Edith Orenstein's Member Blog

News and Views from Members

This is a public blog  public

blog entry

    COSO Publishes Exposure Draft Updating 1992 Internal Control...
    blog entry posted December 21, 2011 by Edith Orenstein, last edited April 17, 2012, tagged research, teaching 
    3266 Views, 13 Comments
    title:
    COSO Publishes Exposure Draft Updating 1992 Internal Control Framework: Why Should You Care?
    body:

    On Dec. 19, 2011 the Commitee of Sponsoring Organizations of the Treadway Commission, whose founding members are the AAA, AICPA, FEI, IIA and IMA, announced the release of an Exposure Draft updating COSO's 1992 Internal Control-Integrated Framework (IC-IF). Why should you care? Why should your students care?

    For the past 20 years, COSO's IC-IF has been the 'gold standard' as a principles-based framework for internal control, particularly internal control over financial reporting, as evidenced by the reference to COSO in the SEC's and PCAOB's rulemaking requiring management reports, and an auditor's report, on the effectiveness of internal control over financial reporting.

    Input from constituents of all five of COSO's sponsoring organizations, and other stakeholders, is highly sought to help make the resulting revision of COSO's general IC-IF, and the related Guidance on Internal Control over External Financial Reporting (ICEFR) - to be released as a separate Exposure Draft in the Spring of 2012, more practical, and more sensible from a theoretical/principles based focus as well.

    COSO's framework is a tool which students in the field of financial reporting and beyond should be familiar with as they enter the business world.

    The comment deadline on the Exposure Draft for the update to COSO's IC-IF is March 31, 2012. Read more about COSO's ED in the FEI FInancial Reporting Blog, and keep up with the latest developments by visiting COSO's website, www.coso.org."

    By the way, FEI recently launched a second blog, authored by Tom Thompson of our research affiliate, the Financial Executives Research Foundation (FERF). Learn more about the FERF research blog.

    Comment

     

    • Robert E Jensen

      "Where There's Smoke, There's Fraud:  Sarbanes-Oxley has done little to curb corporate malfeasance. Therefore, CFOs should implement a range of fraud-prevention measures," by Laton McCartney, CFO.com, March 1, 2011 ---
      http://www3.cfo.com/article/2011/3/regulation_where-theres-smoke-theres-fraud

      As a convicted felon, Sam E. Antar, the former CFO for the now-defunct consumer-electronics chain Crazy Eddie, no doubt has regrets. Among them: he is no longer in the game at a time when corporate fraud is experiencing a resurgence. "If I were out of retirement today, I'd be bigger than Bernie Madoff," he boasts.

      In conjunction with CEO Eddie Antar (his cousin), Sam Antar helped mastermind one of the largest corporate frauds in the 1980s, bilking investors and creditors out of hundreds of millions of dollars. Today, he makes a living lecturing about corporate fraud (and shorting the stocks of companies he thinks may have inflated earnings).

      Antar says that despite the antifraud provisions of the Sarbanes-Oxley Act of 2002 and the recently enacted Dodd-Frank Wall Street Reform and Consumer Protection Act, it remains as easy today for bad guys, both internal and external, to loot corporate coffers as it was during the Enron and WorldCom days. "Nothing's changed," he says. "Wall Street analysts are just as gullible, internal controls remain weak, and the SEC is underfunded and, at best, ineffective. Madoff only got caught because the economy tanked."

      Antar won't get much of an argument from organizations that monitor corporate fraud. In fact, the consensus today is that financial shenanigans are markedly on the increase. "There's a lot more employee fraud and embezzlement today then there was 10 years ago, and this past year there was much more than a year ago," says Steve Pedneault of Forensic Accounting Services. "People blame the economy, but much of the fraud and embezzlement that's coming to the surface now was in the works for 4 or 5 years before the recession hit."

