Reaching Consensus: The GAO's Acceptance of the COSO Report
1994; American Institute of Certified Public Accountants; Volume: 178; Issue: 3 Linguagem: Inglês
ISSN
0021-8448
Autores Tópico(s)Global Financial Regulation and Crises
ResumoSince the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued Internal Control--Integrated Framework in 1992, the report has been widely accepted as the authority on internal controls. A cross section of U.S. businesses uses it in control self-assessments, the American Institute of CPAs is incorporating it into authoritative literature, the other sponsoring organizations (principally the Financial Executives Institute, the Institute of Internal Auditors and the Institute of Management Accountants) are embracing it and it is being discussed in professional journals, the financial press and at conferences. COSO report is being used by virtually all of the largest banks reporting under the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) as the criteria for determining internal control effectiveness. Internationally, the report serves as the basis for internal control standards currently under development in Canada and has been used by a number of foreign-based companies and translated into several languages. report's only major critic was the General Accounting Office. In speeches, letters and articles, GAO officials asserted the COSO report was a retreat from the public interest. (See The COSO Report: Challenge and Counterchallenge, JofA, Feb.93, page 10, for details.) THE REAL ISSUES GAO criticized COSO for dealing adequately with requirements for management reporting on internal control, comprehensive evaluations of controls, auditor involvement, guidance for audit committees and reporting of control deficiencies, among other things. But what the GAO wanted most were (1) required management reports on internal control, at least for public companies, and (2) for such reports to cover only what the COSO report calls financial reporting but also what is sometimes referred to as related to safeguarding assets. GAO's first request is straightforward; it is the second request, rooted in Congress's intent when it passed FDICIA, that is more involved. FDICIA requires large banks for the first time to report publicly on controls over financial reporting. (Congress borrowed the term from the nearly complete COSO report.) But the COSO definition of those did necessarily include what the GAO called safeguarding controls. Why not necessarily? Because it would depend on a company's circumstances. Controls over financial reporting are intended to make sure losses are reported properly in financial statements. If to prevent a loss from fraud or theft, for example, are needed to ensure reliable financial statements, they fall under financial reporting controls. But if those were needed only to prevent losses, with other in place to make sure losses are reported properly, the loss-prevention would fall in the operations category. GAO insisted management reports on internal control should be restricted to making sure losses were reported properly but also should address prevention or early detection of the loss in the first place. In response to the GAO's first main issue--mandatory management reporting, COSO pointed to the Treadway commission report, which clearly had called for management reporting on internal control by all public companies and had suggested a project to establish reporting criteria--the COSO report was the result of that recommendation. There was no reason to repeat the recommendation for reporting, which had already been made by Treadway. On the definitional issue, COSO said that the English language should be subverted. Controls over financial reporting are just that--they help ensure reliable financial reports. Reliable financial statements provide--to management and the board of directors, if to shareholders--information on activities resulting in loss so they can act to prevent such losses from recurring or escalating. …
Referência(s)