How to Make the Transition to the Revised 2013 COSO Integrated Framework


Let's face it, gaining compliance with any type of regulation can be a difficult and unwanted process for you and your company. It is important that proper procedures and internal controls be put in place to ensure the intent of the regulation or law is maintained.

This is no different with Sarbanes-Oxley Compliance.

Many public companies have adopted the COSO Framework as the basis for internal control policies and standards to remain in compliance with Sarbanes-Oxley. Although the framework is not legally mandated, it is widely used by finance and accounting departments across the world to gain overall reliability in financial reporting and compliance.

Recently, COSO released revisions and updates to its Internal Control – Integrated Framework. The new changes to the framework were designed to streamline compliance with Sarbanes-Oxley (SOX) and reduce overall corporate risk in today’s business and operating environments.

Important Note: COSO recommends the transition to the 2013 COSO revised framework is completed by December 15, 2014.

Is your company ready to make this transition?

If not, don’t worry; we have highlighted a few points below to make your transition to the new 2013 COSO Integrated Framework as easy as possible. In addition, we have created a webinar: Clearing Up The COSO Confusion: How to Adopt the New Framework to get you and your company ahead of the compliance game.

Things to Remember When Transitioning to the New COSO Framework

Identify Internal Controls
The first step in making a successful transition to the new framework is building internal awareness and expertise among the COSO subject matter experts within your company. Management’s knowledge and expertise is critical to designing, implementing, and maintaining control as well as assessing how effective the controls are at their goal of mitigating corporate risk.

Conduct Impact Assessment
After your experts are familiar with the revised framework, they should conduct a preliminary impact assessment to review the company’s existing controls and map the controls to the 17 underlying principles of the five components of internal control recommended by the COSO Framework.

Once the controls are aligned with the COSO Framework, you should review them to detect any gaps or deficiencies. If you identify gaps or deficiencies, your management team will need to remediate them so that they comply with the COSO Framework.

Facilitate Training and Comprehensive Assessment
After the impact assessment is performed, the company should undergo a process of engaging the broad organization to build awareness of the internal controls and pressure test the accuracy of the preliminary impact assessment.

Broad awareness among key stakeholders, including the board of directors/audit committee, senior and operational management, process and control owners, and internal auditors is essential. Also, compliance officers should discuss with external auditors how the COSO Framework has impacted changes to internal controls.

Develop and Execute Transition Plan
It’s now time to develop and execute your company’s transition plan. In this stage you’ll want to finalize your company’s updated compliance methodology and approach, define project governance and decision rights, develop a detailed project plan with key milestones, identify and assign resources, and complete other necessary planning activities. Most importantly, be realistic in your expectations and plans.

Once you have documented and deemed your internal controls effective, and validated your plan with testing to back up your initial assessment, your external auditor will need to evaluate and gain a level of comfort with your compliance program and your supporting documentation.

Empower Your Team to Continually Improve
Finally, it’s one thing to implement an adequate compliance program that effectively meets federal regulations and lowers your corporate risk. It’s another thing to empower your compliance team to continually strive to make your program best in class.

A commitment to ethical standards is established by a company’s senior leaders. Compliance team members should be empowered to recommend changes when a deficiency is detected. Internal control requirements should be embedded within the corporate culture, business processes, and procedures.

Need More Help?

Do you need more help with making the transition to the new COSO Framework?

Consider viewing our webinar “Clearing Up The COSO Confusion: How to Adopt the New Framework”. You will have a chance to hear first-hand from COSO experts from UHY on how BlackLine’s software can assist your company in making a seamless transition to the new COSO Framework.