COSO Guidance on Monitoring Internal Control Systems, for Audit Committees
For those of you who are familiar with some of my writings, you know that I have some concern about the further expansion of audit committee duties, and also believe that the duties that exist need to be fairly specifically defined so that all of the stakeholders involved have an understanding about the duties that exist, and that do not exist.
The COSO draft document (the comment period is closed, but the final document has not been released), Guidance on Monitoring Internal Control Systems, briefly discusses the role of the board/audit committee. The discussion paper can be found at http://www.coso.org/publications.htm
In pertinent part, the discussion paper states:
“Controls performed below the senior-management level can be monitored by management personnel or their objective designees. However, controls performed directly by senior management, and controls designed to prevent or detect senior-management override of other controls, cannot be monitored objectively by senior management or its direct reports. In these limited circumstances, monitoring should be performed by the board — often through the audit committee — and its resources (e.g., internal audit).
The board is also in the best position to evaluate whether management has implemented effective monitoring procedures elsewhere in the organization. It makes this assessment by gaining an understanding of how senior management has met its responsibilities.
In most organizations, it is neither feasible nor necessary for the board to understand all of the details of every monitoring procedure, but the board should have a reasonable basis for concluding that management has implemented an effective monitoring system. Boards obtain persuasive information in support of their conclusions through inquiry, observation and oversight of management; the internal audit function (if present); hired specialists (when necessary); and external auditors. They might also consider the output from ratings agencies and financial analysts. Finally, in some circumstances, boards might make inquiries of nonmanagement personnel, customers, and/or vendors.”
I do like the fact that the COSO position does not expand the duties of the audit committee (or board) with respect to monitoring controls. I also like the references to reliance on internal audit and other sources of evaluation and input. To a significant extent the audit committee has to rely on other people to help the committee satisfy its due diligence. I might even suggest that in some circumstances the COSO position understates the audit committee’s responsibilities with respect to monitoring internal controls. As in most circumstances, it would be helpful for the COSO discussion to be more detailed and specific, as long as that detail does not overly expand the audit committee’s responsibilities.
Dave Tate, CPA, Esq.
AccountingWEB Bloggers Crew
The AccountingWEB news wires are also
free. It’s a one-minute sign-up on the site.