The 2013 COSO Framework

December 10, 2013

By Jerry Ravi, CPA and Kristen Herman

Changes in the business environment including a greater reliance on technology, a focus on risk management, expanding regulatory compliance and more stringent reporting requirements have significantly impacted the way businesses operate. Companies must now satisfy higher expectations of regulators and stakeholders, and stronger internal control practices must be developed to help grow and protect the organization. 

In May 2013, COSO released its updated Internal Control - Integrated Framework to help address how organizations establish and implement their internal controls in today’s evolving environment. Three EisnerAmper professionals recently co-authored an article on the subject, “Revised COSO Framework Provides Tools to Assess Internal Controls”  (published in NACD Directorship Magazine) to help executives and board members better understand the changes. The revised framework’s most significant changes are discussed in detail including:

  • greater focus on the control environment component,
  • communication within an organization, and 
  • key action items to consider for board and senior management.

The updated COSO framework is intended to provide greater confidence in the board’s oversight of internal controls and achievement of the entity objectives.  This confidence is further enhanced by a stronger risk management and internal audit function.  All of the components, operating together, provide an ideal foundation for “reasonable assurance.”

About Jerry Ravi

Jerry Ravi is a Partner and Practice Leader specializing in Process, Risk, and Technology Solutions (PRTS). His focus is Enterprise Risk Management ERM and internal audit and compliance. He assists in designing enterprise risk management programs ERM which include deploying risk-based internal audit plans to enhance governance processes and monitor on-going compliance.

About Kristen Herman

Kristen Herman is a Senior Manager who conducts risk assessments and designs internal control test scripts and conducts testing. She identifies internal control weaknesses and develops customized solutions.

Have Questions or Comments?

If you have any questions, we'd like to hear from you.

Primary Contacts