Business Strategy | Corporate Finance & Governance | Leadership / Management | Legislative / Regulatory

A year later, the key to COSO’s internal control framework is ‘a reasonable approach’

A year ago today, COSO (don’t ask what it stands for — you’re better off not knowing) released its updated “Internal Control — Integrated Framework,” a blueprint for how companies can design and implement internal controls in an era of chaos, change, and almost constant re-regulation.

In the aftermath of Sarbanes-Oxley and Dodd-Frank, it’s an extraordinarily important document. Trust us.

One year after its release, our friend Edith Orenstein and the rest of the good folks at Financial Executives International have published an article of interviews with leading financial executives, auditors, and consultants who offer advice for implementing the framework.

The good news: Implementation doesn’t necessarily mean transformation. Here’s what Pfizer’s Ray Purcell says about the framework:

“Take a reasonable approach – don’t overdo this. This shouldn’t be a complete overhaul of the system of internal controls – no major projects, consultants, or mountains of documents are required. COSO 2013 is an opportunity to review your controls and make some enhancements, but this is more of a continuous improvement initiative than re-engineering.”

Read Orenstein’s fine article in its entirety, then tell us: What’s your best advice for implementing the framework?


Bill Sheridan