Full Text

The Internal Control-Integrated Framework, issued by the Committee of Sponsoring Organizations (COSO) in 1992, was revolutionary: it represented the first major formal attempt to define internal control and provide a standard for measurement. Ten years later, the passage of the Sarbanes-Oxley Act (SOX)-specifically, section 404 of the act-further highlighted the importance of internal control. This law not only required organizations to establish and maintain internal controls over financial reporting; it also required managers and external auditors to evaluate and report on the effectiveness of internal control. The SEC also highlighted the importance of internal control shortly after SOX's enactment; in a final rule, the SEC stated, "The COSO Framework satisfies our criteria and may be used as an evaluation framework for purposes of managements annual internal control evaluation and disclosure requirements" (http://www. sec.gov/rules/final/33-8238.htm). The SEC recognized that other suitable evaluation standards existed outside the United States.

The PCAOB continued this focus on internal controls and, specifically, on the COSO framework in 2004, when it issued Auditing Standard (AS) 2, An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, and explicitly referenced the COSO framework as an appropriate framework to use when evaluating internal controls. Although the PCAOB issued AS 5, An Audit of Internal Control Over Financial Reporting that Is Integrated with an Audit of Financial Statements, in 2007 to supersede AS 2, the board continued to reference the use of a "recognized control framework" when auditors perform audits of internal control over financial reporting and when management evaluates the effectiveness of internal control over financial reporting.

Despite the existence of other available frameworks, the accounting profession recognizes COSO's Internal ControlIntegrated Framework as a leading framework for designing, implementing, and conducting internal controls and assessing their effectiveness. The majority of publicly traded companies in the United States rely on the framework. Globally, it has been widely accepted over the years and has been translated into seven languages; moreover, the core concepts of the framework still apply. Bill Schneider, director of accounting at AT&T and a member of the COSO Advisory Council, said in an AICPA webcast, "If you think about any document that has lasted 20 years without any revisions, that's pretty amazing" (http ://www .aicpa. org/interestareas/frc/...