Add to collection(s) Add to saved
  1. Business
  2. Finance

Special Alert 03-9

advertisement 
Sp
t
er
Al
March 9, 2004
ial
ec
Securities Law Advisory
PCAOB Adopts Auditing Standard Regarding
Audits of Internal Control over Financial
Reporting and Delays Registration Deadline for
Non-U.S. Audit Firms
At an open meeting today, the Public Company Accounting Oversight Board (PCAOB) adopted its Auditing Standard No. 2, a standard that applies when an auditor is engaged to audit both a company’s financial
statements and management’s assessment of the effectiveness of internal control over financing reporting.
Adoption of the auditing standard is a step toward enhancing the reliability of companies’ financial statements, which, the PCAOB notes, are relied upon by “shareholders, management, directors, regulators, lenders,
investors and the market at large.”
The PCAOB also approved the release for public comment of proposed amendments to its existing interim
auditing standards to conform to the new standard. Finally, the PCAOB adopted a new deadline for registration of non-U.S. auditing firms. Each of these rule changes will take effect after they are approved by the
Securities and Exchange Commission (SEC) pursuant to Section 107(b) of the Sarbanes-Oxley Act of 2002
(the Act).
Audit Standards
As discussed below, the new audit standard will significantly affect all companies subject to the reporting
requirements of the Exchange Act because these companies will be required to include in their annual report
a report of management on the company’s internal control over financial reporting, including management’s
assessment of the effectiveness of the company’s internal control over financial reporting as of the end of the
company’s most recent fiscal year, as well as the report of its auditor on management’s assessment.
The PCAOB proposed the new auditing standard on October 7, 2003. The PCAOB received nearly 200
comment letters regarding the proposed auditing standard, raising numerous concerns about the scope and
likely cost of the PCAOB’s proposed standard. Among the most controversial provisions of the proposed
standard were:
• The scope of the auditor’s assessment;
• The extent to which the auditors would be permitted to rely upon the work of management and others,
including internal auditors;
www.alston.com
e
Sp
lA
cia
t
ler
• The requirement that the auditors perform “walkthroughs” for all significant processes of a company;
and
• The requirement that the auditor evaluate the effectiveness of the audit committee’s oversight of the
company’s internal control over financial reporting, including the independence of the committee
members.
The PCAOB adopted the new audit standard substantially as proposed, but did make some significant
changes in response to the comments. The following significant differences from the proposal were highlighted at the open meeting:
Scope of the Auditor’s Assessment. Pursuant to SEC rules adopted under Section 404(a) of the Act, all
companies subject to the reporting requirements of the Exchange Act will be required to include in their
annual report a report of management on the company’s internal control over financial reporting, which
must include management’s assessment of the effectiveness of the company’s internal control over financial
reporting as of the end of the company’s most recent fiscal year. Section 404(b) of the Act further requires
the company’s auditor to attest to and report on management’s assessment, and the company will be required
to file the auditor’s report as part of its annual report.
In approving the final standard, the PCAOB rejected criticism that the Section 404(b) requirement of an
“attestation” was intended to describe a less comprehensive undertaking than the “audit” contemplated by the
PCAOB’s proposed standard, noting Section 103(a)(2)(A)(iii) of the Act specifically requires the auditor to
include in its audit report (or in a separate report) its own evaluation of the company’s internal control over
financial reporting. The PCAOB took the position that an attestation engagement to examine management’s
assessment of internal control requires the same level of work as an audit of internal control over financial
reporting.
The final standard also specifically retains the requirement that the auditor both evaluate management’s
assessment process and independently test the effectiveness of internal control to be satisfied that the management’s conclusion is correct. In one change from the proposal, the final standard will require that the
auditor express two opinions – one on management’s assessment and another on the effectiveness of internal
control over financial reporting.
