Change Country

Tax & Assurance Guidance

Committee of Sponsoring Organizations Framework (COSO) and How It Applies to Closely Held Businesses

Posted on June 30, 2015 by

Dave Van Damme

Dave Van Damme

Share This

Committee of Sponsoring Organizations

Due to heightened corrupt practices throughout businesses in the early to late 1970s, the US Securities and Exchange Commission partnered with the US Congress to enact rules that would cover the internal control structure in companies throughout the United States. As a result, the private sector initiated what is called the Committee of Sponsoring Organizations of the Treadway Commission (otherwise known as “COSO”) to provide a framework that would help implement a strong system of internal controls in mid-1985.

Most recently, in May of 2013, COSO updated their framework to better align their guidance with the rise of ‘big data,’ ‘high volume transactions,’ and widespread use of the internet throughout corporations. The update addresses these changes while keeping the fundamental principles of internal controls consistent with the original framework.

May 2013 Update

Internal Controls are a system of operations and functions to assure a corporation’s objectives, goals, and financial reporting responsibilities are met effectively and reliably. The update in 2013 used this fundamental concept to create a framework that would aid in creating a reliable reporting environment that could coexist with the rise of the internet and big data.

The framework consists of five interrelated components that should be used as a guideline for how management runs a business:

Control Environment

The overriding structure of the control environment should set the tone of the organization and influence decision makers to act consciously and responsibly.

Risk Assessment

The Corporation should have a system of controls that identifies risks both inside and outside the organization including but not limited to fraud risk, industry factors, and regulations both internally and externally.

Control Activities

These should be put in place to ensure the company’s objectives are met and should consist of activities such as approvals, authorizations, segregation of duties, and reviews.

Information & Communication

Information should be communicated throughout the company in a process that ensures information is provided to parties both internally and externally to effectively reduce the opportunity for fraud and encourage financial and operational compliance.

Monitoring Activities

Monitoring activities should be in place to ensure all these components not only exist, but are currently functioning at the required level.

These components should exist not only at an overall entity level, but should also be present at each division and throughout individual functions of the organization.

How this Affects Closely-Held Businesses

The COSO framework provides a functional system of internal control to aid in compliance, efficiency and reporting throughout an organization. However, the framework is geared towards larger corporations that have the ability and staff to be able to effectively implement these standards. So the question is: in what ways can a closely held business implement these standards to effectively mitigate control risks that may arise from their organizational structure?

Control Environment

Ensure the ‘Tone at the Top’ encourages compliance with reporting standards and promotes strong dedication to ethical and conscious decision making throughout the organization.

Risk Assessment

All areas of management should be aware of risks both internally and externally that may affect management’s corporate performance objectives, reporting, or compliance. This should consist of being aware of industry standards, economic pitfalls, or internal factors that may contribute to reporting errors, negative business trends, as well as fraudulent or unethical behavior.

Control Activities

While the framework suggests that each reporting unit or division of a company should implement control activities, small companies often have difficulties adopting a complete system of internal control due to resource constraints. The adoption of control activities across reporting units can often help promote a solid system of internal control – e.g., segregation of duties can be achieved by having the Human Resource Manager review the Payroll Accountant’s report before submitting the payroll to the third party administrator. An individual can have varying levels of responsibilities but should not be in a position to authorize, record, report, and review a transaction. Responsibility for all stages of a transaction provides opportunity for undetected errors whether intentional or not. Mitigating this risk can come from segregation of duties and adopting management oversight in key areas such as financial reporting and compliance.

Information & Communication

Communication should flow freely from those in management down to employees of the organization as well as from employees up to management. Free-flowing communication can be emphasized by adopting a fraud reporting hotline or a comment box where individuals can report any instances of fraud or non-compliance confidentially.

Monitoring Activities

Management and owners of the company should oversee control activities to ensure the system is functioning properly. Executive reports, weekly or monthly meetings with managers, as well as quarterly or semi-annual ‘town halls’ can be used as opportunities to monitor how the company is functioning on an ongoing basis.

Dave Van Damme

Shareholder

Leading the firm's advisory & assurance group, Dave supports closely held businesses with audits, financial reporting and fraud analysis.

Related Insights

Tax & Assurance Guidance

Keeping Up With Digital Taxes

Posted on September 6, 2022 by

Miroslav Georgiev
Sue Tuson
To the uninitiated, selling digital products and services can seem like a much easier business model than selling physical goods. While there may be advantages to skipping inventory and warehouse needs, the digital tax landscape can be tricky to navigate. 

Tax & Assurance Guidance

Insights from Washington: Inflation Reduction Act Signed

Posted on August 19, 2022 by

Sarah Russell
On August 7, 2022, the U.S. Senate approved the Inflation Reduction Act of 2022, a bill to finance climate and energy provisions and an extension of the enhanced Affordable Care Act (ACA) subsidies totaling $369 billion in additional spending.

Tax & Assurance Guidance

Insights from Washington: Senate Passes the Inflation Reduction Act

Posted on August 9, 2022 by

Nick Lloyd
On August 7, 2022, the U.S. Senate approved the Inflation Reduction Act of 2022, a bill to finance climate and energy provisions and an extension of the enhanced Affordable Care Act (ACA) subsidies totaling $369 billion in additional spending.

The Sound of Automation Podcast

Industrial automation businesses are the driving force behind Industry 4.0, and Clayton & McKervey is here to help.

Skip to content