Say hello to


CPA, CMA, CFE | Shareholder

He was named after a comic character in MAD Magazine. He’s a hockey fanatic and a member of four MINI Cooper Clubs. He and the family also enjoy sea kayaking.

By Mike Nurse CPA, CFE, CGMA | Clark Nuber PS

COSO Series Article Part 1 of 6: The following article is the first part of a six-part series to explore the high-level basics of the COSO1 Integrated Internal Control Integrated Framework (the Framework). The following provides an overview of the Framework itself.

Identifying and Setting Objectives

If you are a manager, director, or business owner, you know the importance of a solid mission statement. You also know the importance of maintaining a clear view of the objectives and goals of the organization.

Your specific objectives may be financially focused, customer-service focused, philanthropically focused, or any unique combination. They could also be other goals set out by your organization.

Setting and reaching goals are two very different things, however. This is because challenges—both expected and unexpected­­—will ultimately impede your progress. These business challenges come in all shapes and sizes, and knowing how to deal with them effectively is critical.

More importantly, though, your organization should be able to maintain reasonable assurance that its goals are being met despite challenges.

What is the COSO Integrated Internal Control Framework?

The Framework is a universal tool for evaluating and improving your business. Through assisting boards of directors, management, and other stakeholders with their internal control duties, the Framework helps reduce risk and increase the organization’s ability to meet its objectives.

The Framework defines internal control as, “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.” In other words, internal control helps an entity reach its objectives, and the Framework provides a structure wherein your business can develop a functional system.

How Does the Framework Work?

The Framework can be visually represented by imagining a three-dimensional cube where the length, width, and depth of the cube represent inter-related elements of your entity. The Framework evaluates these elements and helps your company asses and design its internal controls. The three dimensions of the cube can be explained as follows:

  1. Length of cube: Components. The length of the cube represents the elements required to meet business objectives, including:
    1. Control Environment (e.g. tone at the top),
    2. Risk Assessment (e.g. understanding the unique risks of the organization),
    3. Control Activities (e.g. policies and procedures designed to mitigate risk),
    4. Information and Communication (e.g. communication regarding internal control responsibilities), and
    5. Monitoring Activities (i.e. ongoing monitoring and evaluation of controls).
  2. Width of cube: Objectives. The width of the cube represents the goals the business strives to achieve in the areas of operations, reporting, and compliance; and
  3. Depth of cube: Entity structure. The depth of the cube can be seen as the unique entity structure, including divisions, operating units, and other structures.

This multi-dimensional approach helps organizations develop adaptive internal control systems that mitigate risks, support sound decision making, and assist the business in reaching overall objectives.

In the next article, we will discuss the details of the first component of the Framework: the Control Environment. In the meantime, we encourage you to explore and learn more about COSO at on their website.


Please contact Mike Nurse at with questions or comments about this article.

1COSO which is an acronym for Committee of Sponsoring Organizations of the Treadway Commission, was formed in 1992 as a joint initiative of five organizations, including the American Institute of CPA’s and the Institute of Internal Auditors, among others. Since that time, the committee has been developing and refining frameworks and guidance around enterprise risk management, internal control and fraud deterrence, with the most recent revisions of the Internal Control – Integrated Framework model in 20

Mike Nurse is a senior manager in the Accounting and Consulting Group at Clark Nuber PS.

© Clark Nuber PS and Focus on Fraud, 2017. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.

Keep Reading

Articles and Publications

Business Transition Due Diligence: Avoid Saying, “It was Like That When I Got Here!”

Buyer Due Diligence

Not surprisingly, “it was like that when I got here” is also sometimes heard in the world of business transition. When a buyer’s due diligence identifies deep, sometimes hidden issues, such as issues that affect employee morale or customer dissatisfaction, the seller may be faced with the unwanted reality of needing to sell their business for less than they hoped. Buy-side due diligence is designed to find problems that sellers may not appreciate as significant, but which buyers can use as negotiation points. Even in situations where business control is being transitioned from one generation to the next, the younger generation may not understand the nuances of key vendor relationships, or how the Company navigates regulatory issues. Owners can unwittingly saddle successors with issues that should have been dealt with earlier.

