to follow.


Most of concepts codified in the updated framework are not new to the public. Depends on how the original framework was applied, companies may draw a different conclusion about the effectiveness of their internal control when considering the newly added principles discussed below.


Update of the five components of internal control


The updated ICIF model does not change the five components, including Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring Activities of the original framework, but explicitly states seventeen principles previously implicitly reflected in the original framework. These principles and their attributes are added to clarify the existing concepts and to make the framework easier to apply.


Key changes across all areas of the ICIF framework includes the clarification of the role of objective setting in internal control, the reflection of the increased relevance of technology, the enhancement of the consideration of anti-fraud expectations and the governance concepts, the expansion of the reporting category of objectives, and the consideration of different models and organizational structures.

Update of the roles and responsibilities of management, board and board-level committees


Discussions of the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO)'s responsibilities are added in the updated framework. The CEO sets the tone at the top of the Company's control environment. The CEO is responsible for maintaining effective internal control on a daily basis because the CEO's leadership and decision directly affect the internal control components of the Company. The CEO leads other personnel at the management level to ensure that the business is functional properly. The CFO provides front line supports to the CEO in making business decisions and strategic plans. The CFO also monitors the financial performance and business results to provide feedbacks and suggestions to the CEO. Both CEO and CFO are responsible for maintaining an effective internal control system and environment.


The updated framework also expended discussions of different committees at the board level. The board has a significant role monitoring and evaluating the management. Board members are required to have working knowledge of an organization's business in order to fulfill their governance responsibilities. The board members are also required to commit the time to fulfill their governance responsibilities. Through different board-level committees, the board can focus on specific internal control component. For example, the Audit Committee often emphasizes the risk of oversight and monitors the senior management for overriding controls or any business misconducts. The Compensation Committee oversees management performance to provide oversight of compensation arrangements.

David Grossman

Written by David Grossman

0 Comment