SEC posts PCAOB's proposed new auditing standard for internal control

By Cydney Posner

The SEC has posted for public comment the PCAOB's proposed new Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements, and Related Independence Rule and Conforming Amendments. AS5 will supersede the much maligned AS2. Please see the 12/19/06 posting.

According to the PCAOB, the new auditing standard has four objectives:

Focus the Internal Control Audit on the Most Important Matters. The new standard is designed to focus auditors on the areas of greatest risk that internal control will fail to prevent or detect a material misstatement in the financial statements. Some of the practices identified to achieve this objective include using a top-down approach to planning the audit, emphasizing the importance of auditing higher risk areas, such as the financial statement close process and controls designed to prevent fraud by management, and providing auditors a range of alternatives for addressing lower risk areas, such as by using knowledge accumulated in previous years’ audits and using work performed by others.

Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits. The new standard attempts to discourage auditors from performing procedures that are not necessary. For example, the new standard does not include the previous standard’s detailed requirements to evaluate management’s own evaluation process and clarifies that an internal control audit does not require an opinion on the adequacy of management’s process. As another example, the new standard removes the requirement that auditors test a "large portion" of the company’s operations or financial position, thus refocusing the multi-location direction on risk rather than coverage. The new standard also focuses auditors on fulfilling the objectives that a properly performed walkthrough achieves rather than requiring performance of a walkthrough, which, under some circumstances, might lead to a checklist approach. ("In performing a walkthrough, the auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records, using the same documents and information technology that company personnel use. Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant documentation, and re-performance of controls…. In performing a walkthrough, at the points at which important processing procedures occur, the auditor questions the company's personnel about their understanding of what is required by the company's prescribed procedures and controls. These probing questions, combined with the other walkthrough procedures, allow the auditor to gain a sufficient understanding of the process and to be able to identify important points at which a necessary control is missing or not designed effectively. Additionally, probing questions that go beyond a narrow focus on the single transaction used as the basis for the walkthrough allow the auditor to gain an understanding of the different types of significant transactions handled by the process.")

Make the Audit Clearly Scalable to Fit the Size and the Complexity of Any Company. The new standard includes notes throughout designed to provide guidance regarding tailoring of internal control audits to fit the size and complexity of the company being audited. It also discusses the relevant attributes of smaller, less complex companies as well as less complex units of larger companies. The upcoming guidance for auditors of smaller companies is expected to develop these themes even further.

Simplify the Text of the Standard. The new standard is shorter (weighing in at only 172 pages), simpler and reorganized. It also seeks to minimize duplication by cross-referencing to existing familiar concepts, such as clarifying that the auditor’s evaluation of materiality for purposes of an internal control audit is based on the same long-standing principles applicable to financial statement audits. In addition, the SEC and PCAOB coordinated to conform certain of the PCAOB's terms to the SEC’s rules and guidance, such as the definition of "material weakness" and use of the term "entity-level controls" instead of "company-level controls."

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.