COSO was adopted in 1992 as a framework for basis to design and then test the effectiveness of internal controls. In 2010, it was deemed necessary to update this more than 20-year old COSO Framework, to provide a more supportable approach when adversarial third parties challenged whether a company has effective internal controls (such as the SEC). , I believe that the SEC will use this to review a company’s compliance internal controls. This means that you need to understand what is required under the COSO 2013 Internal Controls Framework and can show adherence to it or justify an exception if you receive a letter from the SEC asking for evidence of your company’s compliance with the internal controls provisions of the FCPA.
The COSO 2013 Internal Controls Framework defines internal controls, from bottom to top, with the following Objectives: a) Control Environment, b) Risk Assessment, c) Control Activities, d) Information and Communication, and e) Monitoring. From these five Objectives come 17 Principles which we explore in more detail.
Three key takeaways:

You must use the 2013 Internal Controls Framework or a similar source for your internal controls structure.

The 2013 Internal Controls Framework identifies the following areas: a) Control Environment, b) Risk Assessment, c) Control Activities, d) Information and Communication, and e) Monitoring.

Your internal controls must be sustainable.

For more information on how to build out a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Ver todos los episodios