Coso
&
A U D I T I N G
internal
controls
Improving Intemal Control Over Hnancial Reporting
COSO's Guidance Not Just for Public Companies Anymore
By Jeffrey E. Michelman and Bobby E. Waldrup
W
30
Since the application of COSO by SEC registrants that were heti the Committee of Sponsoring Organizations (COSO) released its Internal Control—Integrated accelerated filers In 2004, smaller publicly traded organizations have continued to argue that complying with SOX section 404 was an unfair burden. As a means for improving both the understandability and the applicability of the ICFR, COSO released Internal Control over Financial Reporting—Guidance for Smaller Public Companies (ICFR-SPC). Although the true value and utility of the ICFR-SPC for compliance with SOX section 404 will become clearer over the next several years, the authors believe that the value of the ICFR-SPC goes far beyond publicly traded
Framework (ICFR) in 1992, the event went largely unnoticed. The importance of this framework changed dramatically with the passage of the Sarbanes-Oxley Act of 2002 (SOX). Because SOX required all covered entities to base their assessment of intemal controt on a recognized framework, COSO was readily embraced. Unfortunately, smaller public and nonpublic companies have found the 1992 framework complicated to apply and to understand.
APRIL 2008 / THE CPA JOURNAL
companies. In particular, ICFR-SPC offers great utility to small businesses, but only if it is properly understood and applied. ICfT^-SPC offers a significant opportunity for small CPA firms to offer valueadded services to existing and potential clients. This importance is illustrated in a 2005 survey by the AICPA's Private Companies Practice Section (PCPS). which found that the number-three challenge for small CPA firms was "marketing/practice growth." Small businesses often lack interTial controls because the costs are perceived to outweigh the benefits. Yet these