FINDING HARMONY IN REPORTING

Internal auditors have long understood the risks related to external financial reporting. Thanks to the US Sarbanes-Oxley Act of 2002, most US publicly listed companies have addressed those risks. Often, organizations have prioritized risks relative to external financial reporting while paying little attention to the risks that threaten other types of reporting. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recognized this in its updated Internal control -- Integrated Framework, which expands the Financial Reporting objective category from the 1992 framework to include not just external financial reporting, but external nonfinancial reporting and internal financial and non-financial reporting, as well. Most companies report on all operating aspects of their business, including forward-looking information that management feels is relevant to understanding the company's business model and operations. Risks associated with internal financial and nonfinancial reporting receive less attention than external reporting.