Using Due Diligence to Expose Hidden Issues

Certainly, it may be possible to overcome these issues, at least partially, with an orderly over-lap in the transition of management. That said, not all sellers want to stay involved after their business is sold. In these instances, the buyer is left with the grim reality of a negative situation where all she can say is, “It was like that when I got here.” While due diligence cannot uncover all issues – positive or negative – buyers want to know that due diligence procedures took place. These procedures should include a comprehensive review of the business’ value drivers. Value Drivers are the operating characteristics that underlie every business and form a crucial part of what gets transitioned from seller to buyer. Buyers can use this information to their advantage in negotiating the terms of the deal, as well as in prioritizing future plans for growth. Learn more about the drivers in the video below: [embed] [/embed]

How Due Diligence Benefits the Seller

The flip side of this issue, of course, involves the seller. Sellers often have both the best and worst views of their business. Founders, especially, can have difficulty viewing their business objectively. Typically, a founder builds their business with themselves at the helm. While this means that a founder can navigate almost any circumstance, it does not mean their business is well tuned, or that someone could step into their role without missing a beat. To combat the above situation, it’s best to run your business as though it’s always ready to be sold - even if you are not planning to sell it. Here’s an analogy that shows why this is a smart approach: My house is not for sale, but I aspire to keep it in a condition that would provoke a would-be buyer to offer an unsolicited price that I could not refuse. Why not run a business that way? Operating a business that is well-tuned is much like driving a fine car. Or living in a beautifully maintained home. Its condition allows you to know how it will operate and allows you to assure potential buyers of its worth. It makes sense that a seller can become exhausted from years of building a business. They may feel that they do not have the energy to tune up the business before a transition – even though they may be leaving good money on the table. However, those who have the time and the willingness to view their business objectively, and make improvements, can maximize the financial return. They also benefit from walking away from their sale knowing they’ve provided the buyer with a sound purchase.

Due Diligence in Action

I was once accompanying a client on a tour of his new business. On the tour, I noticed that the plant was bustling with activity - employees would smile and say ‘hello’ as we walked by. It was already 15 minutes past quitting time, but the employees were still working. The owner said that the employees wanted to meet the goals for the day and were willing to put in the extra effort to do so. The client was feeling satisfied: the purchase was complete, and the transition had gone smoothly after a good negotiation and thorough due diligence process. I asked the owner what changes he had made since taking over the business. He replied, “Not much, it was like that when I got here.”


Questions about due diligence? Contact Ron Rauch at, or read more about due diligence and our Business Value Enhancement tool, CoreValue. © Clark Nuber PS, 2017. All Rights Reserved

Colorado and Massachusetts Put the Heat on Remote Sellers

UPDATED OCT. 2017: On June 28, 2017, the Massachusetts Department of Revenue issued Directive 17-2, revoking its earlier Directive 17-1 (below), which would have required remote sellers to collect sales tax on Massachusetts sales beginning July 1, 2017. On September 22, 2017, Massachusetts adopted a new regulation, 830 CMR 64H.1.7 that requires remote sellers to collect tax from their Massachusetts customers on the same terms outlined in Directive 17-1.  830 CMR 64H.1.7 was made effective immediately upon adoption.
July: it typically marks the start of the dog days of summer, when most people’s thoughts are focused on barbecues, trips to the beach, and summer vacation plans, rather than state and local taxes. But for remote sellers (that is, businesses that sell primarily over the internet or mail order), July 1st is shaping up to be an important date this year.

New Vendor Reporting Requirements

First, Colorado’s long awaited (and litigated) vendor reporting requirements finally go into effect on July 1, 2017. Although the Colorado law was enacted way back in 2010, it was immediately challenged, eventually making its way up to the US Supreme Court. However, the dust has now settled from the litigation and Colorado has announced it will begin enforcing the law. Under the Colorado law, any out-of-state vendor that makes at least $100,000 of annual sales to Colorado customers – and does not collect Colorado sales tax – must inform those customers that their purchases may be subject to the state’s use tax. This notification may be provided on the customer invoice, or in another communication made in conjunction with the sale (an online order summary, for example). Additionally, if individual customers purchase more than $500 worth of taxable goods in a year, these sellers must send them an “annual purchase summary” listing purchase dates and amounts. The annual purchase summary must also reiterate that Colorado consumers must pay use tax on all untaxed, nonexempt purchases. Finally, the vendor must send the Colorado Department of Revenue an annual customer information report, listing the name, address, and total untaxed purchases of each Colorado customer. The first of these annual summaries and customer reports are not due until early 2018. To be in full compliance with the new law, however, remote sellers with Colorado customers should start providing notifications to customers and compiling information on nontaxed sales as of July 1st. Unfortunately, for sellers that make more than $100,000 of annual Colorado sales, the only way to avoid being subject to these requirements is to voluntarily start collecting tax from Colorado customers. It is a Hobson’s choice, to be sure, but one that the Colorado Legislature fully intended when it passed the law back in 2010.