      Last year, the Committee of Sponsoring Organizations of the Treadway Commission's report on corporate fraud concluded that fraud continues to increase in depth and breadth despite Sarbanes-Oxley; the methods of committing financial fraud have not materially changed; and traditional measures of corporate governance have limited impact on predicting fraud. Median loss due to fraud, based on presence of antifraud controls, 2010No. of fraud cases, based on perpetrator's dept. (2010)

      In other words, same old same old, only worse: in its 2010/2011 Global Fraud Report, risk consulting firm Kroll found that business losses due to fraud increased 20% in the last 12 months, from $1.4 million to $1.7 million per billion dollars of sales. The report, based on a survey of more than 800 senior executives from 760 companies around the world, also found that 88% of the respondents reported being victims of corporate fraud over the past 12 months. If fraud were the flu, this would qualify as a pandemic.

      The most likely targets by industry are financial services, media, technology, manufacturing, and health care. Small and midsize companies are also more vulnerable. "Many of these organizations typically rely on a small accounting department, especially in today's economy," says Pedneault. They simply don't have the resources to catch fraudsters.

      That challenge becomes all the more daunting when one considers the many varieties of fraud that exist. Aside from various forms of embezzlement and outright theft, and the growing risk of information theft (think hackers), two other kinds of corporate malfeasance have come to the fore in recent years: fraud in the business model and fraud in the business process.

      The former is defined by a company selling illegal or worthless wares. "If the pharmaceutical industry sells alleged off-label drugs that have not been approved by the FDA, or the financial-services industry is offering worthless subprime mortgages, that can constitute business-model fraud," says Toby J. F. Bishop, director of the Deloitte Forensic Center for Deloitte Financial Advisory Services.

      Fraud of the business-practice variety, Bishop explains, can range from corporations ignoring or turning a blind eye to environmental or safety laws to the ever-popular practice of engaging in "window dressing" at the end of the quarter.

      An Action Plan With fraud on the rise, and with all parties that could possibly be tempted feeling more pressure to cross the line, how should companies respond? First, the bad news: "Most fraud today is uncovered by whistle-blowers, or by accident — a tip, a rogue piece of mail, or by happenstance," says Tracy L. Coenen, a forensic accountant and fraud investigator who heads up Sequence, a forensic accounting firm.

      In a sense, companies (at least those that are publicly traded) were supposed to self-insure against fraud by implementing, at great expense, the controls framework included in Sarbanes-Oxley. But a framework still requires an enforcer, and at many companies there is none. "There's often no single entity for oversight," says Deloitte's Bishop. "Many companies have no compliance or risk management at all."

      Even when they do, there's the issue of how effective it can be. It's not a job that wins friends and influences fellow workers. "The compliance officer is the most hated person in the company," notes Thomas Quilty, CEO of BD Consulting and Investigations. "Companies often retaliate against them," adds Antar.

      "Compliance staff frequently end up pushing paper [just] so it looks like the company has tried to do the right thing in case there's an investigation," says Coenen. "They're not effective."

      As for what to do, while no one has yet come up with a silver bullet, experts point to seven useful steps that all companies can take:

      Continued in a long article

      "ACCOUNTANTS BEHAVING BADLY," by Anthony H. Catanach, Jr. and J. Edward Ketz, Grumpy Old Accountants, October 3, 2011 ---
      http://blogs.smeal.psu.edu/grumpyoldaccountants/archives/332

      Bob Jensen's fraud updates ---
      http://www.trinity.edu/rjensen/FraudUpdates.htm

      Bob Jensen's threads on professionalism in auditing ---
      http://www.trinity.edu/rjensen/Fraud001c.htm

       

    • Robert E Jensen

      Financial Instruments:  Perhaps auditing courses could make use of some of the IAASB resources in
      International Auditing Practice Note (IAPN) 1000, Special Considerations in Auditing Financial Instruments
      |http://www.ifac.org/publications-resources/international-auditing-practice-note-iapn-1000-special-considerations-auditin

       

      "IFAC Offers Alerts on Tough Audit Issues," by Tammy Whitehouse, Compliance Week, December 29, 2011 ---
      http://www.complianceweek.com/ifac-offers-alerts-on-tough-audit-issues/article/221235/

      Guidance emerging from the International Federation of Accountants might prove useful even in the United States in the coming weeks as companies close the books on 2011 and plan for the year ahead.

      IFAC's International Auditing and Assurance Standards Board has issued a practice note on special considerations that should be taken into account when auditing financial instruments. The alert, titled International Auditing Practice Note 1000, provide some practical assistance to auditors when dealing with valuation and other issues related to financial statement assertions, a touchy and complex area in any entity's financial statements in light of economic pressures and an increasing focus on fair value.

