• COSO currently has a 2017 Enterprise Risk Management Framework replacing the 2004 Enterprise Risk Management Framework. I would like both discussed and the difference between each explained.
• The history of events that led to the creation of COSO starting with a discussion of the events leading to and recommendations of the Metcalf, Cohen and Treadway Commission/Committees and the FCPA of 1977;
• The original COSO Framework of 1992, including a detailed description of what the Internal Control – Integrated Framework looked like and what its purpose was;
• A discussion of the ‘Corporate and Auditing Accountability and Responsibility Act’ (in the
House) and the ‘Public Company Accounting Reform and Investor Protection Act’ (in the Senate) — more commonly called Sarbanes–Oxley (or “SOX”) – in 2002 and the specific requirements within SOX that required implementation of COSO; include a discussion of the sections of the Act that deal with Internal Controls;
• The Enterprise Risk Management – Integrated Framework of 2004 including the four categories of business objectives and eight framework components of ERM;
• The changes COSO has gone through since it was first created and the structure of the COSO Framework of 2013;
• Compare the differences between the 1992 and 2013 Frameworks and explain why the 2013 Framework was needed/is better than the 1992 Framework;
• Discuss any proposed changes that are planned for the future (since the 2013 Framework was adopted including that of 2017); and,
• The importance of COSO in your chosen career (Audit, Internal Audit/Risk or Tax).
• Appendixes are encouraged and conciseness will be rewarded.