Remote Sellers and State Sales Tax

The second reason July 1st is significant for remote sellers is that Massachusetts will start requiring sellers with more than $500,000 in Massachusetts sales, and at least 100 transactions with Massachusetts customers in the prior 12 months, to begin collecting the state’s sales tax on that date. The state is following South Dakota, Alabama, and a smattering of other states that have begun imposing a duty to collect sales tax on remote sellers that have never set foot in the state. Massachusetts is notable in that it is the most populous state yet to try to impose such a duty. Further, it is doing so by administrative pronouncement, without any change in the relevant laws or regulations. This action would seem to be a clear violation of the US Supreme Court’s holdings in the 1967 National Bellas Hess and 1992 Quill decisions, which both confirmed that some physical presence on the part of the seller is required for a state to impose a duty to collect sales tax for the state. However, in his dissenting opinion in a 2015 decision related to the Colorado remote seller law, Justice Kennedy stated that he felt that it was time to revisit those earlier decisions. The tax collection requirements now being imposed by Massachusetts, and other states, are a clear attempt to create just such a case.

What Can We Expect?

In response, two trade groups (NetChoice and the American Catalog Mailers Association) filed suit in Massachusetts state court on June 9th, seeking a preliminary injunction to block enforcement of the remote seller directive, as well as a declaratory judgment that the directive is unconstitutional. A decision (at least on the injunction) is expected before the July 1st enforcement date. Thus, it may come down to the wire as to whether remote sellers must actually start collecting Massachusetts tax on that date, or will get some sort of a reprieve. So, it looks like, while the rest of us are working hard to beat the summer heat, remote sellers may be feeling the heat of the Colorado and Massachusetts state taxing authorities. Save them a cool beverage, won’t you? Questions? Seeking more information on the new legislation, or wondering how it might affect you? Contact Joe Haberzetle at for more information.   © Clark Nuber PS, 2017. All Rights Reserved

FASB Exposure Draft: Accounting for Grants and Contracts

Why is the Guidance Necessary? Under existing guidance, there has been a lack of consistency among not-for-profits in accounting for grants and contracts, particularly those from government agencies and private foundations. The proposed Accounting Standard Update (ASU) provides clarifications to help organizations evaluate if a transaction should be accounted for as a contribution, or as an exchange transaction. How Could the ASU Affect Your Organization? Similar to existing guidance, the first consideration that needs to be made is whether the transaction is reciprocal (exchange), or non-reciprocal (contribution). If the resource provider is receiving value in return for the resources being transferred, it is indicative of an exchange transaction. However, an important distinction the proposed ASU makes is that neither providing societal benefits, nor furthering the resource provider’s mission, constitutes commensurate value. In either of those cases, the transaction should be considered nonreciprocal. Government agencies will often make grants to organizations to provide the public with certain benefits. Most not-for-profits have typically classified these as exchange transactions. The new proposed guidance will now consider them “conditional” contributions. Consequently, the FASB also redefines “conditional” contributions in the proposed ASU. Under the proposed guidance, a contribution would be considered conditional if the donor specifies a barrier that must be overcome in order to be entitled to the funds, and the donor has the right of return of resources provided. If the agreement includes both of the above criteria, the organization would not record grant revenue until it has overcome the barriers. The proposed guidance provides the following notable indicators of barriers:
  • The organization is required to achieve a measurable performance-related outcome, or another outcome that is measurable. Some common examples could be requirements to provide a specified level of service, delivering a number of units of output, making qualifying expenditures, and matching requirements.
  • The organization has limited discretion over how the resources are spent.
  • There are stipulations, which are related to the primary purpose of the agreement, that are not trivial or administrative. The proposed ASU specifically addresses that requirements to supply reports are typically administrative in nature and not considered a barrier.
  • The organization is required take additional action.
What Can We Expect Next? If finalized, the proposed accounting changes could significantly impact the timing of when revenue is recognized by not-for-profit organizations. In the meantime, organizations can begin evaluating the potential impact on financial reporting. The proposed standard would follow the same effective dates as the new revenue recognition standard, ASU 2014-09, Revenue from Contracts with Customers, which is used for annual reporting periods beginning after December 15, 2018. If the not-for-profit in question is a conduit debt obligor with publicly traded debt, the effective date is one year earlier. The FASB invites comment on the exposure draft until November 1, 2017. Clark Nuber PS will continue to monitor and provide updates on the proposed change in the accounting standard. Here is a link to the full exposure draft of the proposed ASU. Questions? Please contact Candi Avery at with questions about this article. © 2017 Clark Nuber PS. All Rights Reserved.

Featured Resources