Washington, DC, May 24, 2007
The Public Company Accounting Oversight Board today voted to adopt Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, to replace its previous internal control auditing standard, Auditing Standard No. 2. The Board also adopted the related Rule 3525, Audit Committee Pre-Approval of Non-Audit Services Related to Internal Control Over Financial Reporting, and conforming amendments to certain of the Board’s other auditing standards.
The auditing standard adopted by the Board today is principles-based. It is designed to increase the likelihood that material weaknesses in internal control will be found before they result in material misstatement of a company’s financial statements, and, at the same time, eliminate procedures that are unnecessary. The final standard also focuses the auditor on the procedures necessary to perform a high quality audit that is tailored to the company’s facts and circumstances. The Board worked closely with the Securities and Exchange Commission to coordinate Auditing Standard No. 5 with the guidance to public company management the SEC approved yesterday. A more detailed discussion of the new standard, and the changes that the Board made from the proposal, is attached.
"The internal control reporting requirements of the Sarbanes Oxley Act are a key reason why the reliability and accuracy of financial reporting has improved over the past few years. The renewed confidence in financial reporting is critical for the health of our markets," said Mark Olson, PCAOB Chairman. "The new standard is more risk-based and scalable, which will better meet the needs of investors, public companies and auditors alike."
Tom Ray, PCAOB Chief Auditor and Director of Professional Standards, said, "The new auditing standard, by focusing the auditor’s attention on those matters that are most important to effective internal control, presents another significant opportunity to strengthen the financial reporting process."
The final standard may be used by auditors immediately following SEC approval, and it, along with Rule 3525, and the conforming amendments, would be required for all audits of internal control for fiscal years ending on or after November 15, 2007.
As part of the Board’s commitment to the effective implementation of the new standard, the Board intends in the coming months to adjust its inspection program to assure that it is consistent with the new standard and its principles-based approach. The PCAOB is also continuing to develop for auditors of smaller public companies tailored guidance for applying the new standard as outlined in its four-point plan of May 2006. The Board also is continuing to hold its Forums on Auditing in the Small Business Environment as a way to further monitor implementation issues related to smaller public companies.
The adopted standard and related documents are available on the Board’s Web site under Rulemaking Docket 21
The Board also approved two staff recommendations concerning the Board’s rules on inspections. First, the Board voted to eliminate the June 30, 2007 tentative sunset date for Rule 4003(d). The Board set the sunset date when it adopted the rule on December 19, 2006, to allow for public comment before making a final determination on the new provision. Rule 4003(d) extends the time period during which the Board must conduct the first and second inspections of firms that registered in 2003 and 2004. The Board’s action today allows the rule to remain in place to provide ongoing, albeit limited, flexibility concerning the timing of the first two inspections of firms that registered in 2003 and 2004. That flexibility allows the Board to make scheduling adjustments that will result in a mix of inspected firms (in terms of the size and nature of audit practices) that is relatively consistent from year to year, while avoiding significant year to year fluctuations in inspection resource requirements. The Board has previously submitted Rule 4003(d) to the Securities and Exchange Commission for approval and that submission is pending.
The Board also voted to propose for public comment an amendment to Rule 4003 that would remove that rule's requirement that the Board regularly inspect certain firms that do not regularly issue audit reports, including firms that play a "substantial role" in audits but do not issue audit reports. The Sarbanes Oxley Act of 2002 only requires the Board to inspect registered firms that regularly issue audit reports. More than 800 registered firms have issued audit reports for public companies in one or both of the past two years, and the Board has determined that the focus of its fixed periodic inspection program should be on such firms. The Board would still retain the discretion to inspect any registered firm at any time and so, for example, could decide to inspect a firm that played a substantial role in an engagement based on information the Board learns in inspecting the principal auditor on the engagement. This proposed amendment is consistent with the risk-based focus that the Board generally brings to bear in considering the most prudent allocation of its inspection resources. Following the close of the comment period on July 23, 2007, the Board will determine whether to adopt the amendment. Any final amendment adopted must be approved by the Securities and Exchange Commission, Neither Board action concerning Rule 4003 would affect the annual inspection cycle for firms that audit more than 100 public companies.
On May 24, 2007, the Board adopted Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That is Integrated with An Audit of Financial Statements. If approved by the Securities and Exchange Commission, the new standard will supersede Auditing Standard No. 2, which was adopted by the Board in March 2004 and approved by the SEC in June 2004. The new standard will apply to audits of all companies required by SEC rules to obtain an audit of internal control.
The new standard results from the Board’s monitoring of auditors’ implementation of Auditing Standard No. 2, through, among other things, inspections of internal control audits and public roundtable discussions held in April 2005 and May 2006. While the Board observed significant benefits produced by the audit, including higher quality financial reporting, it also noted that, at times, the related effort has appeared greater than necessary to conduct an effective audit. Based on these observations, and in light of the approaching date for smaller companies to comply with the Act’s internal control reporting requirements, the Board proposed for public comment a new standard on auditing internal control. The Board received 175 comment letters from auditors, issuers, investors, academics, trade associations, and other interested parties, a large majority of which were generally supportive of the Board’s proposals. The standard the Board adopted on May 24 reflects the Board’s careful consideration of those comments.
The Board’s new standard is designed to achieve four objectives:
The Board’s proposing and adopting releases detail the changes the Board has made, both to Auditing Standard No. 2 and the proposed standard. In particular, in response to comments on the proposal, the new standard –