8/12/2019 Coso methodlogy

1/2

soon as is feasible under their particularcircumstances.One Transition ApproachConsidering that COSOs newly released Framework representsan update of the 1992 version and that the principlesand requirements of effective internal controlarticulated in it were encompassed in the original, weexpect a relatively smooth transition at Campbell Soup.Assuming we interpreted the original Framework prop -erly in developing our current SOX compliance program,transitioning to the 2013 Framework by December 2014may be limited to updating the format of several sum -mary SOX reports. We dont expect a significant impacton our underlying SOX compliance methodology,approach, and/or key controls.As co-lead of Campbell Soup Companys originalglobal SOX team in 2003 and 2004, I played a key role indefining Campbells SOX compliance methodology andapproach. Like many companies, we selected the COSOInternal ControlIntegrated Framework and then used itto assess the design and operating effectiveness of ourinternal controls over external financial reporting. Wetrained more than 300 cross-functional associates glob -

ally; designated operational and functional subteams toidentify, document, and test Campbells controls; andaddressed deficiencies as needed.Historically, Campbell Soup has consistently embracedthe importance of maintaining a solid system of internalcontrol. Thus, our primary challenge in 2003-2004 was toeffectively document and test the controls already inplace, including Campbells control activities related tofinancial reporting as well as Campbells company-levelcontrols overall. To address company-level controls, wesifted through COSOs Framework and other guidanceand then developed a customized template for CampbellSoup that consisted of key considerations or attributes

for each of the five internal control components. Leveraginginterviews with senior management and crossfunctionalexperts as well as other evidence we collected,we documented the design and implementation and thenassessed the operating effectiveness of these controls.Even though we expect the transition from COSOs1992 Framework to its 2013 Framework to result in few,if any, changes, we still need to work through it. The followingfive-step process represents one way to navigatethe transition.J u n e 2 0 1 3 I S T R AT E G I C F I N A N C E 47Table 1: Newly ReleasedCOSO Documents

Internal ControlIntegrated FrameworkExecutive Summary. Represents a high-leveloverview of the 2013 Framework and is intended forthe CEO and other senior management, boards ofdirectors, and regulators.Internal ControlIntegrated Framework andAppendices. This volume, approximately 175 pages,sets out the Framework in detail, defining internal control,describing the components of internal control andunderlying principles, and providing direction for all

8/12/2019 Coso methodlogy

2/2

levels of management in designing and implementinginternal control and assessing its effectiveness. Theappendices to this volume, including a glossary, spe -cific considerations for smaller entities, summary ofchanges vs. the 1992 version, etc., provide additionalreference but arent considered part of the Framework.Internal ControlIntegrated FrameworkIllustrative Tools for Assessing Effectiveness of aSystem of Internal Control. This volume providestemplates and scenarios to support management inapplying the Framework, specifically in terms ofassessing effectiveness.Internal Control over External FinancialReporting: A Compendium of Approaches andExamples. This compendium provides practicalapproaches and examples illustrating how the componentsand principles set forth in the Frameworkcan be applied in preparing external financial statements.It is intended to be used as a resource forquestions and research on specific principles andcomponents rather than being read from cover tocover.STEP ONE: Develop Awareness, Expertise,and Alignment

In addition to gaining senior leadership alignment andsupport, the first step in transitioning to COSOs 2013Framework is to build internal awareness and, ultimately,expertise among the resident COSO/SOX subject matterexperts in your company. To do so, you and your teamshould obtain and review COSOs newly released publications,including the Internal ControlIntegrated FrameworkExecutive Summary, Framework and Appendices,Illustrative Tools for Assessing Effectiveness of a System ofInternal Control, and the Internal Control over ExternalFinancial Reporting (ICEFR): A Compendium ofApproaches and Examples. See Table 1 for a brief overviewof each of these documents.

Combined, these COSO publications represent nearly500 pages of guidance, so you may want to leverage othertools and resources as well. Here are some documentsand other resources that will help you navigate thechanges introduced in the 2013 Framework and itsaccompanying guidance. First, in addition to the ExecutiveSummary, recent COSO press releases, a COSO presentationdeck, Frequently Asked Questionsdocument,and other materials are available on COSOs website(www.coso.org). They will provide an effective overviewof COSOs Refresh Project in general and the 2013Framework in particular.Likewise, the five sponsoring organizations have been

supporting COSO in building awareness of the updatedFramework, so a review of their respective websites mayprovide additional insight and perspective. Several ofthem, as well as other parties, will be hosting