July 11, 2006
COSO Webcast Today Outlined Internal Control Examples for Smaller SOX 404 Filers
An excellent, if repetitive, Webcast was held today outlining The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) final guidance for Internal Controls over Financial Reporting for smaller publicly traded companies listed on U.S. markets.
Participants included Larry Rittenberg - head of COSO, David Richards - head of the IIA, Frank Martens - PwC staffer involved with COSO project team on guidance for smaller companies, Trent Gazzaway - Grant Thornton, and Christine Bellino - Jefferson Wells.
The latest guidance is entitled "Internal Control over Financial Reporting – Guidance for Small Public Companies" and will be available for a small fee at a number of association websites such as (AICPA, FEI, IIA, etc).
Highlights of the latest guidance discussed on the Webcast included:
Participants included Larry Rittenberg - head of COSO, David Richards - head of the IIA, Frank Martens - PwC staffer involved with COSO project team on guidance for smaller companies, Trent Gazzaway - Grant Thornton, and Christine Bellino - Jefferson Wells.
The latest guidance is entitled "Internal Control over Financial Reporting – Guidance for Small Public Companies" and will be available for a small fee at a number of association websites such as (AICPA, FEI, IIA, etc).
Highlights of the latest guidance discussed on the Webcast included:
- The guidance is illustrative and has many examples, but is not different in substance from the original 1992 publication outlined the Internal Control - Integrated Framework.
- Focused on smaller companies, but can be helpful to larger companies.
- Outlines 20 key principles, and related characteristics, and supporting examples that range across the 5 components of the COSO framework: Control Environment, Risk Assessment, Control Activities, Information and Communication, and, Monitoring and Assessment.
- The guidance on IT controls is much more explicit than the original 1992 publication.
Some interesting questions and comments made on the Webcast included:
- Lots of viewers e-mailed questions about cost of SOX 404 projects. Understandably the panel members said it all depends.
- Not a lot of time has been spent on the area of "materiality" in the guidance. The reasoning behind this related to the availability of other information on this topic in the public domain.
- Monitoring (regular event) and assessment (periodic event) will become more integrated over time.
- The challenge of "balancing" management's involvement (addressing management override) in the financial reporting process is critical because of both the potential for conflict (negative) but also because of valuable experience (positive) being needed. The need for smaller company board of directors to become more greatly involved in oversight was discussed.
- The COSO organization is looking at a broader strategy, and obtaining the required funding, on how to help companies to address risk more thoroughly in the areas of enterprise risk (ERM), plus ongoing monitoring, harmonization of control frameworks, and more.
At the end of the day, not much has changed for smaller filers, but the guidance will be helpful.