Auditor Reliance on the Work of Others. The proposed standard would have severely limited the ability
of the auditor to rely on the work of others, such as management and the company’s internal auditors, in performing its audit. The proposed standard would have required that the auditor’s own work form the “principal
evidence” for the auditor’s conclusions. In addition, the proposal would have created three categories of
controls, with varying levels of permitted reliance on others, including a number of controls where the work
of others could not be used. Some comment letters specifically noted that the PCAOB did not appear to recognize the distinction between work performed by management and work performed by an independent and
objective internal auditor. Others noted that the restrictions on the use of the work of management and others
would significantly impair the ability of the auditors to reduce their workload through reliance on others.
2
e
Sp
lA
cia
t
ler
The PCAOB chose to retain the “principal evidence” requirement, but did revise the final standard, in
response to these concerns, to eliminate the categorical limitations on use of the work of others, in favor of
permitting auditors to exercise substantial judgment about the extent to which they may rely on the work
others, focusing on the nature of controls in question, an evaluation of the competency and objectivity of the
persons who performed the work, and the results of testing of the work of others. In this regard, the PCAOB
specifically noted that “internal auditors would normally be assessed as having a higher degree of competence and objectivity than management or others and that an auditor will be able to rely to a greater extent
on the work of highly competent and objective internal auditor than on work performed by others within the
company.” However, the final standard retains the requirements that the auditor not use the work of others
to reduce the amount of work he or she performs on controls in the control environment and that the auditors
personally perform required walkthroughs.
Walkthroughs. The proposed standard would have required the auditor perform “walkthroughs” of all
of the company’s significant processes and to trace all types of transactions. In a walkthrough, the auditor
traces a transaction from origination, through the company’s accounting and information systems and financial
report preparation processes, to it being reported in the company’s financial statements. Some commenters
suggested that the burden on the auditor of personally performing a walkthrough of all significant processes
would outweigh any incremental benefit to the audit process. Other expressed concerns that the scope of
walkthroughs required would be overly broad and expansive. For example, it was noted that the proposed
auditing standard’s requirement that the auditor trace “all types” of transactions is not consistent with concepts of materiality and risk that exist in other areas of the auditing standard. It was also suggested that the
extent of walkthroughs should vary depending upon factors such as the nature of the transaction, complexity
and exposure to loss.
The PCAOB acknowledged these concerns. The final standard retains the requirement that the auditor
personally perform walkthroughs, but narrows the population of processes and transactions for which walkthroughs will be required. The auditor will be required to select processes for walkthroughs based on its
assessment of the risks and materiality of the processes. The proposed requirement that the auditor walkthrough
“all types” of transactions has been modified to require at least one walkthrough for each “major class” of
transactions. The auditing standard provides that the walkthroughs should encompass the entire process of
initiating, authorizing, recording, processing and reporting individual transactions and controls for each of
the significant processes over the class of transaction.
Audit Committee Effectiveness. The proposed standard noted that ineffective audit committee oversight
of internal control over financial reporting was a significant deficiency and a strong indicator of a material
weakness. Accordingly, it was proposed that auditors evaluate the effectiveness of the audit committee’s
oversight, listing various factors that the auditor will be required to consider, including the independence of the
committee members. Commenters expressed concern that, given the audit committee’s responsibility for the
appointment, compensation, retention and oversight of the company’s independent auditor, the auditor could
be put in an awkward position and perhaps be unwilling to conclude that the audit committee’s oversight is
ineffective. Concerns were also expressed as to whether the auditor is qualified to make the subjective and
legal determinations required in order to evaluate the independence of the audit committee. However, many
investors expressed strong support for this requirement.
3
e
Sp
lA
cia
t
ler
The PCAOB decided to retain this requirement, but clarified that the auditor’s evaluation was not a separate
evaluation. The PCAOB also revised the factors that should be considered by the auditor in evaluating audit
committee effectiveness, eliminating some (most notably compliance with listing standards and certain sections
of the Act) and adding others (generally relating to actual audit committee performance and responsiveness).
