COSO treadway report

Executive Summary

      In the middle to late l980’s numerous financial institutions, nationwide, became insolvent.  Committee’s were formed to determine possible reasons, fraudulent reporting practices was a major contributor.  The most prevalent was the collaspe of the Savings and Loan Industry.  At least a third of the associations were on the brink of failure towards the end of the decade; fraudulent practices were among the eight factors responsible for the disaster (law.jrank). 

     The U.S. House of Representatives stepped in, commissioned a Subcommittee on Oversight and Investigation, and held hearings dissecting the accounting profession.  The report determined that the system of public disclosure and reporting needed immediate focus and corrective action to avert like situations.

     A private sector responded to the findings, in l985, spearheaded by James C. Treadway, Jr., Executive Vice President and General Counsel for Paine Webber, Inc, former commissioner of the Security and Exchange Commission (SEC).  The joint sponsorship include five major associations: the AICPA (American Institute of Certified Public Accoutants), American Accounting Association, FEI (Financial Executives International), IIA (Institute of Internal Auditors), and the Institute of Management Accountants.  The commission, originally named the National Commission on Fraudulent Financial Reporting, changed to the Treadway Commission, primary objective was to identify factors of fraudlent reporting and to make viable recommendations to reduce future incidents (coso.org).

The Treadway Commission

     The Treadway Commission’s groundbreaking report was published in l987.   Recommendations for management, their target audience, and board of directors of public companies, the public accounting profession, SEC and other regulatory and law enforcement agencies, were included.  The report, also, provides them with a common definition of internal controls that serve all parties, encouraging standards and criteria for evaluating their company control systems, and to make necessary adjustments (answers.com).

     The report identified several incidents that may have contributed to fraudulent financial reporting; environmental issues, institutions and individual persons’ monetary gain to enact fraudulent activities.  Two ways to accomplish this are to falsely improve their financial appearance, so company maintains market stock prices, and persons falsifying reports to achieve goals and be awarded incentives (e.notes).

The Treadway report directly addressed company internal control systems, with five interrelated components:

1)      Control Environment-tone of an organization.

2)      Risk Assessment-how management deals with risk factors.

3)      Control Activities-policies and procedures to insure directives are enforced.

4)      Information and Communication-to be done in a timely fashion; should flow through the company.

5)  Monitoring-evaluating and internal control systems.

To conclude a system is effective all five components must be present. (Steinberg.R).

     The Treadway Report also said, auditors should be brought into the loop of corporate governance and warranted the interaction between auditors and audit committees.  Noted in the report was that a vast percentage of companies penalized by the SEC had audit committees, therefore, simply having a committee is not enough to function effectively.  The auditors must be independent and attentive, concerned about company actions, to lessen possible litigation against them (free library).

     The Treadway Commission backed-up their recommendations with a formal committee, COSO (Committee of Sponsoring Organizations of the Treadway Commission).  Throughout the years, a myriad of concepts and views of internal controls

developed in legislation, regulation, professional standards and guidelines, public and private companies to reduce incidents of fraudulent practices.

     A portion included in the report highlighted the role of auditors, noting that auditors should be brought into the loop of corporate governance.  It warranted the interaction between auditors and audit committees.  A vast percentage of companies penalized by the SEC had audit committees; therefore, simply having a committee is not enough to function effectively.  The auditors must be independent and attentive, concerned about company actions, to lessen possible litigation against them (free library).

    Supporting the public sector further, COSO, in l992, devised and implemented the Internal Control-Integrated Framework.  A milestone in the progression of how to access the effectiveness of internal controls.  The framework method provides a benchmark to assists businesses in developing and enforcing effective internal control systems.  Now incorporated into policy, rule and regulation, utilized by thousands of enterprises to enhance quality control activities.