      According to IAASB Chairman Arnold Schilder, the practice note can help auditors understand the nature of and risks associated with financial instruments as well as the different valuation techniques and types of controls entities may use in relation to them. The guidance also highlights audit considerations that should be taken into account throughout the audit process. IAASB Technical Director James Gunn said through a statement that the exercise of developing the guidance was informative even to the board, which will further inform the board's work as it develops future auditing standards.

      In a separate release, IFAC's Professional Accountants in Business Committee has proposed some best practices guidance on evaluating and improving internal controls to help organizations benchmark their work in maintaining effective controls. The committee says the guidance is intended to be useful to any organization, regardless of the internal control framework it uses, to help deal with internal control issues that are often problematic because of poor design or implementation.

      Vincent Topoff, the committee's senior technical manager, says the guidance would be meaningful even to U.S. companies where internal controls are more closely scrutinized because it was developed in part by U.S. experts who have spent many years working to improve internal controls. “Together, they have identified in this guidance those areas where the application of good practice guidance often goes wrong,” he says. “This guidance considers the areas organizations need to continuously improve and the issues they need to address.” The guidance is not meant to replace any existing framework that is in use, he says.

      Finally, the IAASB also refreshed its warnings to auditors to keep economic conditions and pressures in mind as they consider whether disclosures are adequate and whether there is reason to doubt an entity can continue as a going concern. Companies continue to face volatility in capital markets and exposure to debt in distressed countries, leading to uncertainty that puts pressure on cash flow and access to credit, the board advises. Those factors complicate the audit process, and therefore must be considered closely, the board says.

      Continued in artilce

      Bob Jensen's threads on auditing professionalism are at
      http://www.trinity.edu/rjensen/Fraud001c.htm

      Bob Jensen's threads on Tools and Tricks of the Trade are at
      http://www.trinity.edu/rjensen/000aaa/thetools.htm

       

    • Robert E Jensen

      Question
      What do international standards (IFRS) and COSO’s New Internal-Control Guidance sadly have in common?

      Answer
      Lack of real world examples and varied-circumstance implementation guides

      "What’s Missing from COSO’s New Internal-Control Guidance: The proposal lacks real-world examples. CFOs will need to fill in the blanks," by Kristine Brands, CFO.com, March 20, 2012 --- Click Here
      http://www3.cfo.com/article/2012/3/risk-management_coso-internal-control-guidance?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+cfo%2Fdaily_briefing+%28Latest+Articles+from+CFO.com%29

    • Robert E Jensen

      Internal Control!
      What's internal control?

      Academic Standards Control!
      What is academic standard control?

      "Audit Finds Chicago State U. Lost Track of 950 Computers," Chronicle of Higher Education, March 23, 2012 ---
       

      A state audit released on Thursday found that $3.8-million worth of equipment, including 950 computers, is missing from Chicago State University, the Chicago Tribune reports. The university has come under fire in the past for questionable spending by a former president, Elnora D. Daniel, including a 2007 audit that detailed university-sponsored “leadership seminars” on Caribbean cruises. According to the latest audit, over the past four years the university has mistakenly awarded $123,000 in federal aid and $20,000 in state grants to students. The university issued a statement saying the administration of Wayne D. Watson, who took over from Ms. Daniel in 2009, was using a “proactive approach” to deal with the problems, but acknowledged that “these things take time.”

      Jensen Comment
      The fraud gets even worse. Because state revenues are based, in part, on enrollment it became impossible to flunk out of Chicago State University. Even David Albrecht's dog could enroll in CSU and never flunk out.

      I propose changing the abbreviation from CSU to CSI.

      Question
      How do you stay in college semester after semester with a grade average of 0.0?

      "Chicago State Let Failing Students Stay," Inside Higher Ed, July 26, 2011 ---
      http://www.insidehighered.com/news/2011/07/26/qt#266185

      Chicago State University officials have been boasting about improvements in retention rates. But an investigation by The Chicago Tribune  found that part of the reason is that students with grade-point averages below 1.8 have been permitted to stay on as students, in violation of university rules. Chicago State officials say that they have now stopped the practice, which the Tribune exposed by requesting the G.P.A.'s of a cohort of students. Some of the students tracked had G.P.A.'s of 0.0.

