Complete the form to the right to start your complimentary COSO 2013 assessment.
Here are some important frequently asked questions about the change from COSO 1992 to COSO 2013 and what this could mean for your company.
Jump to the topic you are looking for:
COSO 1992 has been the most widely adopted internal control framework used since the passage of the Sarbanes-Oxley Act of 2002. COSO 2013 is an update to the original COSO 1992 internal control framework.
COSO 2013 is:
- Due 12/15/2014
- Expands the risk assessment significantly
- Management must define & demonstrate compliance with Objectives & Principles
- Expands the compliance requirements to the “Operations” and “Compliance” areas
COSO 2013 is an update to the original COSO 1992 internal control framework that most people have used to demonstrate compliance with the Sarbanes-Oxley Act of 2002 or SOX.
COSO 2013 is Intended to:
•Refresh objectives relating to changes in business & operating environments.
•Broaden the application of a typical COSO application to operations & compliance rather than just reporting.
•Provide clarification and instruction on how to facilitate and evaluate internal controls.
The COSO 2013 requirements are additional steps required to complete an internal controls implementation. The documentation created to comply with COSO 2013 is needed in addition to any existing internal control documentation you may have already created to demonstrate compliance with SOX.
The COSO 2013 change applies to all companies listed on the US public exchanges.TOP
Simply Stated, COSO 2013 Requires:
1. Objective Setting
2. Broadened Risk Assessment Procedures
3. Principle Setting
4. Additional Controls
All of these items are required in addition to the need to define your internal controls per the Sarbanes-Oxley Act of 2002 and COSO 1992.
We have provided more information below on each of the above bullets.
This step includes documenting your business operations objectives, internal / external financial & non-financial reporting objectives, and compliance objectives.
• Setting objectives is a prerequisite to internal control and a key part of the management process relating to strategic planning.
Three categories indicate what can be expected from internal control:
Operations: These pertain to effectiveness & efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss.
Reporting: These pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard setters, or the entity’s policies.
Compliance: These pertain to adherence to laws and regulations to which the entity is subject.
A particular objective can fall under more than one category.
Vibato is pleased to announce the launch of COSO 2013 Made Simple!
Learn more about our product by calling 1-888-4-VIBATO or by starting your complimentary COSO 2013 Assessment today by filing out the contact sheet at the top of this page.
Alternative, shoot us an email and we'll get right back to you.TOP
COSO 2013 expands on the original Sarbanes-Oxley / COSO 1992 risk assessment procedures to include:
Vibato has created detailed COSO 1992 & COSO 2013 compliant Financial & Business Operational Risk Assessments.
Our products are based on industry-specific best practices refined over the last 15 years and hundreds of implementations worldwide. Our offerings are sold at a fixed-price and include one-on-one time with our Internal Control Experts to ensure the results are complete, you understand the process, and that the resulting documentation is ready to hand off to your external auditors or stakeholders.TOP
- There are 17 key “Principles” detailed within the COSO 2013 guidance and another 100+ specific “Points of Focus” that management must address to meet the new requirements.
Points of Focus are specific sub-topics defined within the Framework that assist management in designing, implementing, and conducting internal control and in assessing whether the relevant principles are, in fact, present & functioning.
Internal control is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives related to operations, reporting, and compliance.*
|Internal Controls must be:
Vibato has embedded the COSO 2013 requirements into the Vibato Internal Control Suite® thereby allowing users to demonstrate compliance with the new requirements all throughout their internal control infrastrucutre.
|WRONG! If your company is required to attest to Section 404(a) compliance typically via your 10-Q Item 4, 10-K Item 9, 302, or 906 certifications (so all public companies of any size), this change applies to you.
This is an interesting question and we feel there are likely several people out there asking the same thing. Companies were allowed to adopt the COSO 2013 Framework early, but only a handful of companies actually did so there is likely little information out there about COSO 2013 best practices.
Fortunately, we at Vibato started researching the requirements of COSO 2013 in May, 2013 and we've been updating our Vibato® Internal Control Suite® to take all of the guesswork out of exactly what companies will need to do to comply with the new requirements. The Vibato Internal Control Suite has been available for over 10 years and is made up of thousands of man-hours of research and refinement that have taken place over 150 internal control implementations worldwide. We wrote the book on best practice procedures across many types of organizations but the COSO 2013 requirements are new for everyone so they require a fresh look at what we need to do in order to bring a viable solution to our customers.TOP
Here is some insight on COSO 2013 from our client Gary Burns, Associate Director of Internal Audit, MannKind Corporation:
"These are the things I’ve done to learn about COSO 2013:
- Print every article I could find on the Internet that pertained to COSO 2013. As I read the articles I highlighted areas that I thought were relevant. I found that many of these articles were just a rehash of what other articles were saying;
- Attended several COSO 2013 seminars and webinars put on by the “Big Four” and Protivity;
- Ordered all of the materials (books and spreadsheets) published by COSO and read through them several times. Again, highlighting things that I thought were relevant to our specific implementation;
- Held discussions with our external auditors;
- Created my own COSO 2013 Implementation Plan since there were no good examples available to follow."
"What I’ve seen about Vibato’s approach to demonstrate compliance with COSO 2013: It didn’t take long to realize that all of the articles and COSO materials I’ve read only discussed WHAT is included in the new COSO 2013 framework. While this was educational, it did not give any insight into HOW to actually implement the new framework, nor HOW to document our company’s compliance with it. What really impressed me with Vibato’s new Internal Control Suite for COSO 2013 was how thoroughly Vibato incorporated the COSO 2013 framework into their new product. By using Vibato’s new Internal Control Suite for COSO 2013 it automatically generates the evidence needed to show our external auditors that we formally addressed the framework’s Objectives, Components, Principles and Points of Focus."
"Vibato took the mystery out of the COSO 2013 implementation process." -Gary Burns, Mannkind Corporation
Vibato has the tools and procedures you will need to make the transition to COSO 2013 as smooth as possible. Remember, this new requirement is due by 12/15/2014 but it is a SUBSTANTIAL change and it will require time to incorporate into your procedures. Do not underestimate the complexity of this change.
We hold regular web-based training's on available via our Webinars page. We also offer on site training and technology licensing options. Please call 1-888-4-VIBATO or 415.240.4867 for more information. CPE is available for all training options.
It appears that the SEC is in a wait and see mode right now:
"I understand that COSO intends to supersede their 1992 Framework as of December 15, 2014, and we expect there will be questions about whether the SEC will provide management with any transition or implementation guidance to change from the existing framework to the new framework...SEC staff plans to monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or Commission actions become necessary or appropriate at some point in the future. However, at this time, I’ll simply refer users of the COSO framework to the statements COSO has made about their new framework and their thoughts about transition." - Paul Beswick, Chief Accountant, Office of the Chief Accountant, U.S. Securities and Exchange Commission, May 30, 2013"TOP
Vibato has created a complete COSO 2013 Made Simple solution to help complete the transition in an efficient and effective manner. We would be happy to speak with you about where you are now and what you will need to do to demonstrate compliance with the new requirements. Please call us at 1-888-4-VIBATO, 415.240.4867, or email us by clicking this link: COSO 2013 InquiryTOP