COSO

COSO issues guidance document for comment

Tue, 25 Sep 2007 06:59:59 -0400

The one thing that vexed people in the AS2 era was a lack of implementation guidance. That contributed a lot to the overly conservative approach that frustrated so many companies. The PCAOB and the SEC have pledged to do better. And they have issued more guidance. And now, COSO has followed that same suit. I am not sure how many companies still rely on COSO, but it is certainly an opportunity to stay relevant. Some might see that as a lost cause. In any case, COSO has released a discussion document that contains preliminary guidance on internal controls monitoring. It is asking for public comment before Oct. 31. It developed the document with Grant Thornton. It could prove valuable. The final publication currently is due in the first quarter of 2008, still in time perhaps for many audits. It promises tools, case studies and examples narrowly focused on internal controls.

For more:
- here's the release

Related articles:
- Finally, new Sarbox rules approved
- COSO aims to provide Sarbox guidance soon

Finally, new Sarbox rules are approved

Mon, 28 May 2007 20:01:39 -0400

Well, it has come to pass. The new guidance from the SEC and PCAOB will almost certainly be officially stamped in time for the guidance to apply to 2007 audits. So good luck. The new rules will mean different things to different companies. My guess is that the internal process may not change dramatically this year, though everyone should breath easier. The new guidance does not require an opinion on the effectiveness of managements' risks review process--that sort of sets the tone for compliance under AS5. Even though the document is a lot shorter than AS2, it contains an awful lot. There aren't any huge surprises. My short list of notable items: The guidance aims to ease the transition for small-companies, which have been exempt until now, including lots of notes on how rules apply. The text is a lot easier to understand. It does not, unfortunately, provide a very specific definition of materiality. Still, Sarbanes-Oxley is here to stay, and this clears the air some.

As for the larger effects, they are being debated. The early take is that the new rules are great for large companies--one analysts says corporate earnings will rise by 2 percent--while vendors, staffing firms and maybe the Big Four suffer. Others aren't so sure.

For more:
- here's an overview
- here's the quick take on the new standard
- here's the whole enchilada with some added sauce
- even more guidance coming from COSO via grant Thornton

New guidance for IT aspects of Sarbox

Mon, 12 Feb 2007 19:01:39 -0500

The strength of information technology systems when it comes to section 404 has a bitter bone of contention since Sarbanes-Oxley was enacted. Auditors, to the frustration of clients, have spent a lot of time trying to assess the strength of various controls, often relying on outdated guidance from the likes of COSO and COBIT. With AS5 released, the Institute of Internal Auditors (IIA) has released its anticipated guidance, which hopefully will put companies and auditors on the same page regarding IT. The guidance does not specify which systems are necessary across the board but rather offers aid for companies to determine which are necessary for its specific circumstances. This is in keeping with the recent reform measures. Some think it will give companies ammunition to confront their auditors, if the auditors are still taking the cover-your-butt approach.

For more:
- here's an article from CFO.com

ALSO NOTED: COSO relevant to small companies;A look at security software delivered as a service;

Mon, 04 Dec 2006 19:01:38 -0500

> Venture capitalists want meaningful reform of Sarbox from a small company perspective. Article

> Similarly, the council of institutional investors would have liked more shareholder rights recommendations. Article

> We brought you news last week that some think prosecutors have been too zealous. Apparently, an ex-Justice Department official agrees. Article

> In many ways, COSO is struggling to remain relevant. Perhaps COSO for small public companies is one way. Article

> Security software delivered as a service is a growing market thanks in part to Sarbox. I could say that about a number of products, but it would be worth understanding your software as a service options. Here's an article on Symantec's push.

> SEC approves PCAOB budget for 2007. Article

And finally...Here's a funny quote from the outspoken CEO of Seagate Bill Watkins: "CEOs who whine about Sarbanes-Oxley don't belong in their jobs. Come on guys, get over it." Article

ALSO NOTED: Sarbox gooses in-house lawyer pay; LSE bent on staying out of Nasdaq's clutches;

Mon, 13 Nov 2006 19:01:38 -0500

> A new study finds that a lack of guidance and the ill-fitting nature of COSO's 1992 framework has boosted compliance costs. Initial reaction: Tell us something we don't know. Article

> The London Stock Exchange's strong growth may help it thwart overtures by the Nasdaq. At least, that's what LSE execs hope. Article | The CEO maintains the exchange is not for sale. Article

> Corporate America has made its Sarbox views know to the world. It sure seems as though there is broad consensus on trade. The only exception seems to be editorial writers. Article

> In-house lawyers salaries keep on going up. And Sarbox is one big reason. Article

And Finally... The stock market actually likes governmental gridlock. Article

COSO aims to provide Sarbox guidance soon

Mon, 23 Oct 2006 20:01:39 -0400

The Committee of Sponsoring Organizations of the Treadway Commission, known to all of you as COSO, has taken a few lumps as of late. When Sarbox was first passed, many assumed--indeed, regulators pushed the idea--that COSO's Internal Control Integrated Framework would provide a blueprint for compliance--a roadmap to chart new territory. It hasn't turned out that way, hence the many calls for more definitive guidance from the Securities and Exchange Commission. In December, the SEC will indeed take up the issue. COSO, however, is bent on remaining relevant. It has just issued a request for proposals to develop internal control systems guidance. The COSO board is aiming to complete the project by the end of 2007. November 1st is the deadline to file your intent to submit a proposal.

For more on this:
- Here's an update from WEBcpa.com

The real costs of Sarbox compliance

Mon, 16 Oct 2006 20:01:39 -0400

So what is really driving the costs of compliance? A new survey from the Institute of Management Accountants has identified the following: 1) a lack of useful guidance from the SEC or other organizations about what constitutes effective internal control--COSO is apparently not enough--and 2) Redundant testing by auditors and internal Sarbox resources--the survey suggests that the idea of achieving efficiencies via an integrated audit of internal control incrementally along with the traditional financial statement audit has yet to be put into practice. As fate would have it, planned SEC guidance to help companies comply with Section 404 is scheduled to be discussed at a Dec. 13 meeting. Actual release could be far in the future, however.

For more on the survey:
- Here's a press release

A better way to evaluate IT controls?

Mon, 24 Jul 2006 20:01:38 -0400

The final SEC rules require companies that base their internal financial control evaluation on a recognized framework, one that is bias-free and allows consistent measurements in a way that accounts for all relevant factors. Companies have several options when it comes to this framework. The one issued by COSO would work fine, for example. The AICPA and CICA have also developed a so-called Trust Services framework. Article