      Jensen Comment
      There is a bit of integrity at CSU. Professors could've just given the students A grades like some other high grade inflation universities or changed their examination answers in courses somewhat similar to the grade-changing practices of a majority of Atlanta K-12 schools. Now that CSU will no longer retain low gpa students, those other practices may commence at CSU in order to keep the state support at high levels. And some CSU professors may just let students cheat. It's not clear how many CSU professors will agree to these other ways to keep failing students on board.

      Oops!
      Everything is OK in context. I forgot this is Chicago (the most corrupt city in the United States)

       

      Bob Jensen's threads on Professors Who Cheat and Allow Students to Cheat are at
      http://www.trinity.edu/rjensen/Plagiarism.htm#RebeccaHoward

      Bob Jensen's threads on grade inflation are at
      http://www.trinity.edu/rjensen/HigherEdControversies.htm#GradeInflation

      Bob Jensen's Fraud Updates are at
      http://www.trinity.edu/rjensen/FraudUpdates.htm

       

    • Robert E Jensen

      AICPA seeks some changes to COSO’s updated framework proposal ---
      http://journalofaccountancy.com/Web/20125441.htm

      Question
      What is COSO?

      Answer --- http://www.coso.org/ 

      COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, an independent private sector initiative which studied the causal factors that can lead to fraudulent financial reporting and developed recommendations for public companies and their independent auditors, for the SEC and other regulators, and for educational institutions.

      The National Commission was jointly sponsored by the five major financial professional associations in the United States, the American Accounting Association, the American Institute of Certified Public Accountants, the Financial Executives Institute, the Institute of Internal Auditors, and the National Association of Accountants (now the Institute of Management Accountants). The Commission was wholly independent of each of the sponsoring organizations, and contained representatives from industry, public accounting, investment firms, and the New York Stock Exchange.

      The Chairman of the National Commission was James C. Treadway, Jr., Executive Vice President and General Counsel, Paine Webber Incorporated and a former Commissioner of the U.S. Securities and Exchange Commission. (Hence, the popular name "Treadway Commission"). Currently, the COSO Chairman is John Flaherty, Chairman, Retired Vice President and General Auditor for PepsiCo Inc.

      Bob Jensen's threads on professionalism and independence ---
      http://www.trinity.edu/rjensen/Fraud001c.htm

    • Robert E Jensen

      "WHAT DOES COSO STAND FOR?" by Anthony H. Catanach and J.Edward Ketz, Grumpy Old Accountants Blog, April 16, 2012 ---
      http://blogs.smeal.psu.edu/grumpyoldaccountants/archives/572

      Jensen Comment
      Sometimes COSO means "Change One Side Only"
      But in Spanish it means a place for Bull Fights
      The latter definition seems to fit better.

      Oh all right!
       

      Question
      What is COSO?

      Answer --- http://www.coso.org/ 

      COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, an independent private sector initiative which studied the causal factors that can lead to fraudulent financial reporting and developed recommendations for public companies and their independent auditors, for the SEC and other regulators, and for educational institutions.

      The National Commission was jointly sponsored by the five major financial professional associations in the United States, the American Accounting Association, the American Institute of Certified Public Accountants, the Financial Executives Institute, the Institute of Internal Auditors, and the National Association of Accountants (now the Institute of Management Accountants). The Commission was wholly independent of each of the sponsoring organizations, and contained representatives from industry, public accounting, investment firms, and the New York Stock Exchange.

      The Chairman of the National Commission was James C. Treadway, Jr., Executive Vice President and General Counsel, Paine Webber Incorporated and a former Commissioner of the U.S. Securities and Exchange Commission. (Hence, the popular name "Treadway Commission"). Currently, the COSO Chairman is John Flaherty, Chairman, Retired Vice President and General Auditor for PepsiCo Inc.

