COSO's exposure drafts updating the internal control framework require attention.

• Author: Hollein, Marie N.
• Position: FROM THE PRESIDENT - Committee of Sponsoring Organizations

The Committee of Sponsoring Organizations of the Treadway Commission -known as COSO - has some changes in store that require attention. Three Exposure Drafts issued in September for public com-ment together will update, and ultimately likely replace, the 1992 COSO Internal Control-Integrated Framework.

FEI has closely followed the ongoing development of this wide-ranging project along with a working group comprised of a number of members that is chaired by Ray Purcell.

[ILLUSTRATION OMITTED]

We now need to spread the word about the impact this update of the 20-year-old COSO framework could have on companies, and in turn on FEI members, particularly - but not restricted to - public company members, for purposes of Sarbanes-Oxley Section 404 reporting on internal control over financial report-ing. Private companies are also impacted by AICPA rules referencing COSO for certain types of specialized engagements and representations on the effectiveness of internal control.

As one of the five founding members of COSO - along with the American Accounting Association, American Institute of Certified Public Accountants, The Institute of Internal Auditors and Institute of Management Accountants - FEI has always strongly sup-ported COSO's mission of issuing guidance and thought papers to improve the state of internal control and risk management, as well as publishing studies on fraudulent fi-nancial reporting, with particular emphasis on causes and potential solutions.

COSO's recent EDs, meant as an update, may be viewed by some as an amendment to its guidance as it creates a set of 17 principles that underlie the original five components of internal control. The principles are meant to further elucidate and assist in the implementation of internal control.

In addition, the roughly 80 "points of focus" that further describe the principles are meant to help explain points that identify when principles are present and functioning.

Similarly, the concept of having the principles present and functioning demon-strates that the core components of internal control - control environment, risk assess-ment, control activities...