COSO Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission
As noted in Appendix D, Methodology for Revising the Framework, a draft of the Framework was issued for public comment from December 19, 2011 through March 31, 2012. There were more than 100 public responses to the on-line survey and 96 public comment letters relating to this exposure draft. These letters contained more than 1,000 comments on many aspects of the updated Framework, and each comment was considered in further revisions.
Interested parties were also invited to comment on the Framework during the 78-day public exposure of Internal Control over External Financial Reporting: A Compendium of Approaches and Examples. Responses to the on-line survey questions and twenty-three public comment letters related to the post-public exposure version of the Framework.
This appendix summarizes the more significant comments and any resulting modifications to the Framework arising from these exposure periods. Many respondents concurred with COSO that the updates to the Framework are expected to help management strengthen existing systems of internal control by responding to many changes in the business and operating environments over the past twenty years, codifying principles associated with the five components of internal control, and expanding the reporting objective to include other important forms of reporting. There were divergent views as to whether the updates to the Framework would set a higher threshold for attaining effective internal control, impose additional burdens on entities that report on internal control, and should incorporate additional aspects of enterprise risk management.
Whereas some respondents sought fundamental changes to the Framework, others recognized that the Framework remains relevant and useful today and should be used as the basis for an update in selected areas, as discussed below.
Some respondents suggested amending the definition in different ways. Individual suggestions included aligning the definition with other standards, embedding risk, removing objective categories, increasing emphasis on the board, adding anti-fraud/ethical behavior expectations, removing the concept of reasonable assurance, expanding the reporting objective to include other aspects such as timeliness and transparency, and stipulating that effectiveness of internal control is attained by reducing the risk of not achieving an objective to an acceptably low level. Other respondents, however, noted that the original definition has gained wide acceptance (e.g., auditing standards, legislation and guidance) and should be retained.
The Framework revises the definition to remove the modifiers from each category of objectives. The reasons for this change are that the objectives are discussed in some detail later in Chapter 1, Definition of Internal Control, and with the broadening of the reporting category, respondents appropriately identified additional relevant aspects of the reporting objective beyond just reliability.
Other than this change, the Framework retains a broad definition as other suggestions are either encompassed in the definition, as amended, or are discussed more appropriately as part of the components of internal control. Finally, incorporating the notion of reducing risk to a low level potentially pre-empts management's judgment and may be too restrictive for some objectives.
Some respondents called for reconsidering the expansion of financial reporting objectives and potential regulatory implications, and reconsidering the measurability of the achievement of operations objectives. The Framework retains descriptions of the three categories of objectives and provides supplemental descriptions of operations and compliance objectives.
| Generated November 9, 2014 22:46:48 |