Shows Small Companies How to Achieve
Effective Internal Control

In late October, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released for public comment an exposure draft of its much-anticipated Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting. This guidance, which serves as a supplement to COSO’s Internal Control — Integrated Framework, originally published in 1992, focuses on the unique needs of smaller public companies in regard to compliance with Sarbanes-Oxley (SOX) Section 404.

COSO’s new guidance outlines 26 fundamental principles associated with the five key components of internal control: control environment, risk assessment, control activities, information and communication; and monitoring. The report defines each principle and describes its attributes, lists a variety of approaches smaller companies can use to incorporate the principles, and includes real-world examples of how smaller companies have effectively applied the principles.

A project task force, overseen by Task Force Chair Debbie Lambert, COSO Chairman Larry Rittenberg and led by PricewaterhouseCoopers partner Miles Everson, consisted of approximately 20 members with experience in small business. They, along with a PricewaterhouseCoopers research team, brought experience with both small public companies and SOX 404 from within their respective organizations.

The task force focused on providing examples that demonstrate how the principle-based Framework can be applied to small public businesses. According to Everson, “The guidance does not change the requirements for effective internal control over financial reporting, but it does more clearly articulate how smaller businesses can achieve effective internal control in a more cost-efficient and practical manner.”

“While the control principles addressed in the new document may be applicable to both large and small companies,” said Rittenberg, “it was important for us to demonstrate how smaller public companies can implement effective internal control in a different manner than do their larger counterparts. For example, management’s hands-on approach in smaller businesses may create opportunities for controls to be less formal without decreasing their quality. Further, the scale of those controls may differ and the opportunity to shift many of the controls from a fixed cost to a variable cost structure may be available to smaller companies.”

The guidance asserts that internal control over financial reporting may be accomplished by choosing approaches to applying the COSO principles that best fit each company’s circumstances in the most effective and efficient manner. According to the guidance, smaller public companies may strengthen internal controls by broadening the pool of audit committee members, using controls built into accounting software, leveraging management monitoring and outsourcing some activities.

This new guidance provides a tool for management to use in determining the appropriate level of internal controls over financial reporting for smaller businesses. The document is intended for use by board members, senior management, other personnel and external auditors.

Because of similar initiatives at the SEC and PCAOB, those organizations each provided an observer to the project. The AICPA, a COSO member organization, fully supports and endorses the draft guidance.

"I believe this guidance is an important step forward in helping smaller businesses understand and apply COSO's internal control framework in connection with implementing Section 404 of the Sarbanes-Oxley Act,” commented SEC Chief Accountant Donald Nicolaisen.

The report can be accessed at online. COSO encourages interested parties to read and comment on the exposure draft and to direct comments through the web site. The comment period ends on Dec. 31, 2005. Final guidance is expected in the first quarter of 2006.

Top