COSO Updates & the Impact on SSAE 16 Reports

Last year the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued the first update to its, Internal Control – Integrated Framework, since 1992. The changes were designed to provide management and Boards with guidance on how to develop and maintain an effective control structure in the rapidly changing business environment. The evolution of technology, changes in shareholder and regulatory focus and the trend toward globalization have all deeply impacted the way business is conducted today. The new framework provides much needed guidance to companies on steps they can take to address these changes and their impact on the corporate internal control structure.

Impact on SSAE 16 Reports

Companies that obtain a SSAE 16 report should pay close attention to internal controls as they may need to update them to comply with the latest framework. Companies should review the seventeen principles outlined in the framework, considered to be essential to effective implementation, as they are now considered applicable to ALL companies. To help executives, management and others impacted understand how the new framework will impact their situation, we have provided a summary of the essential changes below.

Essential COSO Framework Changes

Changes to the framework that impact the SSAE 16 report include:

  • Governance Oversight– There is a higher regulatory expectation of oversight by the Board of Directors and management over the internal controls process. As a result, the new framework provides clear guidance on the roles and responsibilities of management, the Audit Committee and the Board of Directors (BOD) as they relate to internal controls. As a result, the framework provides guidance on BOD independence and policies and practices for meetings between management and the board.
  • Outsourcing – As more and more companies outsource key business functions, the framework provides guidance on how to ensure proper controls are maintained. As a result, the framework requires companies to send communications to external parties regarding internal control functioning and conduct periodic reviews of their internal control systems.
  • Fraud Detection & Prevention– Shareholders, stakeholders and regulatory authorities are increasingly focusing on published financial reports to ensure limited misstatements and fraudulent reporting. As a result, the framework requires companies to conduct more comprehensive risk assessments throughout the environment and requires closer supervision of the fraud assessment process.
  • Globalization – The trend towards globalization has become prominent for many companies. The access to new markets, customers and additional efficiencies has resulted in many companies going global. As a result, the framework includes guidance for these companies including how to assess the likelihood of an identified risk impacting the financial reporting process, and how to design controls to prevent such events from occurring.

Was this helpful? Share to your network.

Article Category: