SEC on Frameworks
Source: Final Rule: Management's Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports
Excerpts from this Final Rule
"We believe that each company should be afforded the flexibility
to design its system of internal control over
financial reporting to fit its particular circumstances."
In this same final rule, the SEC says:
"The methods of conducting evaluations of internal control over financial reporting will,
and should, vary from company to company.
Therefore, the final rules do not specify the method or procedures to be performed in an evaluation."
They go on to discuss the COSO framework:
"...we have modified the final requirements to specify that
management must base its evaluation of the effectiveness
of the company's internal control over financial reporting
on a suitable, recognized control framework that is established
by a body or group that has followed due-process procedures,
including the broad distribution of the framework for public comment.
The COSO Framework satisfies our criteria and may be used
as an evaluation framework for purposes of management's
annual internal control evaluation and disclosure requirements.
However, the final rules do not mandate use of a particular framework,
such as the COSO Framework, in recognition of the fact that
other evaluation standards exist outside of the United States,
and that frameworks other than COSO may be developed within
the United States in the future, that satisfy the intent
of the statute without diminishing the benefits to investors."