Criticism

     Overall, COSO had extremely positive feedback, however, with any new program, some criticism follows.   The General Accounting Office (GAO) believed COSO failed to

fully utilize the outside auditor, who unlike management has a public responsibility in correlation with reporting and disclosure requirements. The Federal Deposit Insurance Corporation’s Improvement Act rejected COSO’s definition of internal control; they would limit it to “financial reporting,” while the FDIC would also include control subsistence and compliance with asset management.  Eventually, both the GAO and the FDIC agreed on a modified version of the COSO document in l994 (Rigos,J).

     Some small companies found COSO to be overwhelming, and had problems applying to its procedures.  Before COSO finance managers, at many of these businesses, relied on external auditors to provide advice on financial systems. With few alternatives, executives besieged officials at COSO for help, prompting the commission to revise draft

of guidance for small firms.  The COSO was too cumbersome for mid-level managers.

     Sarbones-Oxley Act

      Sarbones-Oxley Act was passed in 2002 as a result of a series of high profile, corporate financial failures, caused by illegal activity concealed behind fraudulent reports

(Ex. Enron), it calls for executives to be personally liable for the accuracy of financial statements for their company.  The Act includes; improving the quality and lucidity in financial reporting and independent audits and accounting services for public companies,

created the Public Company Accounting Oversight Board (PCAOB) to enhance standards in accounting practices, and strengthen the independence of firms that audit public companies.

     Sarbones-Oxley Act highlights chapters on internal control framework and audit programs.  The risk/control matrices, self-assessment questionnaires and audit programs relating to sections 302 and 404 regarding Certification of Disclosure and Managements Internal Controls and Procedures are based on the Internal Control-Integrated Framework by COSO.  The Act encourages, but doesn’t require public trade corporations to use an internal control framework.  The SEC and PCAOB also recommend using COSO’s program (sarbones-oxley.com).

     A majority of public companies decided not to comply with the Sarbones-Oxley Act independently and adopted the COSO framework method. An article by Helen Shaw, CFO Magazine, reported results of a poll conducted by CFO in January 2006.  Three quarters of respondents relied on various frameworks along with COSO when devising internal controls.  One third surveyed use COBIT, a technology-governance published by IT Governance Institute, and 28% indicated they base their section 404 program on Auditing Standard Number 2 guidelines by the PCAOB (Shaw, H).

     The private-sector businesses using COSO proved to be insightful. The Act would eventually incorporate exhaustive risk management chapters, with the inclusion of Section 404.  COSO already had a detailed risk management section (ERM) in place, which would comply with the enhanced Act. (IIAudit).

Enterprise Risk Management

     Enterprise Risk Management (ERM), a condensed view of risk from both operational and strategically perspectives, is an addendum to the Commission.  In 2001, COSO initiated a project to develop an Enterprise Risk Management- Integrated Framework. They enlisted an Advisory Council composed of auditors and consultants and PricewaterhouseCooopers to aid in defining ERM, comprising a framwork readily usable by managers to evaluate and improve their companys’ enterprise risk.

     The committee needed to provide key doctrine and concepts, common lanuage and clear directions and guidance.  Internal control would always be an essential part of the framework.  ERM didn’t replace any portion of the original documents, but was incorporated into the Internal Control-Integrated Framework, making a complete, proficient, valuable package.

All parties concerned benefited; executives can assess their company’s ERM program against a standard, strengthen their process and move their company forward; legislatures and regulators can easily look into a company’s program with common ERA framework to learn their risk status at a glance.

     One issue COSO strived to accommodate with the ERM was concern small businesses had when the Internal Control- Integrated Framework was implemented; it was too

complicated for mid-level management.  COSO insisted on ERM having concise directions and explicit guidelines.

      As stated earlier, the ERM framework explands on internal control, with extensive focus on the broader topic of enterprise risk management.  It also supplies information for management to help determine how much risk their company is prepared to take.  Uncertainty is faced by all entities, the Enterprise Risk Management-Intergrated Framework supplies management with information to help determine how much risk theire company can take as it grows in value.

     The Framework method ensures effective reporting and compliance with laws and regulations.  The process helps avoid damage to the company’s reputation and negative consequences put forth by excess risk (coso.org).

