The Institute of Internal Auditors Austria

Institut für Interne Revision Österreich
Schönbrunner Str. 218-220, U4 Center, Stiege B, 3.OG, A-1120 Wien
Date: 10.02.2016
From: Mag. Angela Witzany
Phone:+43 (0) 501006-75272
E-Mail: [email protected]
1. Are you a member of one or more of the COSO organizations?
The Institute of Internal Auditors
2. Are you responding on behalf of yourself or an organization or
3. Where do you reside?
4. Where within your organization do you apply the COSO
Framework? In selected areas of the organizations only
4a. Compliance activities
4b. External financial reporting
4c. External non-financial reporting
4d. Internal management reporting (financial or non-financial)
4e. Internal control reporting
4f. Internal audit
4g. Operations activities
4h. Other
5. The updated Framework will help strengthen an entity’s systems of
internal control
Neither agree nor disagree
6. The updated Framework is internally consistent and logical
Neither agree nor disagree
7. The updated Framework is written in a manner that is
understandable and provides ease of use
Neither agree nor disagree
8. The updated Framework is applicable to organizations of varying
legal structures and sizes, and operating in various geographies and
Somewhat agree
9. The updated Framework will impose additional burdens on entities’
reporting on internal control – e.g. reporting on internal control over
external financial reporting based on Sarbanes–Oxley Act of 2002 (
SOX) requirements
Somewhat disagree
9A. If you believe that there is an additional burden, is the
change appropriate? If not, why not?
--10. Compared to the 1992 framework, the updated Framework creates
a higher threshold for attaining effectiveness of internal control
Neither the treshold is the same
11. The 17 principles set out in the updated Framework a complete set
of principles
Somewhat agree
12. The 17 principles with related attributes are helpful in describing
important considerations of an effective system of internal control *
Soemwhat agree
13. There are necessary changes to the principles
Soemwhat agree
14. An entity can conclude that it has effective internal control if one or
more of the 17 principles are not present and functioning
Neither agree nor disagree
Seite 2 von 3
15. The updated Framework appropriately expands the reporting
objective category (i.e. internal and external reporting, financial and
non-financial reporting)
Somewhat agree
16. The expanded reporting objective, and the manner in which this
objective category is presented in the Framework, does not diminish
our ability to apply the Framework when reporting on internal control
over external financial reporting
Strongly agree
17. The updated Framework provides an appropriate balances of
reporting, operations, and compliance related approaches and examples
Somewhat agree
18. Are there any other general comments that you would like to
Knowledge in management not widespread and in ‚competition‘
with ISO and COBIT hard to argue with management
Change from ‚financial reporting‘ to ‚reporting‘ means covering
many areas not yet covered because of to narrow view in original
version 1992
Status of ‚compliant with COSO‘ can not be independently and
objectively stated
Parallel existence of COSO IC-IF and COSO ERM could/should be
transformed to either a merged new framework or transformed to a
two steps of development (simplified – expert)
Exact differences between the old and new document are hard to
establish as there exists no mark-up version with the changes
Institut für Interne Revision Österreich – IIA Austria
Mag. Angela Witzany, CIA, CRMA
President IIA Austria
Seite 3 von 3