Is there anybody out there who uses the COSO internal control framework? If so, you may be interested to know that COSO is currently updating it and is currently looking for comments.  Closing date of the exposure draft is 31 March and I would welcome any thoughts.