Tax & Assurance Guidance

Committee of Sponsoring Organizations Framework (COSO) and How It Applies to Closely Held Businesses

Posted on June 30, 2015 by

Dave Van Damme

Dave Van Damme

Share This

Share on facebook
Share on twitter
Share on linkedin
Share on email

Committee of Sponsoring Organizations

Due to heightened corrupt practices throughout businesses in the early to late 1970s, the US Securities and Exchange Commission partnered with the US Congress to enact rules that would cover the internal control structure in companies throughout the United States. As a result, the private sector initiated what is called the Committee of Sponsoring Organizations of the Treadway Commission (otherwise known as “COSO”) to provide a framework that would help implement a strong system of internal controls in mid-1985.

Most recently, in May of 2013, COSO updated their framework to better align their guidance with the rise of ‘big data,’ ‘high volume transactions,’ and widespread use of the internet throughout corporations. The update addresses these changes while keeping the fundamental principles of internal controls consistent with the original framework.

May 2013 Update

Internal Controls are a system of operations and functions to assure a corporation’s objectives, goals, and financial reporting responsibilities are met effectively and reliably. The update in 2013 used this fundamental concept to create a framework that would aid in creating a reliable reporting environment that could coexist with the rise of the internet and big data.

The framework consists of five interrelated components that should be used as a guideline for how management runs a business:

Control Environment

The overriding structure of the control environment should set the tone of the organization and influence decision makers to act consciously and responsibly.

Risk Assessment

The Corporation should have a system of controls that identifies risks both inside and outside the organization including but not limited to fraud risk, industry factors, and regulations both internally and externally.

Control Activities

These should be put in place to ensure the company’s objectives are met and should consist of activities such as approvals, authorizations, segregation of duties, and reviews.

Information & Communication

Information should be communicated throughout the company in a process that ensures information is provided to parties both internally and externally to effectively reduce the opportunity for fraud and encourage financial and operational compliance.

Monitoring Activities

Monitoring activities should be in place to ensure all these components not only exist, but are currently functioning at the required level.

These components should exist not only at an overall entity level, but should also be present at each division and throughout individual functions of the organization.

How this Affects Closely-Held Businesses

The COSO framework provides a functional system of internal control to aid in compliance, efficiency and reporting throughout an organization. However, the framework is geared towards larger corporations that have the ability and staff to be able to effectively implement these standards. So the question is: in what ways can a closely held business implement these standards to effectively mitigate control risks that may arise from their organizational structure?

Control Environment

Ensure the ‘Tone at the Top’ encourages compliance with reporting standards and promotes strong dedication to ethical and conscious decision making throughout the organization.

Risk Assessment

All areas of management should be aware of risks both internally and externally that may affect management’s corporate performance objectives, reporting, or compliance. This should consist of being aware of industry standards, economic pitfalls, or internal factors that may contribute to reporting errors, negative business trends, as well as fraudulent or unethical behavior.

Control Activities

While the framework suggests that each reporting unit or division of a company should implement control activities, small companies often have difficulties adopting a complete system of internal control due to resource constraints. The adoption of control activities across reporting units can often help promote a solid system of internal control – e.g., segregation of duties can be achieved by having the Human Resource Manager review the Payroll Accountant’s report before submitting the payroll to the third party administrator. An individual can have varying levels of responsibilities but should not be in a position to authorize, record, report, and review a transaction. Responsibility for all stages of a transaction provides opportunity for undetected errors whether intentional or not. Mitigating this risk can come from segregation of duties and adopting management oversight in key areas such as financial reporting and compliance.

Information & Communication

Communication should flow freely from those in management down to employees of the organization as well as from employees up to management. Free-flowing communication can be emphasized by adopting a fraud reporting hotline or a comment box where individuals can report any instances of fraud or non-compliance confidentially.

Monitoring Activities

Management and owners of the company should oversee control activities to ensure the system is functioning properly. Executive reports, weekly or monthly meetings with managers, as well as quarterly or semi-annual ‘town halls’ can be used as opportunities to monitor how the company is functioning on an ongoing basis.

Dave Van Damme

Shareholder

Dave leads the advisory & assurance practice and is well known inside and outside the firm for being both engaged & positive.

Related Insights

Tax & Assurance Guidance

Foreign Tax Withholding: What You Need to Know

Posted on April 26, 2022 by

Rob Cheyne
Making service payments to a foreign person is a common cross-border transaction. U.S. taxpayers need to be aware of the applicability of withholding tax and related reporting requirements to ensure they comply and avoid unintended consequences. A U.S. payor must collect withholding tax and remit it to the IRS in the case it is applicable.

Tax & Assurance Guidance

SALT Relief for Partners and S Corps

Posted on February 23, 2022 by

Miroslav Georgiev
With small businesses supporting nearly 47% of U.S. employees, states have been advocating for pass-through entities, operating partnerships and S corporations that have been harshly impacted by the Tax Cuts and Job Act ‘s state and local taxes deduction limit. Recent legislative activity is finally providing relief for many of these businesses. 

Tax & Assurance Guidance

IRS Provides Relief on K-2 and K-3

Posted on February 17, 2022 by

Margaret Amsden
In an attempt to provide more transparency with regard to reporting of foreign activity and/or information to foreign owners, the IRS came out with two new forms: Schedule K-2 (an addendum to the Schedule K) and Schedule K-3 (an addendum to the Schedule K-1). Learn about the latest K-2 and K-3 reporting requirements issued by the IRS.

Sign up for our newsletters

Get general business and industry-specific news and knowledge straight from our accounting specialists.

The Sound of Automation Podcast

The Sound of Automation Podcast

Industrial automation businesses are the driving force behind Industry 4.0, and Clayton & McKervey is here to help.

Insights & Perspectives

The Sound of Automation: Looking ahead to CSIA 2022

In this episode we talk with Lisa Richter, Director of Industry Outreach and Growth at Control System Integrators Association (CSIA) . Lisa and Bryan look ahead to the CSIA Executive conference taking place in Denver, CO on June 27-30, 2022 and share with listeners what to expect, who will be there, and the discussion panel topics focusing on this years’ theme “The Future of Work”. 

Read More

The Sound of Automation Podcast

Industrial automation businesses are the driving force behind Industry 4.0, and Clayton & McKervey is here to help.

Skip to content