It's one thing to build solid internal controls, but quiteanother to have a system in place to monitor those controls on aregular basis. While many companies do the former, not enough aregood at the latter. That's the core take-away behind the latestrelease from COSO, the Committee of Sponsoring Organizations of theTreadway Commission. The recently released exposure draft,Guidance on Monitoring Internal Control Systems, wasdeveloped in cooperation with a team of partners at Grant ThorntonLLP.

|

“Companies need more insight into how to become much moreefficient and cost effective in maintaining internal controls,”says COSO chairman Larry Rittenberg, adding that the draft wasdeveloped after COSO members observed that some public companiesmonitor their internal controls over financial reporting just oncea year, in order to comply with Section 404 of the Sarbanes-OxleyAct. “Companies should monitor their controls every day throughordinary operations, to make sure those controls [are] operatingeffectively,” Rittenberg explains. The proposed guidance providespractical guidance and concrete examples of using the monitoringcomponent of the COSO internal control framework to developeffective and efficient internal controls. “Once you establish goodinternal controls you ought to think of how to maintain them,”Rittenberg adds.

|

As the report states, central to effective monitoring is asystem of procedures that evaluates key controls over specificrisks to the organization. The proposed guidance illustrateseffective monitoring with examples taken from realcompanies–including an international insurer, a beverage maker anddistributor and a small software company. The report contains amonitoring model that walks users through the process ofprioritizing risks, identifying controls, identifying informationand implementing monitoring practices. Among the examples ofeffective monitoring practices is a beverage manufacturer anddistributor that has built monitoring procedures for the owners ofcertain controls, who perform self-assessments on a monthly,quarterly and annual basis and then report the results in a tool onthe company's network. Supervisory reviews are then carried out bymanagers of the control owners.

|

In another example, the audit committee at a small manufacturingcompany directed internal audit to scrutinize manual journalentries with a focus on potential management overrides. The reviewswere structured in such a way to determine the reasonableness andfrequency of such entries, with an eye toward identifying potentialfraudulent activities. “COSO believes that companies would benefitby examples of the leverage they could gain from their currentmonitoring activities, particularly public companies,” says CharlesE. Landes, vice president for professional standards and servicesat the AICPA and a COSO board member. Landes notes that publiccompanies that treat Section 404 compliance as “somethingadditional to their own systems of internal control” needlesslyduplicate their monitoring procedures, “and that's not whatSarbanes-Oxley wants.”

|

The proposed guidance also distinguishes direct information fromindirect information for monitoring, and explains how indirectinformation can be used. As described, direct information confirmsthe operation of internal controls by observing, reperforming ortesting them, whereas indirect information can be used to inferwhether controls or control components continue to operateeffectively. “Companies' monitoring has been mostly direct testingof internal controls,” says Rittenberg. “We're saying, 'let's thinkof combinations of direct and indirect information that may tellyou that internal controls have deteriorated over time.'”

|

The full report can be downloaded via the COSO website, www.coso.org. Comments on the proposedguidance, which COSO expects to adopt this fall, are due by Aug.15.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.