« Risk management in other Standards | Main | SOX for Small and unlisted businesses »

Smaller Public Companies Reporting on Internal Control over Financial Reporting

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published for comment its draft of guidance for smaller public companies on using its framework to address the Sarbanes-Oxley (SOX) internal control provisions. This 207-page guidance is related to Securities and Exchange Commission’s September decision to delay the effective date of SOX Section 404 by another year for smaller public companies. The conclusion is there are no shortcuts for small businesses ($200 million in revenue or less) to complying with the Sarbanes-Oxley Section 404 internals control. Amazing the developing committee found many attributes and sub-attributes within the five COSO components and elevated them to 26 principles and 105 attributes. As you know ISO 9000 has only eight principles.

My negative comments include:

  • The flawed approach focuses only on one of the three COSO Integrated Framework objectives: reliability of financial reporting.  This narrow focus will result in frustrated external auditors and additional company expense for actions that are not value-added. By ignoring the important COSO objective: Effectiveness and efficiency of Operations, this document’s approach is to “do extra” and not integrate financial reporting into the operations.
  • The document is too prescriptive and verbose as it specifies too many principles, which are neither foundational, nor fundamental essences. The main document content of 122 pages is larger than the 1992 COSO Internal Control-Integrated Framework of 92 pages and this document has a much narrower scope. This confusion will result in larger company expense for external financial consultants.
  • Operations management can understand Internal Controls from the 1992 COSO document. This document feels like a teacher (PwC) teaching them how to pass the test.

Your comments are welcomed on http://www.ic.coso.org/ until 15-Jan-06.

Posted by John Walz on January 14, 2006 12:44 AM |

Email this entry to:


Your email address:


Message (optional):




Comments

John:
I fully agree with what you said. The verbose draft won't help the small and mid-sized companies reduce the cost of rationalizing their organization.
For me a major reason for that is that they do not consider other management models at all. There is no life after COSO. If they were serious about optimizing the whole internal control system (in its three components you're right), they would consider the possible synergies with the other systems like ISO 9000, 14000, Malcolm Balridge, Lean Six Sigma, sustainable development, etc. Only an intelligent and integration of all those approaches (system thinking) makes sense to maximize efficiencies and minimize costs while taking seriously into consideration the increasingly necessary compliance issue, compliance with regulations, standards, etc.
I'm aware of going that far is probably politically very incorrect in the current context where you heard like me that SEC contemplates softening SOX for companies under 700 millions of capitalization! The pendulum does not go yet in our direction but it will swing back one day. So let's be prepared and keep working on integration. For that matter I like what C. Cobb is writing.
Cordially,
Alain Gaumier

Posted by: Alain Gaumier | January 15, 2006 11:30 AM

Post a comment