      AICPA seeks some changes to COSO’s updated framework proposal ---
      http://journalofaccountancy.com/Web/20125441.htm

      Bob Jensen's threads on COSO are at
      http://www.trinity.edu/rjensen/Fraud001c.htm
      Search for COSO at the above ling

    • Edith Orenstein

      COSO Receives Over 90 Comment Letters on ED Updating Internal Control Framework

      The Committee of Sponsoring Organizations of the Treadway Commission (COSO), author of the 1992 Internal Control-Integrated Framework, has received over 90 comment letters on its Exposure Draft released for public comment in Dec. 2011 (the subject of the initial post in this thread), on which the comment deadline was March 31, 2012. Various views can be found in the comment letters, including various suggestions for improvements to the ED, as COSO moves toward issuing its finalized update.

      In his comment above, Bob Jensen noted an article appearing in the AICPA JofA about the AICPA's comment letter on COSO's ED.

      You can read about FEI's comment letter, find links to the ED and all the comment letters, and links to more resources and updates relating to the ED, in the FEI blog here: http://www.financialexecutives.org/KenticoCMS/FEI_Blogs/Financial-Reporting-Blog/March-2012/Comments-Coming-Into-COSO-on-Internal-Control-ED.aspx

      For updates from the FEI blog on this and other accounting/financial reporting matters in the standard-setting sphere, please send an email to blogs@financialexecutives.org and write in the subject line: Sign Me Up for the FEI Blog (AAA member).

    • Robert E Jensen

      COSO:  Committee on Sponsoring Organizations of the Treadway Commission in 2012 ---
      http://www.coso.org/

      October 26, 2012

      New ERM Thought Paper Details Latest Thinking on Risk Assessment

      Recognizing the evolving nature of enterprise risk management (ERM) in recent years, COSO has released a new thought paper authored by representatives from Deloitte titled Risk Assessment in Practice. The paper provides the latest thinking on risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision-making.  It represents another in a series of papers published by COSO aimed at helping organizations move up the maturity curve in their ongoing development of a robust ERM program.


      Read the COSO thought paper, Assessment in Practice.
      Read the full press release.

      September 18, 2012

      COSO Releases for Comment Internal Control Over External Financial Reporting

      COSO has released for public comment an exposure draft of its Internal Control over External Financial Reporting (ICEFR): Compendium of Approaches and Examples. This Compendium, part of COSO’s overall project to update its Internal Control–Integrated Framework (Framework), has been developed to assist users when applying the Framework to external financial reporting objectives. COSO is also making available an updated version of the Framework, revised to give effect to comments received in the earlier public exposure, as well as proposed Illustrative Tools to assist in assessing effectiveness. COSO welcomes comments on all three of these documents.

       

      Read the Press Release
      View Exposure Draft and Provide Comments
      Read FAQ
      Download PowerPoint Presentation

      June 20, 2012

      Managing Risks of Cloud Computing the Focus of COSO’s Latest Thought Leadership

      In response to the growing number of organizations utilizing cloud computing as a viable alternative for meeting their technology needs, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published a new thought paper titled Enterprise Risk Management for Cloud Computing. The thought paper provides guidance on following the principles of the COSO Enterprise Risk Management (ERM) – Integrated Framework to assess and mitigate the risks arising from cloud computing.

      Download the thought paper
      Read the full press release.

      April 30 , 2012

      COSO Expects to Issue the Updated Internal Control-Integrated Framework and Related Supporting Documents During the First Quarter of 2013.
       

      The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has announced that the updated Internal Control–Integrated Framework (ICIF or Framework) is expected to be released during the first quarter of 2013. The final Framework is expected to enable organizations to adapt to increasing complexity and pace of change; to mitigate risks to the achievement of objectives; and to provide reliable information to support sound decision making.

      View press release.

      April 2 , 2012

      COSO Develops Draft Update to Internal Control - Integrated Framework. Public Comment Period Now Closed.


       

      In December, COSO released – for public comment – a draft update to the 1992 Internal Control – Integrated Framework (Framework) intended to help organizations improve performance with greater agility, confidence and clarity. The public comment period ended on March 31, and the final updated Framework is slated to be released in early 2013.

