The American Institute of Certified Public Accountants (AICPA) and the Institute of Management Accountants have both affirmed support for new guidance for smaller public companies released during a webcast on July 11 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
The guidance is intended to assist smaller public companies in implementing more effective internal control systems and ultimately resulting in more proficient compliance with the Section 404 internal control reporting requirements of the Sarbanes-Oxley Act.
“IMA continues to support any guidance which, directly or indirectly, enables smaller publicly traded companies to implement high standards of internal control, comply with regulation, and drive growth in the U.S. economy,” IMA president and CEO Paul A. Sharman said in a prepared statement.
The new guidance is a supplement to COSO’s 1992 guidance Internal Control – Integrated Framework illustrating essential internal control over financial reporting using real-world small company examples.
“COSO’s guidance Internal Control Over Financial Reporting – Guidance for Smaller Public Companies, offers smaller public companies previously unavailable, but much needed, direction about how to design and implement cost-effective internal financial controls,” John Morrow, AICPA Vice President of the New Finance, said in a prepared statement. “Companies’ management teams and audit committee members are going to find this guidance invaluable.”
Jeff Thomson, IMA vice president of research and COSO board member concurs, adding “The COSO small business guidance, much like the underlying 1992 control framework, is a comprehensive framework containing principles that define elements of ‘good’ internal control. From this perspective, COSO 1992 has stood the test of time and has clearly achieved the original objectives of the Treadway Commission 15 years ago. Additionally, the small business guidance contains many real world examples as a starting point for small business to design and implement their own assessment processes in alignment with the broad principles-based COSO 1992 framework.”
According to Thomson, however, more work is necessary in enabling organizations to assess the effectiveness of their internal controls which company chief executive officers (CEOs) and chief financial officers (CFOs) must attest to in writing per provisions of the Sarbanes-Oxley Act (SOX). “We have stated that the principles-based COSO 1992 framework by itself does not provide the cost-effective, top-down and risk-based assessment guidance necessary for decision-support CFOs, business process owners and others working inside organizations who are in the best position to affect a positive audit outcome and drive business performance,” Thomson continued. “In short, cost effective management guidance should include a control model and a practical risk-based assessment methodology which addresses the key question of ‘how much control is enough?’”
Speakers at the COSO webcast, which is archived online at www.iian.ibeam.com/events/aicp001/15941, discussed how the guidance can be used by preparers of financial statement and internal control systems, as well as auditors. The Executive Summary of the guidance and Frequently Asked Questions are also available online at www.cpa2biz.com/stores/coso3.
IMA has taken two major actions to help make SOX work for business and allow organizations of all sizes to realize the value in their compliance programs. IMA commissioned a landmark study to identify SOX root cause issues conducted by Dr. Parveen Gupta, Professor at Lehigh University. Preliminary results of the study revealed that a lack of management implementation guidance is a significant cost driver for companies complying with Section 404 requirements. IMA is also developing, for comment later this year, a risk-based assessment methodology called CARD ME (Collaborative Assurance and Risk Design - Management Edition), which will allow organizations of all sizes to cost effectively comply with regulation and focus on value-creating initiatives in accordance with the principles underlying the COSO 1992 internal control framework.
"We will continue to work with the COSO Board, the SEC and all other interested parties -- including global organizations -- to implement the management implementation guidance so desperately needed to get SOX costs under control and get on with the business of doing business," Sharman concluded.