COSO has finally released the highly popular Internal Control - Integrated Framework for Small Public Companies. The framework is in its draft form and is open for comments. The draft framework can be Downloaded from COSO's website. The guidance note stresses on the fact that even smaller companies can have effective internal controls. The only difference being the way it would be implemnted would be different than larger companies. Due to their unique nature, management of smaller companies have a much wider span of control and a hands-on approach on monitoring internal control activites.

The Framework officially called as the "Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting" focuses mainly on the following areas:

Control Environment - Such control environment is normally much transparent in a small company.

Risks - Risks have to be considered from the perspective of financial statements.

Control Activites - Operation of Controls and the responsibility for their execution have to be understood by all.

Information Technology - Small Businesses can take advantage of Information Technology to leverage effective internal control.

Monitoring - Effectively monitoring the controls in place provides an assurance that controls are working as intended.

Roles & Responsibilties - Responsibilties for executing control activites have to be clearly defined. Personnel in the small business should understand the objectives of internal control and financial reporting.

The New Guidance for Smaller Companies on Internal Control is intended at Board Members, Senior Management, Other Personnel and Staff, and the External Auditors. One of the key stress areas of the guidance is that internal controls to be successful in a Small Public Company scenario need to be cost effective. Cost of placing an internal control have to be balanced with the potential benefit. To ensure this, the guidance suggests the following measures:

1. Small Public Companies should start looking at internal control from a risk based perspective.

2. The various components of internal control framework discussed above have to be viewed as a whole instead of as seperate components.

3. The guidance suggests that smaller companies can lay stress on informal controls since such controls due to their pervasive nature are more effective in achieving a better control environment.

4. Finally, smaller public companies have to now start using a approach of documenting their controls using available technology.