* In its most recent guidance for compliance with Sarbanes-Oxley section 404 requirements for smaller entities, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has provided principles and examples of effective internal control. Titled Internal Control Over Financial Reporting--Guidance for Smaller Public Companies, the guidance emphasizes the business function and cost-effectiveness of internal control. Although the guidance is specifically tailored to smaller public companies, it can be applied to all organizations.
* Five components of COSO's control framework may be viewed as both fundamental principles and an aid to planning, evaluating and updating controls. They are risk assessment, control environment control activities, information and communication, and monitoring.
* Management can monitor controls most efficiently by integrating monitoring activity into financial reporting processes. Principles of effective internal control should not be considered a checklist but should be implemented in accordance with managers' judgment, with a formality of structure appropriate to the size of the organization.
COSO's latest guidance on controls for smaller businesses fits all organizations.
Managers of smaller businesses need to design and implement an effective system of internal control over financial reporting in a cost-beneficial way. To help achieve this, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has provided guidance to smaller businesses in its publication Internal Control Over Financial Reporting--Guidance for Smaller Public Companies (www.coso.org). The guidance encourages CPAs to work with organizations to implement controls that are fundamental building blocks to success. Effective internal control over financial reporting, including management's understanding, design, implementation and monitoring, should be viewed as an important business function.
Often lost in the debate over the costs associated with Sarbanes-Oxley section 404 is the significant number of smaller businesses that fail, often because they do not have good business plans or do not identify and control risks. Research shows that a strong commitment to internal control is a matter of company priority, not a matter of resources. This guidance will help CPAs in industry and in public practice. CPAs in management will find it useful in implementing and evaluating internal control. CPAs in public practice will find it useful in assessing internal control over financial reporting and identifying the types of controls typically found in smaller businesses.
The guidance is drawn from the 1992 COSO Internal Control--Integrated Framework (IC Framework), which it clarifies but does not extend or replace. Focusing on the challenges faced by smaller businesses, the guidance explicitly addresses issues related to:
* Segregating accounting duties.