     COSO included four categories in the Enterprise Risk Management-Intergrated Framework:

1)      Strategic – high-level goals, aligned with and supporting its mission.

2)      Operations – effective and efficient use of its resources.

3)      Reporting – reliability of reporting.

 4)  Compliance – compliance with laws and regulations.

       Mike Malwitz, Director, Product Marketing at Hyperion states in an article for InSights, “Business Performance Management (BPM) has shifted from traditional financial forcasting and is now becoming a key component of managing strategic risk.”

The ERM has had a positive effect for all entities, risk maybe inevitable. but with a framework it is foreseeable.

Conclusion

     The Committee of Sponsoring Organizations of the Treadway Commission is a

United States private-sector initative.  Formulated from the extensive Treadway Report,

the COSO created and implemented the Internal Control-Integrated Framework and later incorporated the Enterprise Risk Management -Integrated Framework into their extensive

program.

     COSO unified an internal control system, standardizing methods, reporting and

practices.  The benefits of this process range from deterring fraudulent activities, protecting public companies and assisting government agencies in effectively observing

internal control systems.

      Both frameworks, the Internal Control and ERM are used by thousands of companies, recommended by the Security and Exchange Commission and the Public Company Accounting Oversight Board.  COSO is the primary reference for the Sarbones-Oxley Act of 2002. which utilized the reports information on risk management to comprise their

Enterprise Risk Management chapters.

      In a September 17th, 2007 press release, Trish Harris, Director of IIA Corporate Communication and Public Relations, stated that the COSO was announcing the release of its discussion document: Guidance on Monitoring Internal Control Systems.  The

discussion is designed to help organizations monitor the quality of their internal control systems.  A feedback portal is open for public comments until October 31st, 2007 at www.coso.org/publications.htm.

     COSO Chairman Larry Rittenberg, Phd., states “this guidance more fully develops the monitoring component of COSO’s Internal Control-Integrated Framework.”  Mr. Rittenberg is very confident in COSO’s delivering a final product that “meets the needs of multiple stakeholders,” (Harris,T).

                                                      Works Cited

Answers.com.  “Committee of Sponsoring Organizations of the Treadway Commission.”

     http://www.answers.com/topic>.

Coso.org.  “Committee of Sponsoring Organizations (COSO) of the Treadway

     Commssion.” http://www.coso.org>.

E.Notes.com.  “Fraudulent Financial Reporting.” 10 Nov. 2007

     http://www.enotes.com

FreeLibrary.com.  “Enhancing Audit Committee Efectiveness.” 1 Aug. 1996

     Http://www.thefreelibrary.com

Harris,Trish. “News Release” l7 Sept. 2007.http://www.coso.org/PUBLICATIONS.HTM

II Audit.  “Quality Assessment, The Instituteof Internal Auditors.”

     http://www.theiia.org

Law.jrank.org.  “Savings and Loan Association-Further Readings.” http://law.jrank.org

Malwitz, Mike. “Business Performance Management’s Strategy.” The Insights

     http://www.hyperion.com

Rigos.James. “A CPA’s family of fraud discovery duty; “Not a bloodhound but a

     watchdog.”  Fall, l994

     http://www.findarticles.com/p/articles/mi_qa3703/1s_199410/as_n87

Sarbanes-Oxley.com.  “Financial and Accounting Disclosure Information

     http://www.sarbanes-oxley.com

                                     Works Cited Con’t

Shaw,Helen.  “The trouble with COSO.” 15 March 2006, CFO Magazine

     http://www.cfo.com/printable/article.cfm/

Simmons, Mark.  “What is COSO.” 10 Jan. 2006

     http://www.facilitatedcontrols.com/internal-auditing/cosois.htm

Steinberg,Richard. “Internal Control-Integrated Framework: A Landmark Study.”

     June l993, the CPA Journal. http://www.nyssopa.org/cpajournal/old/14465853.htm

.