After receiving extensive feedback, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced Monday that it expects to delay the release of its updated internal control framework until the first quarter of 2013.
That’s a slightly later debut than COSO predicted for the framework in December, when it first released the proposed update of its Internal Control—Integrated Framework for public comment. The original plan was to release it in fall 2012.
“In looking at the issues that were raised and the substance of the comment letters, we recognized that it was so important for us to consider all the comments closely and looked at our timeline and concluded that we needed more time than our original timeline had forecasted,” COSO Chairman David Landsittel said in a telephone interview.
COSO is updating the 20-year-old internal control framework to provide a fresh, modern approach with explicit advice and implementation guidance. The exposure draft of the proposed framework includes 17 principles articulated across the five components of internal control. Specific attributes are assigned to each principle.
The release of an ED of COSO’s Internal Control Over External Financial Reporting Approaches and Examples document also will be delayed a few months, Landsittel said. That ED had been set for a June release. The complete set of materials to be released in the first quarter next year will consist of the framework itself; the internal control over external financial reporting document; and a document on evaluation tools.
The public comment period for the internal control framework ended March 31. COSO received more than 100 responses to its online survey and 97 individual comment letters from organizations and professionals worldwide. Landsittel said many letters were several pages, so COSO has hundreds of ideas to ponder.
The AICPA wrote in its comment letter that the framework will be a valuable resource for practitioners but questioned how an organization should consider the “ranges of acceptability” that the updated framework describes for principles that are present and functioning. A comment letter submitted by the Center for Audit Quality (CAQ), which is affiliated with the AICPA, expressed a similar concern.
Landsittel said that was one of a number of areas where stakeholders requested clarification that COSO plans to address.
In addition, the AICPA and the CAQ expressed concern that the updated framework does not provide sufficient guidance regarding the transition from the original framework. Landsittel said transition was more of a concern when the new framework was scheduled for a release in the final quarter of 2012 because it would have put pressure on organizations to adopt it for their 2012 reporting year. He said the first-quarter release in 2013 relieves that pressure.
Landsittel also said it makes sense for users to make the transition and update their systems and documentation as quickly as feasible. He added that the board believes the key concepts and principles in the original framework are sound and acceptable for continued use during a transition period.
The ED and public comments will remain available on COSO’s website until the final framework is published. Landsittel said he appreciates the interest in the project.
“There’s been a lot of interest in our process, a lot of interest in when we hope to release the documents, a lot of diversity in the comments,” Landsittel said. “There are people who suggest that the present document is very workable and we shouldn’t make too many changes. And on the flip side, there are people who have suggested that we start with a clean sheet of paper and start all over again. We have a lot of issues that we just want to think through thoroughly.”
COSO, which is a joint initiative of five private-sector organizations, including the AICPA, provides thought leadership on enterprise risk management, internal control, and fraud deterrence.
—Ken Tysiac (firstname.lastname@example.org) is a JofA senior editor.