Management's evaluation of internal controls under Section 404(a) using the COSO 1992 control framework: Evidence from practice

$43.00 plus tax (Refund Policy)

Buy Article:

Abstract:

EXECUTIVE SUMMARYA large number of surveys and research studies have been conducted on documenting the costs and benefits of implementing Section 404 internal control certification requirements. Overall, these studies conclude that for companies of all sizes — accelerated and nonaccelerated filers — costs far outweigh the benefits and sustaining compliance with Section 404 at such high costs would make US capital markets much less competitive in future. None of these research studies, however, have focused on analysing one of the most key aspects of SOX 404 implementation — that is, how companies are utilising the COSO 1992 control framework to carry their mandate under Section 404(a). Although the COSO Committee had issued in 2004 an ERM-based control framework, the COSO 1992 control model has remained the framework of choice for majority of the companies so far that have filled their Section 404 certifications. This research paper attempts to understand how the guidance presented in this control model is being utilised by documenting the current implementation practices at a cross-section of the SEC registrants. By analysing the responses of 374 survey participants from companies of all sizes, this research study documents that companies are relying more on the internal control auditing standard than utilising the guidance provided in the COSO 1992 control framework to conduct their ICFR evaluations. Such a significant nonreliance on the most widely cited control model should be of concern to the audit committees, senior company managers, external and internal auditors, standard-setting and regulatory agencies in the US and abroad as various other countries assess the practicality and viability of implementing similar rules in their jurisdictions. Given the findings reported in this research paper, investors may question the robustness of ICFR assessment assurances provided to them by the companies in their Section 404(a) management reports, audit committees may wonder if they are being provided with a false-sense of security that their company's ICFR is effective. Similarly, external auditors may question the basis of their client's claim that they have conducted the ICFR assessment 'in accordance with the COSO 1992 Framework.' Policy makers may question whether there is a need to more formally evaluate the suitability of the COSO 1992 control framework for Section 404(a) assessments and if there is a need to develop a set of generally accepted control assessment standards that would provide direct and practical guidance to company managements in conducting their internal control evaluations.International Journal of Disclosure and Governance (2008) 5, 48–68. doi:10.1057/palgrave.jdg.2050073; published online 17 January 2008

Document Type: Research Article

DOI: http://dx.doi.org/10.1057/palgrave.jdg.2050073

Publication date: February 1, 2008

Related content

Share Content

Access Key

Free Content
Free content
New Content
New content
Open Access Content
Open access content
Subscribed Content
Subscribed content
Free Trial Content
Free trial content
Cookie Policy
X
Cookie Policy
ingentaconnect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more