COSO 2013 Best Practices - What are they?

Posted by Teresa Bockwoldt on April 30, 2014
Vibato COSO 2013 Solution

Here is a great story about our customers experience with trying to switch from COSO 1992 to COSO 2013.


Gary Burns, Associate Director Internal Audit from our client, MannKind, shared a question he presented to his external auditors and we wanted to share it with our readers:

"Has anyone identified what could be considered "best practices" for implementing COSO 2013? Note: I'm not looking for someone's theory, but rather best practices that come from someone who has implemented (or is in the process of implementing) COSO 2013."

This is an interesting question and we felt there are likely several people out there asking the same thing. Companies were allowed to adopt the COSO 2013 Framework early, but only a handful of companies actually did that so there is likely little information out there about COSO 2013 best practices.

We at Vibato have spent the last eight months researching the requirements of COSO 2013 and updating our Vibato® Internal Control Suite® to take all of the guesswork out of exactly what companies will need to do to comply with the new requirements. As many of you know, the Vibato Internal Control Suite has been available for over 10 years and is made up of thousands of man-hours of research and refinement that have taken place over 150 internal control implementations worldwide. We wrote the book on best practice procedures across many types of organizations but the COSO 2013 requirements are new for everyone so they required a fresh look at what we needed to do in order to bring a solution to our customers.

Per Gary from MannKind,

"These are the things I’ve done to learn about COSO 2013:
  1. Print every article I could find on the Internet that pertained to COSO 2013. As I read the articles I highlighted areas that I thought were relevant. I found that many of these articles were just a rehash of what other articles were saying;
  2. Attended several COSO 2013 seminars and webinars put on by the “Big Four” and Protivity;
  3. Ordered all of the materials (books and spreadsheets) published by COSO and read through them several times. Again, highlighting things that I thought were relevant to our specific implementation;
  4. Held discussions with our external auditors;
  5. Created my own COSO 2013 Implementation Plan since there were no good examples available to follow.

What I’ve seen about Vibato’s approach to demonstrate compliance with COSO 2013: It didn’t take long to realize that all of the articles and COSO materials I’ve read only discussed WHAT is included in the new COSO 2013 framework. While this was educational, it did not give any insight into HOW to actually implement the new framework, nor HOW to document our company’s compliance with it. What really impressed me with Vibato’s new Internal Control Suite for COSO 2013 was how thoroughly Vibato incorporated the COSO 2013 framework into their new product. By using Vibato’s new Internal Control Suite for COSO 2013 it automatically generates the evidence needed to show our external auditors that we formally addressed the framework’s Objectives, Components, Principles and Points of Focus.

Vibato took the mystery out of the COSO 2013 implementation process."

Vibato has the tools and procedures you will need to make the transition to COSO 2013 as smooth as possible. Remember, this new requirement is due by 12/15/2014 but it is a SUBSTANTIAL change and it will require time to incorporate into your procedures. Do not underestimate the complexity of this change.

Click here to get started today and to sign up for your complimentary assessment of what you will need to do to have a successful migration to the new standards.
COSO 2013 Assessment

Tags: Sarbanes-Oxley Articles & Information, Accounting Tip of the Day, audit, best practices, internal audit, sox compliance, Sarbanes-Oxley, COSO, COSO 2013, corporate governance