We need to talk about COSO (6/7): Assumptions about behaviour

The revised COSO draft uses the world ‘culture’ 12 times.  The document refers variously to culture, to control culture and to internal control culture.  At no time are these defined, explained or differentiated; it is left to the reader to imprint his or her perceptions, associations, biases and misapprehensions on to the meaning of the…

We need to talk about COSO (5/7): Reality & problems of linearity in risk & control

The underlying logic of COSO is linear: controls manage risks to the achievement of objectives.  For each objective, there are multiple risks; for each risk there are one or many controls.  Controls can act across different risks, but these relationships are understood; risks may affect the achievement of multiple objectives but these relationships are understood. …

We need to talk about COSO (4/7): Problems of structure; misunderstanding risk

There are two stories of structure in the new COSO draft.  The first is the relationship between objectives and control.  The second is newly-proposed principles of the COSO redraft.  Both are problematic but for very different reasons.  Together, these problems demonstrate that the COSO (re-)authors are out of their depth when it comes to understanding…

We need to talk about COSO (3/7): Problems of evidence

What do we know about how COSO has performed in practice?  To address that question, we need to differentiate the ‘practice’ we mean.  In the first instance, the question must address the regulatorily-mandated requirement for assessment of internal control over financial reporting.  Secondly, we must address whether or not implementation of COSO has assisted companies…

We need to talk about . . . COSO

At the end of last month, the period of public consultation of the redraft of COSO’s internal control framework closed.  COSO received around 90 comments, or around 1 comment for every 90 SEC filers who have to live with the current framework as the basis for their internal control assessments under §404 of the Sarbanes-Oxley…