Have you adopted the new COSO Framework?

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released their updated framework for assessing and reporting on the design and operating effectiveness of internal controls in May of this year. Have you adopted COSO’s new framework and adapted your policyIQ structure to accommodate it? The original integrated framework published by COSO and followed by the majority of public companies subject to the Sarbanes-Oxley Act was released in 1992. The foundation and guidance of the 1992 framework is considered valid and will continue to be made available until the committee (COSO) officially replaces it on December 15, 2014.

So, the clock is ticking.

RGP has helped a number of clients to adopt the new COSO framework and to use our in-house GRC application, policyIQ, to manage the documentation and processes associated with compliance. The process starts with seventeen principles that were introduced with the original framework, but were only highlighted and explicitly called out this year with the release of the new framework. Refer to COSO’s 2013 Internal Control—Integrated Framework for a detailed list and explanation of the seventeen principles.

Plan to transition – we can guide you

Our professional consultants can certainly help you with methodology including the assessment and development (or verification) of controls, as well as testing to ensure that the principles are met. Here are some simple steps you can take to plainly demonstrate consideration and alignment with the seventeen principles within policyIQ:

1.   We recommend establishing an independent template for capturing them in your policyIQ site.


2.   You may also wish to establish a separate Folder structure to easily trace each principle and related controls back to their associated COSO component.


Combining these steps with your ability to link related controls, tests and deficiencies will allow you to build reports illustrating those relationships and to present a complete picture of where you are meeting and, perhaps more importantly, where you are deficient in meeting the COSO principles.

Take 15 minutes today to set up your site—we can help!

If you have any questions or would like some help with implementation of the new COSO integrated framework or with documentation, reach out to us and we’ll put you in touch with the appropriate contact.

This entry was posted in Best Practices, Industry News, Releases and tagged , , , , by Stephenie Buehrle. Bookmark the permalink.

About Stephenie Buehrle

Stephenie is the “solutions” expert on the policyIQ team. With RGP since 2004, she designs and develops solutions that capitalize on the best practices of the hundreds of companies that she has touched, while tailoring each configuration to meet the unique needs of each client. Before joining RGP and the policyIQ team, Stephenie enjoyed working as an independent consultant in the non-profit sector. Stephenie also previously performed analyst services for a major brewer ranging from roles in biological and chemical services to analytical roles in business process improvement and innovation. Stephenie quips that she still doesn’t know what she wants to be when she grows up, but hopes to spend her days helping others (companies, individuals, and communities) to realize their full potential.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s