COSO’s new fraud risk management guidelines: What companies need to know

Introduction

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) published its Internal Control—Integrated Framework, (the “COSO Framework” or the “Framework”), a set of guidelines designed to assist companies in evaluating the effectiveness of their internal control systems. Since that time, the Framework has gained broad international acceptance and is viewed as a leading template for designing, implementing, and assessing corporate internal controls. In fact, when the SEC adopted rules under Section 404 of the Sarbanes-Oxley Act (“SOX”) requiring companies to include in their annual reports a certification by management regarding the effectiveness of their internal controls, it announced that the Framework “satisfies our criteria.”1 Accordingly, both the SEC and shareholder plaintiffs have seized on evidence that management failed to abide by the Framework or made a false certification of compliance with the Framework in SOX-mandated reports. These private suits and administrative enforcement actions have cast in stark relief the importance of management’s understanding of, and compliance with, the Framework.

On September 28, 2016, COSO released a standalone Fraud Risk Management Guide. The Guide is intended to supplement the Framework and announce best practices for organizations seeking to assess fraud risks in accordance with Principle 8 of the Framework, which provides that “[t]he organization considers the potential for fraud in assessing risks to the achievement of objectives.” Considering the weight accorded to the Framework by the SEC, the courts, and private civil litigants, companies are well advised to familiarize themselves with the Guide and ensure that both their fraud-risk-management practices and their SOX certifications relating to internal controls comport with this new guidance.

Read the full article: COSOs new fraud risk management guidelines What companies need to know