New Guidelines Could Help Deter Fraud

By: Kathleen Hoffelder,

CFOs and their staffs could gain some mental clarity about how to apply internal controls more effectively in the form of a guidance document released last week, its framers think.

Their intent, after all, is to provide more practical details than the framework it replaces. The Internal Control-Integrated Framework  culminates a two-and-a-half-year-long project aimed at revamping guidelines dating back to 1992 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO a joint initiative of the American Accounting Association, American Institute of CPAs, Financial Executives International, the Institute of Management Accountants and the Institute of Internal Auditors. 

The new guidelines spell out 17 principles the authors contend that corporations need to follow for their internal controls to be effective. They include “demonstrates commitment to integrity and ethical values; exercises oversight responsibility; establishes structure; authority and responsibility; specifies suitable objectives; and identifies and analyzes risk.” While the principles were implied in the earlier guidance, they weren't specifically cited until the release of last week’s framework.

As David Landsittel, chairman of COSO, explains, the new framework’s 17 principles put "meat on the bones” of five parameters that make up the core principles of internal controls—the control environment, risk assessment, control activities, information and communication, and monitoring activities. “For a framework to be effective, all five components need to be present and functioning and operating together,” he says. 

Compared to the previous framework, which is still widely followed by companies, more detailed steps are now included on how companies can deter and detect fraud by increasing their focus on operations and compliance. In a survey taken by COSO in 2011, 700 stakeholders and users of the 1992 framework cited operations and compliance, among other areas, as an important area for internal controls.

Recognizing how new technology plays an important role within operations and compliance is also a new change for the framework, according to Landsittel.  The framework now expands upon the discussion of technology in several chapters. “Technology is much different than it was in 1992. We might have had Internet and e-mail, but it was certainly not prevalent back then--and certainly not prevalent for business use back then,” he says.

The new framework also includes approaches to and examples of how to apply the principles to preparing financial statements of both public and  private and not-for-profit entities. Respondents to COSO’s survey, according to Landsittel, were interested in having better guidance on how to avoid problems stemming from a lack of internal controls, which can often lead to the restatement of financial results. “The new framework expands the external financial reporting [category] in the framework," he said, "to include external and internal reporting and ... non-financial as well as financial reporting.”

The new framework also focuses more strongly on the role of a corporation’s board and board audit committee than the prior guidance did. “There’s more importance of the oversight role of the board of directors and the importance of the oversight role of the audit committee. Those were in the 1992 framework but we’ve extended the discussion of that,” says Landsittel.