As public companies wrestle with when and how to adopt a new internal control framework, the Securities and Exchange Commission is mum on whether it will require companies to do so or allow them to follow an earlier version.

COSO (the Committee of Sponsoring Organizations of the Treadway Commission) recently published its updated Internal Control -- Integrated Framework, giving companies a fresh roadmap to follow to determine if their internal control over financial reporting is adequate. COSO revised its widely used 1992 framework to update it for the modern realities of how business is carried out two decades later, especially with respect to how technology is used in business.

The Securities and Exchange Commission requires public companies to follow a “suitable" framework to achieve their requirements for maintaining an effective system of internal control under Sarbanes-Oxley, and it has named only one -- the COSO 1992 framework -- as one it regards to be suitable for that purpose.

COSO says its updated framework will supersede the 1992 framework on Dec. 15, 2014, giving companies what it believes is adequate time to refresh their internal controls under the new framework. Now the SEC says it hasn't yet determined whether or when it might also indicate a preference for the new framework. “We are monitoring the transition and haven't drawn any conclusions,” says SEC spokesman John Nester.

Speaking at Compliance Week 2013, Mary Hollein, president and CEO of Financial Executives International and a member of the COSO board, said COSO received a great deal of input from the SEC, the Public Company Accounting Oversight Board, professional associations, and many others in revising the framework. She could not say, however, what if anything the SEC will say about its acceptance of the updated framework over the earlier version. She says COSO specifically set its transition date and determined it will no longer make its earlier version available after Dec. 15 2014, to facilitate a transition. “There isn't a clear line in the sand that says you have to transition on that date,” she said.

Steven Forrest, assistant controller for Raytheon Co. who also discussed the new framework, said his company will not adopt the new framework in 2013. “We have planned that we will not adopt in 2013, but we will use this year as a dry run,” he said. The company has gone through its controls over the past few years as the framework was in development and mapped out where it may need to do some additional documentation to fit with the 17 principles of good control that are enumerated in the new framework. “There are some principles where we don't have robust documentation,” he said, so the company plans to address that in the coming year.

Topics