      View the Initial ICFR Draft Update
      View the Public Comments
      Read Frequently Asked Questions
      Download PowerPoint Presentation
      Read Initial Press Release Published December 19, 2011

      Visit the exposure draft Website for more information: www.ic.coso.org
       

      March 1 , 2012
       

      COSO Releases Thought Paper on Enhancing Board Oversight by Avoiding and Challenging Traps and Biases in Professional Judgement

       

      COSO has released Enhancing Board Oversight: Avoiding Judgment Traps and Biases, a thought-paper detailing a five-step judgment process that board members and others can use to overcome common pitfalls and mitigate the effects of judgment bias. The judgment process is based on KPMG’s Professional Judgment Framework, which enables individuals to identify where and when the quality of judgments tends to be threatened by predictable, systematic judgment traps and biases.

      View thought paper.
      View press release.

      January 20, 2012
       

      Enterprise Risk Management - Understanding and Communicating Risk Appetite


       

      Organizations encounter risk every day as they pursue their objectives. Risk appetite — the amount of risk organizations are willing to accept in pursuit of their objectives — is an integral part of an effective ERM system. This thought paper aims to help organizations develop, better articulate, and implement “risk appetite.” It provides examples of statements of risk appetite and emphasizes the notion that risk appetite should be clearly defined, communicated by management, embraced by the board, and continually monitored and updated.

      View Thought Paper
      Read Press Release

      Risk Analysis in Accounting Theory ---
      http://www.trinity.edu/rjensen/Theory01.htm

      Ratios for Return, Valuation, and Risk Analysis ---
      http://www.trinity.edu/rjensen/roi.htm

      Free Tutorials on Accounting for Derivative Financial Instruments and Hedging Activities ---
      http://www.trinity.edu/rjensen/caseans/000index.htm

    • Robert E Jensen

      Committee of Sponsoring Organizations of the Treadway Commission (COSO) ---
      http://en.wikipedia.org/wiki/Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission

      What's New with COSO?

      May 14, 2013

      2013 Internal Control-Integrated Framework Released

      COSO has issued the 2013 Internal Control–Integrated Framework (Framework). The Framework published in 1992 is recognized as the leading guidance for designing, implementing and conducting internal control and assessing its effectiveness. The 2013 Framework is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control.

      COSO has also issued Illustrative Tools for Assessing Effectiveness of a System of Internal Control and the Internal Control over External Financial Reporting (ICEFR): A Compendium of Approaches and Examples. The Illustrative Tools are expected to assist users when assessing whether a system of internal control meets the requirements set forth in the updated Framework. The ICEFR Compendium is particularly relevant to those who prepare financial statements for external purposes based upon requirements set forth in the updated Framework.

      Read Press Release
      Download Executive Summary
      Read FAQs
      Download PowerPoint Slides
      Purchase Framework and Tools

      Bob Jensen's threads on managerial accounting ---
      http://www.trinity.edu/rjensen/Theory02.htm#ManagementAccounting

    • Robert E Jensen

      From The Wall Street Journal Accounting Weekly Review on July 26, 2013

      Firms Fortify Fraud Defenses
      by: Emily Chasan
      Jul 23, 2013
      Click here to view the full article on WSJ.com
       

      TOPICS: Accounting Information Systems, Auditing, Internal Controls

      SUMMARY: The Committee of Sponsoring Organizations (COSO) has updated its Internal Control:Integrated Framework (Framework). The Framework had not been updated since 1992; the changes address inernal controls needed in today's business environment over such activities as cloud computing and outsourcing. The Securities and Exchange Commission has updated it vigilance in citing companies for internal control lapses and the Public Company Accounting Oversight Board has been finding that audit firms have failed to obtain sufficient evidence to offer an opinion on internal controls in 15% of its reviews.

      CLASSROOM APPLICATION: The article may be used in an auditing or information systems class.

      QUESTIONS: 
      1. (Introductory) What is the Committee of Sponsoring Organizations (COSO)? What document has this organization recently updated?

      2. (Advanced) How long do companies have to implement the new procedures in this document? What problems could arise for companies who do not improve internal controls in the next year?

      3. (Advanced) What steps has the U.S. Securities and Exchange Commission (SEC) taken in recent years in relation to internal controls at publicly-traded companies? Why do you think the SEC is interested in the management topic of internal controls?

