Books: A Guide to COSO’s FrameworkBy
The Internal Control—Integrated Framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is the key to internal control and reporting of that control. But applying the framework successfully isn’t a simple task. That’s where Lynford Graham’s Internal Control Audit and Compliance: Documentation and Testing Under the New COSO Framework can help. This single volume may be the best explanation of the COSO framework for actual practitioners. If you aspire to become a CFO (or to be a better one), you should have Graham’s suggestions as a key tool in your personal toolbox.
Many professional books are filled with broad generalizations but offer few resources that would help with the actual problems in your specific situation: “Work with teams!” “Encourage a long-term perspective!” “Promote green initiatives!” So many writers encourage us to do good things but fail to be specific about how to do them. Graham, a true expert in his field, has written this book with the understanding that you need real help the first time you design and implement an internal control system.
If you don’t know what the COSO framework is, then this book isn’t for you. Graham assumes that the reader has a working knowledge of internal control, what it is, and why it’s important. He helps to get you from the planning stage through implementation of a COSO system that fully complies with the requirements of the Securities & Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB). While undoubtedly the book would help external auditors test a client’s systems, it is aimed primarily at company management who actually do the work.
For example, Graham devotes a whole chapter to developing questionnaires and conducting interviews. It addresses specific details related to issues such as how to evaluate whether your employees are familiar with your firm’s ethical code of conduct or if employees do business in compliance with the code of conduct. You could struggle to determine these things yourself, or you could simply turn to this chapter in Graham’s book and find supportable answers.
But the strength of the book is also its weakness. This isn’t light reading. It will help get you to COSO compliance, but only if you put in the time to absorb the suggestions.