A survey on firms' implementation of COSO's 2013 Internal Control–Integrated Framework

Many firms began implementing COSO's 2013 Internal Control–Integrated Framework in 2014. This study surveys U.S. accounting professionals, primarily from large publicly-traded firms, to examine views concerning the framework and its impact on key areas related to internal controls. The analyses provide insight into five specific topics important to the framework. First, results indicate that respondents view the 2013 Framework and its 17 principles as an overall improvement to the 1992 Framework. However, benefits and costs from implementing the framework appear mitigated because firms already had effective internal control structures in place. Second, respondents view the 17 principles as a set of rules for achieving effective internal controls, but believe the principles still provide adequate flexibility and allow for sufficient management judgment. Third, most respondents indicate changes in at least one of the five components of internal controls, as well as across information technology-related controls. Fourth, in addition to external financial reporting objectives, firms are applying the framework to non-financial, operational, and compliance objectives. Last, results indicate greater expected external audit effort related to SOX Section 404 testing but not audit fees, perhaps due to external auditors' reliance on internal audit departments' work.