An organization that is little known outside of finance and accounting departments is making a big impact on public companies with the release of a new compliance framework. Fortunately, automated tools remove much of the risk – and organizational headaches – of adapting to these changes.
COSO, or the Committee of Sponsoring Organizations of the Treadway Commission was formed almost 30 years ago to sponsor the National Commission on Fraudulent Financial Reporting. It was charged with providing guidance on internal and external controls for public organizations and business management.
As business evolves, so do COSO’s guidelines, as they did with the introduction of a new COSO framework in 2013. Such transitions can create risks if they are not implemented correctly. Using an automated solution to incorporate the changes removes much of the burden and risk of the transition, allowing companies to remain focused on their business.
COSO 101
The COSO framework is an integrated effort of five organizations that dates back to 1992. This alphabet soup of industry groups includes the American Institute of Certified Public Accountants (AICPA), American Accounting Association (AAA), Financial Executives International (FEI), Institute of Internal Auditors (IIA) and the Institute of Management Accountants (IMA). COSO’s framework provides a definition for internal control and is designed to achieve:
1) Effective and efficient operations
2) Reliability of financial reporting
3) Compliance
4) Safeguarding assets
The framework seeks to implement best practices for setting and providing a controlled environment, identifying and evaluating risk, implementing control activities, reporting systems, and evaluating the internal control system. While the intent of the framework has not changed in the 2013 iteration, the underlying principles have evolved to provide internal control for businesses of the 21st century.
Transitioning to the COSO 2013 Framework
Transitioning to the next iteration of COSO framework can be a challenge and inherently risky if not done properly. Companies can follow a simple process to tackle what can be a daunting task:
- Understand how much change will be required of the specific company. Setting the expectations for the degree of change can help alleviate fears and avoid overwhelming the compliance and finance teams.
- Evaluate which principles may lack adequate controls – also called gaps – by mapping controls to each principle, or identify the principle and then map it to a control. The latter method potentially uncovers a single control for multiple principles, which is ideal from a testing and documentation standpoint.
- It is important to properly document each step of the transition to the new framework to provide evidence of each control and associated principle during a future audited. If a gap is suspected, the organization needs to consider three areas: documentation, performance and reporting.
Understanding the Gaps
Organizations should look at documentation, performance and reporting to help further identify gaps in internal controls. While documenting each control is important for auditors, there is a fine line between the right amount, too little and too much documentation. Disparate systems often cause poor visibility, which can prompt auditors to worry about the control. Conversely, excessive documentation can be a hassle for auditors and could even raise concerns about data accuracy and quality.
Data accuracy and quality can also be symptomatic of poor performing productivity solutions. While ERP systems are designed to be integrated with smaller point solutions, often they deliver contrasting results and obscure visibility. Such lack of visibility can make it difficult for internal and external auditors to find the proper documentation. While ERP suites can be effective for specific tasks and functions, they do not ensure management and governance over the entire process.
Weak performance and documentation are separate issues, but the result is often the same: poor reporting.
Bridging the Gaps
Control gaps are common, but are not desirable, and can be bridged with the right tool to keep organizations in compliance while they transition to the new COSO framework. An automated solution that manages, documents and helps to monitor internal controls during the transition to the new framework helps organizations mitigate compliance risks.
via Business 2 Community http://ift.tt/1gTwcRz
Aucun commentaire:
Enregistrer un commentaire