J
In continuance of my thread from yesterday
How useful is the COSO framework? (internal control – integrated framework) actually? And can we use ISO standards to support the COSO framework?
We are two research students (Msc. BPM) from the Aarhus School of Business (Denmark) who are focusing a large research project on the topic of integrating QMS such as ISO 9001, EFQM and MBNQA with SOX, specifically section 404, with the general aim of expediting compliance.
We are corresponding with a large European company stock listed on the NYSE, which has provided us with information pertaining to the implementation of SOX. Due to the support of the COSO framework by the SEC, this European company deemed it pertinent to apply, and mention the use of the COSO framework in their annual reporting requirements.
In their efforts to comply with section 404 they claim to have focused upwards of 90% of their time, effort and money on one specific section of the COSO framework, namely control activities with respect to financial reporting. According to Sanford Leibesman, the ISO 9001:2000 clauses that support or overlap with this part of the COSO framework are; Clauses 5.6.1, 5.6.2, 5.6.3, 8.5.2 and 8.5.3.
We by no means wish to insult Mr. Liebesman’s research and knowledge of this area, but when taking our “insider information” into consideration, it would seems somewhat utopian to rely on five ISO clauses to cover the information needs which apparently constitute over 90% of the costs involved in compliance with section 404.
We are supporters of Mr. Liebesman’s ideas, and the European company in question could be an isolated case. We would therefore appreciate any feedback or comments on the above mentioned.
How useful is the COSO framework? (internal control – integrated framework) actually? And can we use ISO standards to support the COSO framework?
We are two research students (Msc. BPM) from the Aarhus School of Business (Denmark) who are focusing a large research project on the topic of integrating QMS such as ISO 9001, EFQM and MBNQA with SOX, specifically section 404, with the general aim of expediting compliance.
We are corresponding with a large European company stock listed on the NYSE, which has provided us with information pertaining to the implementation of SOX. Due to the support of the COSO framework by the SEC, this European company deemed it pertinent to apply, and mention the use of the COSO framework in their annual reporting requirements.
In their efforts to comply with section 404 they claim to have focused upwards of 90% of their time, effort and money on one specific section of the COSO framework, namely control activities with respect to financial reporting. According to Sanford Leibesman, the ISO 9001:2000 clauses that support or overlap with this part of the COSO framework are; Clauses 5.6.1, 5.6.2, 5.6.3, 8.5.2 and 8.5.3.
We by no means wish to insult Mr. Liebesman’s research and knowledge of this area, but when taking our “insider information” into consideration, it would seems somewhat utopian to rely on five ISO clauses to cover the information needs which apparently constitute over 90% of the costs involved in compliance with section 404.
We are supporters of Mr. Liebesman’s ideas, and the European company in question could be an isolated case. We would therefore appreciate any feedback or comments on the above mentioned.
