Comments on the Updated COSO Internal Controls Draft​

Comments Views

​I have just submitted my comments. The detailed letter can be downloaded from here.

This is the first part of the letter. I welcome your comments and encourage you to submit your own to COSO at


I want to extend my thanks and appreciation for the changes that COSO has made to the first draft. There was a clear desire to listen and understand the constructive comments that were received, especially those around risk management and the potential for individuals to treat the 17 Principles as a checklist.

The latest draft has some excellent content. It is rich with language that explains the various components, and the Principles reflect good practice for organizations to adopt.

While I still have reservations and believe changes are required before the Framework is published, most are fine tuning and clarification.

As I will discuss later, and have written about in my blogs (see references below), the more significant areas that I believe merit attention are these:

  1. What is the purpose of the Framework?
  2. How to assess whether the system of internal control is effective.
  3. The relationships between components.
  4. Use of the Framework in connection with an evaluation of internal control over external financial reporting (I.e., for Sarbanes-Oxley compliance purposes).
  5. The relationship between the Internal Control Framework and Enterprise Risk Management Frameworks and Standards.
  6. The need for globalization of the Framework.

​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
  • CRMA-Launch-October-2021-Blog-1
  • All-Star-Conference-October-2021-Blog-2
  • IT-General-Controls-October-2021-Blog-3