Board to Consider Proposing a Revised Auditing Standard on Internal Control over Financial Reporting
The Public Company Accounting Oversight Board has announced an open meeting for 9:30 a.m. Tuesday, December 19, to consider proposing for public comment a new auditing standard to supersede the Board’s existing auditing standard on internal control over financial reporting, and other related proposals.
The meeting will be held in the Board’s open meeting room at 1666 K St. NW, Washington, DC. The meeting is open to the public and will be webcast via a link on the PCAOB’s Web site (www.pcaobus.org) that will be made available on the day of the meeting.
“The Sarbanes-Oxley Act's internal control requirements have been described as the most significant change in public company auditing since the advent of the federal securities laws," said Chairman Mark Olson. "While the requirements provide great benefits to companies and their investors, we are concerned that the costs are not adequately aligned with the benefits. For its part, the PCAOB will consider changes to the auditing standard on internal control over financial reporting that provide for a much more efficient, risk-based, scalable implementation. It is important that investors, companies, and auditors carefully consider and provide comments on the new proposal so that we reach the right result.”
“The PCAOB is applying what it has learned in two years of monitoring the implementation of Auditing Standard No. 2, to help auditors make their internal control audits as efficient as possible while maintaining the benefits to investors,” said Tom Ray, Chief Auditor and Director of Professional Standards.
A more detailed discussion of the matters to be considered follows.
In March 2004, as directed by Sections 103 and 404(b) of the Sarbanes-Oxley Act of 2002, the PCAOB established an auditing standard to provide for an integrated audit of both internal control over financial reporting and the financial statements themselves. The Securities and Exchange Commission approved the standard, known as Auditing Standard No. 2, in June 2004. Auditing Standard No. 2 now serves as a companion to the SEC’s rule implementing Section 404(a) of the Act, which requires companies annually to provide their managements’ assessments of the effectiveness of internal control.1 Large, established companies, known as accelerated filers, have been required to comply with the SEC rule since fiscal years ending after November 14, 2004. The SEC’s rule has not yet become effective for smaller companies, known as non-accelerated filers, but the SEC has recently proposed a requirement for these companies to first obtain an internal control audit for the company’s fiscal year ending on or after December 15, 2008.
The Board has closely monitored implementation of its standard, including through its inspections of internal control audits and two public roundtable discussions held in April 2005 and May 2006. Based on the Board’s experience, and before smaller, non-accelerated filers will be expected to comply with the Act’s internal control reporting requirements, the Board intends to propose for public comment a new auditing standard on internal control, together with certain other related proposals. Consistent with the plan announced by the Board on May 17, 2006, the proposal is expected to be guided by five goals –
1. Focus the Internal Control Audit on the Most Important Matters – The Board intends to consider changes that would focus auditors on matters that present the greatest risk that a company’s internal controls will fail to detect or prevent a material misstatement in its financial statements. In particular, the Board plans to consider changes that would:
- More clearly focus auditors on identifying control weaknesses before they result in material misstatements in the financial statements.
- Require auditors to use a top-down approach that begins with the financial statements and company-level controls, and to identify for further testing only those controls that are, in fact, important to the effective functioning of a company's internal control over financial reporting.
- Emphasize the importance of a company’s control environment, and how it can affect the risk of financial reporting fraud or other material failure.
- Emphasize higher risk stages of financial statement preparation, such as the period-end close process.
2. Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits – The Board is evaluating every area of the internal control audit to determine whether the existing standard encourages auditors to perform procedures that are not necessary to achieve the intended benefits of the audit. In particular the Board plans to consider changes that would –
- Clarify that an internal control audit is limited to an evaluation of whether, in the auditor’s opinion, the company’s internal control is effective, and does not include an opinion on the adequacy of management’s process to reach its conclusion.
- Permit auditors to use experience gained in previous years’ audits to make audits in subsequent years more efficient.
- Clarify how auditors should use risk assessment to eliminate from further consideration those accounts that are unlikely to contain a material misstatement.
- Require auditors to consider whether and how to use the work of others, instead of doing certain procedures themselves.
3. Incorporate Guidance on Efficiency – Since Auditing Standard No. 2 was first released, the PCAOB has issued guidance to make internal control audits more efficient. The Board intends to consider whether incorporating that guidance into the standard would help to promote improvements in efficiency.
4. Provide Explicit and Practical Guidance on Scaling the Audit to Fit the Size and Complexity of the Company – The Board intends to provide direction in the Standard to help the auditor anticipate the various differences in smaller company internal control and to direct the auditor to tailor the audit for smaller companies.
5. A Simplified Standard – The Board intends to propose a revised auditing standard that is shorter, easier to understand, and more clearly scalable to audits of companies of all sizes and complexity. Among the changes the Board plans to consider are –
- Reducing granularity.
- Redefining key terms.
- Clarifying that the auditor’s evaluation of materiality for purposes of an internal control audit is based on the same long-standing principles applicable to financial statement audits.
- Consolidating the Board’s standards on using the work of others in internal control audits and in financial statement audits into one new standard, so as to better facilitate integration of the two audits.
1 See Item 308 of Regulation S-K, 17 C.F.R. § 229.308.