Big Changes in Financial Compliance with COSO 2013:
In December 2014, the Committee of Sponsoring Organizations (COSO) withdrew the aged COSO Internal Control – Integrated Framework (1992). This is the predominant Framework declared for Canadian and US public companies for CEO/CFO Certifications. This means a change in both countries. US listed companies have for the most part migrated to COSO 2013 – approximately 80% (according to surveys in the marketplace).
TSX Listed entities need to take care that they are declaring the correct COSO Framework.
A majority of Canadian companies (approximately 75%) are still declaring the old 1992 Framework or just COSO. If your company is still declaring the expired Framework, it might appear that the CFO and CEO are not on top of current disclosure requirements.
Some of the highlights of the areas of change in COSO 2013 are:
- Very robust risk assessment which has many of the elements from Enterprise Risk Management (ERM).
- The requirement to assure that the new seventeen principles and COSO components are “present and functioning”
- More involvement at high levels of the organization with objective setting.
- Focus on subcontracted functions to highlight that only the function is outsourced, not the responsibility for controls.
- A renewed focus on IT both in the data quality and security areas which is quite timely.
Since this 2013 Framework update is quite massive, it requires a rethink in many areas. There will be extensive updates to controls documentation and testing techniques. All in all, this change to the new Framework is a positive step, but impacts internal processes and public disclosures. Detailed plans will be required for this important migration to the new COSO 2013 Framework.
Boards and senior management should assure that they are up to speed with the new COSO 2013 requirements before declaring the new Framework.
For more information on this important requirement, please see our webcast event , Issues Central events.