      4. (Advanced) What is the Public Company Accounting Oversight Board (PCAOB)? What have been its recent findings about auditors' performance in testing internal control systems? What PCAOB procedures uncover these testing failures?

      5. (Advanced) Internal control procedures at Campbell Soup. Co. are described at the end of the article. One procedure mentioned is reconciling accounts. How do account reconciliations serve as internal control procedures?
       

      Reviewed By: Judy Beckman, University of Rhode Island
       

      RELATED ARTICLES: 
      The Big Number: 5,459
      by Emily Chasan
      Jul 23, 2013
      Page: B8

      "Firms Fortify Fraud Defenses," by Emily Chasan, The Wall Street Journal, July 23, 2013 ---
      http://online.wsj.com/article/SB20001424127887324263404578616363792687152.html?mod=djem_jiewr_AC_domainid

      Thousands of companies world-wide are planning to update systems and policies that act as their first line of defense against fraud and other hidden risks, following a sweeping overhaul of the most widely used guidelines for those safeguards.

      The new guidelines, which many companies expect to adopt by the end of next year, are for so-called internal controls, which the government has required U.S. public companies to have in place for the past decade, as part of an effort to protect investors.

      Companies might, for example, establish procedures to make sure that only employees responsible for certain types of inventory can access it, or require a particular method for inputting purchase orders. Having these systems helps companies monitor the transactions for errors, impropriety or fraud.

      Until now, internal controls have been based on a 20-year-old framework that didn't take into account the new risks posed by mobile technology and cloud computing, as well as the rise of outsourcing and shifts in corporate governance.

      Such controls haven't always been high on the corporate agenda. Lack of them has been blamed for past accounting scandals at big companies like Tyco International TYC -1.59% and Satyam Computer Services Ltd. 500376.BY +1.92%

      Large companies spend upward of $1 million a year on internal-controls systems, according to consulting firm Protiviti, but some investors consider it money well spent.

      "It's usually a lapse of internal controls that results in a loss," said Anne Sheehan, director of corporate governance at the California State Teachers' Retirement System, the nation's second-largest public pension fund.

      Ms. Sheehan said she has recently focused on controls used by pharmaceutical companies in testing new drugs submitted to regulators for marketing approval and on potential supply-chain risks at retailers in the wake of a building collapse in Bangladesh that killed more than 1,000 garment workers.

      "We want to make sure the [company's] board is aware of the risks and holds management to task, so that shareholder value is not diminished through some catastrophe," she added.

      The effort to develop effective internal controls dates back decades. The updated guidelines, released in May, come from a group of five accounting associations known as the Committee of Sponsoring Organizations of the Treadway Commission. It is the offspring of a national commission on fraudulent financial reporting in the 1980s led by then-Securities and Exchange Commissioner James C. Treadway Jr.

      The group published its first guidelines in 1992, but they were little used until the Sarbanes-Oxley Act of 2002 essentially forced most U.S. public companies to adopt them.

      The new guidelines officially replace the existing ones in December 2014. Although companies face no penalty if they don't embrace them, ignoring them could put off investors who value tight management.

      The new framework recommends that internal-control processes adhere to 17 principles, such as the independence of corporate boards from management and the need to address risks posed by technology.

      "Every company will be going through the processes they have and asking, 'Do I have the right controls?'" said Carolyn Saint, vice president of internal audit for convenience-store operator 7-Eleven Inc.

      "We're making sure the things we've aligned to as company controls—like security, access, change management—are up to date, and whether there is anything in the new standard we need to reflect," she said.

      The overhaul comes as internal controls are getting a tougher look from regulators. The Public Company Accounting Oversight Board has increasingly rebuked auditors for failing to properly evaluate corporate controls.

      In its most recent inspections, the government's audit watchdog found auditors failed to get enough evidence to sign off on a company's internal controls about 15% of the time.

      The number of SEC enforcement actions citing internal-controls violations is up about 40% from this time last year. The agency also launched a task force this year that aims to focus on detecting corporate frauds earlier.

      The SEC declined to comment.

