Another year down and another successful co-hosted CPE event is in the books! Last week, Parker + Lynch Portland hosted some of the finest CPAs in the area for a complimentary breakfast and 2 hour live CPE event, led by two Directors from Moss Adams. The focus of the content was titled COSO 2013: The Obvious Solution. Don’t stop reading yet! Initially many people reading this title are thinking one of two things: (1) I’m not a public company, we don’t have to implement Sarbanes-Oxley (SOX), or (2) We’ve already implemented COSO 2013 this past year (as required for public companies). Isn’t this training a little dated? Quite the opposite! We want to focus on applying the framework of COSO 2013 to all areas of risk and concern within a company, beyond SOX, in an effort to achieve organizational operational objectives.
Some of you may be asking, what is COSO again? The Committee of Sponsoring Organizations (COSO), which is a fancy way of saying five different accounting and business related organizations that got together and developed a unified framework for providing guidance on how to better assess, design, and manage internal control.
The 5 components of COSO 2013 Framework:
- Control Environment
- Risk Assessment
- Control Activities
- Information & Communication
- Monitoring Activities
This ultimately became the framework used to audit and assess internal controls as part of Generally Accepted Auditing Standards (GAAS). Today, it is widely used as the predominant framework for reporting on effectiveness of internal controls over financial reporting by public companies listed in the United States in accordance with Section 404 of the Sarbanes-Oxley Act.
But this is where things get interesting – the COSO framework can and should be used beyond the compliance matters of SOX. Businesses are exposed to numerous other risks, challenges, and regulatory requirements on a daily basis.
You might be asking yourself how can the COSO framework benefit your business? Once implemented; it gives businesses the following benefits:
- Enables the creation of policies and procedures
- Provides defined roles and responsibilities
- Gives consistent framework
- Based upon risk- allows you to ask “what is right for you”
- Adaptive to your company’s objectives and changing needs
- Ability to measure and improve performance
- E2= effective and efficient
- Measurement- health status of activities
For example, Foreign Corrupt Practices Act (FCPA), Cyber Security concerns, Privacy and HIPPA Compliance, and OSHA – are just a few risks that businesses are faced with everyday. This is where COSO is the obvious solution! Leveraging the COSO framework helps to address other business risks and objectives.
Here are some key takeaways for applying the framework:
- Identify an important objective to the company
- Assess the risk that could prevent the achievement of the stated objective
- Develop activities (controls) that mitigate the risks of not achieving that stated objective
- Define policies and procedures
- Define roles and responsibilities
- Set the “tone at the top”
- Develop monitoring and reporting to ensure accountability
- Ensure a timely assessment and final report
We’re here to help you navigate the complex and ever-changing world of internal controls by connecting you with top accounting and finance professionals. Contact one of our offices today to start moving your business forward.