Alert: Regulators and auditors expect the 2013 COSO Framework
There's a shift happening in internal controls compliance—and one expectation is for companies to adopt the new 2013 COSO internal controls framework.
In May 2013, the Committee of Sponsoring Organizations (COSO) released an updated internal control framework. It was hinted that this updated framework would replace the 1992 internal control framework and would supersede it on December 15, 2014.
The SEC did not require companies to adopt the newly updated framework by that same date, but through staff comments and remarks, it strongly suggested that all companies disclose which framework they were using in their filings. If companies were using the 1992 COSO framework, the SEC said it may pose questions about the choice to continue using the old framework.
The SEC isn't the only one expecting a transition. External auditors are beginning to expect internal control professionals to evaluate their processes with the new 2013 COSO Framework. If you're still using the old one, you will stand out to governing bodies like the SEC and PCAOB. Why risk damaging investor confidence and greater scrutiny from external auditors by relying on an internal control framework that's over 20 years old?
Recent filings have shown us that there are still several hundred, if not more, companies that have yet to transition from the 1992 Framework. There also may be groups of companies that don't plan to.
If you're a company that has yet to begin, a word of caution: regulators and your external auditors are watching. Now is the time to make it happen.