      Continued in article

      Bob Jensen's threads on professionalism and internal control ---
      http://www.trinity.edu/rjensen/Fraud001c.htm

    • Robert E Jensen

      Committee of Sponsoring Organizations of the Treadway Commission (COSO) ---
      http://en.wikipedia.org/wiki/Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission

      From the CFO Journal's Morning Ledger on September 24, 2014

      Implementing COSO's Internal Control-Integrated Framework ---
      http://deloitte.wsj.com/cfo/2014/09/26/implementing-cosos-internal-control-integrated-framework/

      To unlock the value that can be achieved by adopting COSO's 2013 Internal Control-Integrated Framework, management should take a step back and evaluate how it is addressing the risks to its organization in light of its size, complexity, global reach and risk profile. Learn about leading internal control practices that may help address common challenges related to implementing the 2013 Framework, as well as perspectives on applying the framework for operational and regulatory compliance purposes.

      Continue Reading Today's Article --- http://deloitte.wsj.com/cfo/2014/09/26/implementing-cosos-internal-control-integrated-framework/

      Read More --- Deloitte Insights »http://deloitte.wsj.com/cfo/

      Bob Jensen's threads on managerial accounting ---
      http://www.trinity.edu/rjensen/Theory02.htm#ManagementAccounting

    • Robert E Jensen

      From the CFO Journal's Morning Ledger on January 7, 2015

      New COSO Internal Control Framework Takes Effect
      http://deloitte.wsj.com/cfo/2015/01/07/new-coso-internal-control-framework-takes-effect/

      As of December 15, 2014, the new 2013 COSO framework superseded the 1992 version for companies applying and referencing COSO's internal control framework for purposes of complying with Section 404 of the Sarbanes-Oxley Act of 2002. For banks and capital markets firms, which operate under a complex regulatory environment, the transition to the new framework involves careful considerations.

      Continue Reading Today's Article »

      Read more Deloitte Insights »

      Committee of Sponsoring Organizations of the Treadway Commission (COSO) ---
      http://en.wikipedia.org/wiki/Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission

      "COSO’s ERM framework to undergo update," by Ken Tysiac, Journal of Accountancy, October 21, 2014 ---
      http://www.journalofaccountancy.com/News/201411173.htm

      A well-known framework for risk management is scheduled for another update.

      The Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced Tuesday that it is undertaking a project to update its Enterprise Risk Management—Integrated Framework, which debuted in 2004.

      Organizations use the framework to help them manage uncertainty, consider how much risk to accept, and improve understanding of their opportunities to increase and preserve value.

      The update is being undertaken to improve the framework’s content and relevance in the context of an increasingly complex business environment. The update is intended to:

      • Reflect the evolution of risk management thinking and practices, as well as stakeholder expectations.
      • Develop tools to help management report risk information, and review and assess the application of enterprise risk management.


      PwC has been engaged to update the framework under the direction of COSO’s board. PwC will seek input and feedback on the project, and will conduct a survey seeking opinions on the current framework and suggestions for improvements.

      More information is available at coso.org.

      COSO is a committee of five sponsoring organizations, including the AICPA, that come together periodically to provide thought leadership on enterprise risk management, internal control, and fraud deterrence.

      In 2013, COSO completed an update of its internal control framework to reflect changes in technology and the business environment that have taken place since that framework’s origination in 1992.

      What's New with COSO?

      From the CFO Journal's Morning Ledger on September 24, 2014

      Implementing COSO's Internal Control-Integrated Framework ---
      http://deloitte.wsj.com/cfo/2014/09/26/implementing-cosos-internal-control-integrated-framework/

      To unlock the value that can be achieved by adopting COSO's 2013 Internal Control-Integrated Framework, management should take a step back and evaluate how it is addressing the risks to its organization in light of its size, complexity, global reach and risk profile. Learn about leading internal control practices that may help address common challenges related to implementing the 2013 Framework, as well as perspectives on applying the framework for operational and regulatory compliance purposes.

      Continue Reading Today's Article --- http://deloitte.wsj.com/cfo/2014/09/26/implementing-cosos-internal-control-integrated-framework/

      Read More --- Deloitte Insights »http://deloitte.wsj.com/cfo/

      Bob Jensen's threads on managerial accounting ---
      http://www.trinity.edu/rjensen/Theory02.htm#ManagementAccounting