After its initial release of the framework 20 years ago, COSO has now come out with an updated edition in May 2013. The updated Framework has considered changes in business and operating environment and accordingly expanded the operations and reporting objectives. What is more interesting (and the most prominent / significant one!!!) is that the updated Framework has articulated 17 principles of effective internal control.
I. Control Environment:
II. Risk Assessment:
III. Control Activities:
IV. Information and Communication:
V. Monitoring Activities:
Apart from listing these 17 principles, the updated Framework has also described important characteristics of these principles though ‘points of focus’ aimed at clarifying requirements for effective internal control. ‘Points of focus’ are anticipated to provide helpful guidance to assist organization in designing, implementing and conducting internal control and in assessing whether relevant principles are present and functioning.
The updated Framework is expected to increase the ease of use and broaden application by expanding operations and reporting objectives. It seems that the updated Framework is intending to create a more formal structure for designing and evaluating the effectiveness of internal control. In my view, it is also reflecting the increased relevance of technology.(Principle 11) Considering the Enron, WorldCom saga, 2008 global financial crisis, etc, the updated Framework has given specific consideration to anti-fraud subject in relation to internal control.
Organizations currently using the original 1992 Framework should be able to establish their transition plan to move to updated 2013 Framework. The onus is on these organizations to apply the updated Framework by December 2014 for external reporting.