COSO exposure draft (to update the internal control integrated framework)

Has anyone read through all the 168 pages of the COSO exposure draft? I really wanted to read through all pages and provide comments on the draft prior to the March 31, 2012 comment deadline, but alas, life got in the way and I have made it through only one-fifth of the document.

In search for a quick ‘cliff notes’ (yes, this dates me!) version of the exposure draft, I came across many good comments. Here’s a selection of a few of them I’d like to share with you:
Chief Audit Executives Roundtable on COSO exposure draft
Norman Marks comments on the COSO draft
FEI Financial Reporting Blog

In reading through the exposure draft, I have wondered why the COSO original cube has not been combined with the ERM COSO cube. In my line of work, it seems that the ERM COSO cube would be applicable and appropriate in almost all situations, which in my opinion, would render the original COSO cube irrelevant.

The COSO ERM framework (released in 2004) states that:
“The ERM framework encompasses internal control, forming a more robust conceptualization and tool for management. Internal control is defined and described in Internal Control – Integrated Framework. Because that framework has stood the test of time and is the basis for existing rules, regulations, and laws, that document remains in place as the definition of and framework for internal control. While only portions of the text of Internal Control – Integrated Framework are reproduced in this framework, the entirety of that framework is incorporated by reference into this one.”

As noted by Norman Marks, the update of the COSO internal control framework through the exposure draft was an opportunity to update risk management language in accordance with other recognized international risk management standards (such as ISO 31000) but this opportunity was missed with this exposure draft. The exposure draft addresses the relationship of the exposure draft with the COSO ERM framework by saying (on page 161) that “Enterprise risk management is broader than internal control, expanding and elaborating on internal control and focusing more fully on risk Internal control is an integral part of enterprise risk management. The COSO ERM framework remains in place for entities and others looking more broadly at enterprise risk management.”

When life slows down a little, I will follow up this post with some of my personal observations of the COSO exposure draft. I have some good (and long) reading ahead of me 🙂

For those of you who have read through the exposure draft, what are your thoughts?


0 Responses to “COSO exposure draft (to update the internal control integrated framework)”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


April 2012
« Mar   May »



Online Accounting Degree blog feature

%d bloggers like this: