SEC Top Accountant Defers to COSO on Framework Adoption

By:Tammy Whitehouse, ComplianceWeek

The Securities and Exchange Commission gave its clearest signal yet on whether it will require companies to transition to the new COSO internal control framework when its top accountant said recently companies would be wise to pay attention to what COSO says about its old framework -- that it will be obsolete at the end of 2014.

SEC Chief Accountant Paul Beswick said during a recent speech he's expecting questions about whether the SEC will provide management with any guidance on transition or implementation related to the Internal Control -- Integrated Framework recently revamped by COSO (or the Committee of Sponsoring Organizations of the Treadway Commission). “SEC staff plans to monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or commission actions become necessary or appropriate at some point in the future,” he said. “However, at this time, I'll simply refer users of the COSO framework to the statements COSO has made about their new framework and their thoughts about transition.”

COSO has said it will consider its 1992 framework superseded by Dec. 15, 2014, and will no longer carry it on its website or as part of its library of resources. Beswick noted: “COSO has publicly stated its belief that ‘users should transition their applications and related documentation to the updates framework as soon as is feasible under their particular circumstances.'”

Robert Hirth, the newly seated chairman of COSO, says he infers from Beswick's remarks that the SEC will expect companies to transition to the new framework just as COSO has said it expects. “We think that is tacit approval for companies to use the revised framework,” he says.

Hirth, who is a founding managing director at global consulting firm Protiviti, says his “overriding and most obvious goal” as the new COSO chairman is to roll out and communicate the 2013 COSO internal control framework, including what companies should do to prepare for and transition to the new framework.

“I really hope I can communicate both in the United States and outside the United States why the COSO internal control framework is a suitable model for all organizations,” he says, including private companies, government organizations, and others. “Each of the components, the control environment, control activities, risk assessment information, communication, monitoring -- these are all important things for all organizations to think about.”

Hirth says the 1992 framework has been available in seven language translations, and he's hoping the 2013 framework will be translated into even more. “We are hoping over the next several years to have a number of countries that have translated the framework and will see it as a suitable model like the SEC does in the United States,” he says.

Under his term, Hirth says he also hopes to revisit COSO's Enterprise Risk Management -- Integrated Framework to determine if it should be updated as well. During the comment process on the internal control framework, some commenters suggested COSO should have merged the internal control and ERM frameworks into one. Hirth says the updated internal control framework contains a great deal of insight on risk. “Take, for example, the section on risk assessment,” he says. “As people take time to read the framework, there's quite a bit in the revised framework on that very topic. The internal control framework is not without some good commentary on risk assessment and risk management.”