SEC on Frameworks
Excerpts from this Final Rule
“We believe that each company should be afforded the flexibility to design its system of internal control over financial reporting to fit its particular circumstances.”
In this same final rule, the SEC says:
“The methods of conducting evaluations of internal control over financial reporting will, and should, vary from company to company. Therefore, the final rules do not specify the method or procedures to be performed in an evaluation.”
They go on to discuss the COSO framework:
“…we have modified the final requirements to specify that management must base its evaluation of the effectiveness of the company’s internal control over financial reporting on a suitable, recognized control framework that is established by a body or group that has followed due-process procedures, including the broad distribution of the framework for public comment.
The COSO Framework satisfies our criteria and may be used as an evaluation framework for purposes of management’s annual internal control evaluation and disclosure requirements. However, the final rules do not mandate use of a particular framework, such as the COSO Framework, in recognition of the fact that other evaluation standards exist outside of the United States, and that frameworks other than COSO may be developed within the United States in the future, that satisfy the intent of the statute without diminishing the benefits to investors.”