4 Steps for Updating Your Internal Controls Framework

When was the last time you updated your internal control systems? After more than 20 years, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) updated its Internal Control – Integrated Framework, the guiding document for effective internal control systems. With the original 1992 Framework being superseded before the end of the year, companies need to begin the transition to the new 2013 Framework immediately if they have not done so already.

Follow these steps to upgrade your internal controls framework:

1. Develop awareness, expertise and alignment: Develop subject matter experts to support a small project team that will oversee the project. Those responsible should familiarize themselves with the Framework and consider attending available training. The COSO guidance is available on its website, as well as on the websites of COSO’s sponsoring organizations. Furthermore, senior management should be engaged from the onset of the project to ensure the controls Framework is aligned to business objectives.
2. Conduct preliminary impact assessment: Map your existing controls to the updated Framework to determine gaps. This will enable the project team to more effectively plan the transition through focusing resources where they are most needed.
3. Facilitate broad awareness and training: Inform and train your company’s board of directors, operating management and key process/control owners on the key changes necessary and how these changes impact their roles.
4. Design and execute the transition plan: The project team should develop a transition plan that identifies resources and defines milestones. Coordination with key stakeholders during the development phase is key to success.

The process of upgrading controls is never complete. You should meet regularly with your project team and strive to continuously improve your company’s internal control systems. For assistance with assessing and upgrading your company’s controls, please contact me or another member of our risk advisory team.