THE UPDATING OF the COSO Framework in 2013 provides a challenge to existing entity COSO assessments to migrate to the new principles and guidance as soon as possible. With that comes an opportunity to reassess the efficiency and effectiveness of what was previously done, with an eye toward more effective and efficient projects. Entities new to the controls assessment task will find more guidance and implementation hints available today than were available in the early years of COSO assessments. We have learned a great deal in the last decade about internal controls and internal controls theory.

In the period since the COSO Framework became the standard benchmark for assessing the effectiveness of internal controls over financial reporting, public companies have had concerns about the cost–benefits of the exercise. However, the cost to our capital markets and investors of rising numbers of restatements and dramatic frauds cries out for some regulation to stop these dangerous trends. Since implementation in the public company arena, we have seen a measurable decline in the median level of loss attributable to frauds and a decline in the median value of financial reporting frauds in public companies. In addition, the number of restatements of prior-period financial statements has leveled off. To what extent the self-assessment performed by smaller public companies is as effective in preventing financial misstatements and frauds compared to the dual reporting ...