In addition, the PCAOB imposed a new requirement that, when the auditor has identified a deficiency in the
audit committee’s oversight of the company’s internal control over financial reporting, the auditor must communicate that conclusion to the full board of directors.
Registration of Non-U.S. Audit Firms
The PCAOB’s pre-existing rule requires non-U.S. auditors of U.S. public companies to be registered with
the PCAOB by April 19, 2004. The PCAOB adopted its previously proposed rule to defer the registration
deadline for non-U.S. firms until July 19, 2004. The PCAOB had proposed this rule on December 9, 2003, as
part of a package of rules addressing the PCAOB’s oversight of non-U.S. firms generally. The other proposed
rules will remain under consideration.
Related Resources:
Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed In Conjunction
With An Audit of Financial Statements, PCAOB Rel. No. 2004-001, http://www.pcaobus.org/rules/Release20040308-1.pdf (Mar. 9, 2004)
Proposed Auditing Standard – Conforming Amendments to PCAOB Interim Standards Resulting From
the Adoption of PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction With An Audit of Financial Statements, PCAOB Rel. No. 2004-002, http:
//www.pcaobus.org/rules/Release-20040308-2.pdf (Mar. 9, 2004)
Briefing Paper: Board Considers Adopting Standard for Audits of Internal Control Over Financial Reporting, http://www.pcaobus.org/rules/BriefingPaper-20040308-1.pdf (Mar. 9, 2004)
Proposed Auditing Standard – An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, PCAOB Rel. No. 2003-017, http://www.pcaobus.org/rules/
Release2003-017.pdf (Oct. 7, 2003)
Final Rule: Management’s Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Securities Act Rel. No. 33-8238, Exchange Act Rel. No. 34-47986,
Inv. Co. Act Rel. No. IC-26068, http://www.sec.gov/rules/final/33-8238.htm (Jun. 5, 2003).
Briefing Paper: Registration Deadline for Non-U.S. Accounting Firms, http://www.pcaobus.org/rules/BriefingPaper-20040308-3.pdf (Mar. 9, 2004)
Proposed Rules Relating to the Oversight of Non-U.S. Accounting Firms, PCAOB Rel. No. 2003-024,
http://www.pcaobus.org/rules/Release2003-024.pdf (Dec. 10, 2003)
4
e
Sp
lA
cia
t
ler
Alston & Bird LLP Securities Law Advisory - Special Alert, “SEC Extends Compliance Dates Under
Section 404 of Sarbanes-Oxley,” http://www.alston.com/articles/Special%20Alert%202-26-04.pdf (Feb.
26, 2004)
Alston & Bird LLP Securities Law Advisory, “SEC Adopts Final Rules Regarding Reports on Internal
Controls and Filing Requirements for Section 302 and 906 Certifications,” http://www.alston.com/articles/
Final%20Rules%20Section%20302%20and%20906.pdf (Jun. 12, 2003)
For more information, contact your Alston & Bird LLP attorney or one of the attorneys in the firm’s
Securities Group.
Details and analyses of past SEC, NYSE and Nasdaq action implementing the Sarbanes-Oxley Act and other corporate governance
efforts are available at A&B’s Sarbanes-Oxley and Corporate Governance Resource Center. For these and other related securities
advisories, click here.
If you or a colleague would like to receive future Securities Law Advisories and Special Alerts electronically, please forward your contact
information, including your e-mail address, to securities.advisory@alston.com. Be sure to put “subscribe” in the subject line.
5
Related documents
Case
Case
Green Impact Auditor
Green Impact Auditor
Auditor Reporting ppt
Auditor Reporting ppt
MSA 516 Application Controls Project
MSA 516 Application Controls Project
SIFMA Regional Conference The Impact of the PCAOB on the Industry
SIFMA Regional Conference The Impact of the PCAOB on the Industry
Electronic Data Processing * Audit Sistem Informasi
Electronic Data Processing * Audit Sistem Informasi
Going Concern PowerPoint Presentation
Going Concern PowerPoint Presentation
Download
advertisement