Friday, August 3rd, 2007
Following approval last week by the Securities and Exchange Commission of a new auditing standard aimed at increasing the accuracy of financial reports while reducing unnecessary audit costs, public companies should start planning their 2007 audits with provisions of the new standard in mind, according to Accounting Management Solutions, Inc.
The new auditing standard — known as Auditing Standard No. 5, or AS 5 — in combination with the commission’s new management guidance, will make Section 404 audits and management evaluations more risk-based and scalable to company size and complexity.
AS 5 is effective for integrated audits for fiscal years ending on or after Nov. 15, 2007. However, the SEC notes, earlier adoption is permitted and encouraged.
AS 5 replaces Auditing Standard No. 2 (An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements) and is intended to increase the likelihood that material weaknesses in internal controls will be discovered before they result in a material misstatement of a company’s financial statements, according to Greg Starr, AMS Middle Market Practice director.
He added that AS 5 aims to reduce unnecessary procedures and related costs, particularly for public companies with a market capitalization of $75 million or less.
DIFFERENCES BETWEEN AS 2 AND AS 5
According to Starr, the differences between AS 2 and AS 5 are significant and have a direct bearing on the content and execution of the entire audit, starting with the risk assessment. For example, he notes, under AS 5:
1) Management's risk assessment and principles-based judgment are
emphasized over the prescriptive auditor-focused approach under AS 2.
2) The risk analysis starts at the financial statement level and entity
level controls.
3) There is an increased emphasis on entity-level controls.
4) The objective is to opine on the effectiveness of internal control over
financial reporting vs. opining on management's assessment of internal
control (AS 2).
5) AS 5 permits the auditor to place greater reliance on the work of
others.
6) There is an increased emphasis on fraud.
START WITH AN AS 5 RISK ASSESSMENT
When complying with Sarbanes-Oxley Act of 2002 (SOX) for the current year, whether you are a first time non-accelerated filer or an accelerated filer, Starr advises companies to start with a risk assessment based on AS 5.
While SOX compliance is rarely viewed positively, it provides a great opportunity for companies to take advantage of AS 5 to enhance and fine tune their control environment, says Starr.
"Putting the appropriate time and effort upfront, and applying the right resources to develop a superior risk assessment will likely reap rewards now and well into the future by reducing SOX compliance costs and audit fees," he says.
Posted in Compliance Management, Regulatory Reform, Risk Management, Sarbanes Oxley | No Comments »
Friday, August 3rd, 2007
Following a LONG comment period - Auditing Standard #5 was approved by the SEC on July 25, 2007 to replace AS 2 and FINALLY put some relief for companies in the SOX 404 Pain-Crunch. (Yay!)
I’ve been seeing more and more information on the internet the last month about the importance on Auditing Standard #5 when it comes to Sarbanes-Oxley and IT Compliance. AS 5 is a HUGE step forward for many people out there feeling the COST of Attempting to be Compliant… But it’s not the TOTAL solution to the problem - the PCAOB, SEC and Congress are continuously weighing the options for Corporations - to prevent more of these ’scandals’ appearing in the news, it’s an uphill battle - but we all appear to be using the right gears to get closer to a solution.
So what’s GREAT about AS 5?
We can all agree that SOX Section 404 has LONG been flawed and costly. With AS 2 they attempted to put the internal control powers to the discretion of the auditing firm - with AS 5 they are now allowing more ‘grey areas’ between the corporation and audit firm to define RISKS, MATERIAL WEAKNESSES and SIGNIFICANT DEFICIENCIES. (i..e. Saving money in labor and consulting fees normally spent to argue these pain-points).
With AS 5 the PCAOB is providing a RISK based auditing alternative - which will allow more companies to better mitigate their risks from the get-go, and also save money on launching their Sarbanes-Oxley Attestation programs.
AS 5 also allows a company to be ’scalable’ on their compliance project based on their size and complexity of internal controls over financial reporting. Providing a better efficiency in the audit to SAVE costs for Small and Medium sized public companies.
Auditors are ‘allowed’ more powers in their own judgment and negotiations with internal corporate auditors, eliminating unnecessary procedures for AS 2.
The SEC also adopted the definition of SIGNIFICANT DEFICIENCY - "a deficiency in Internal Controls over financial reporting that is less severe than a material weakness, but important enough to merit attention".
The good news for our Radian Compliance practice - it that a lot of our key tools we provide to clients are leading the way right along with what the PCAOB and SEC have approved with AS 5.
Take a look at our IT Bill of Rights Blog series to read up on some of the progressive and empowering Auditing ideas we provide to our clients readying for an Audit… and please share your thoughts and ideas with me on how the new Auditing Standard will affect your preparations for the Nov. 15, 2007 deadline.
THINGS LAURIE FAITH LIKES THE MOST FROM AS 5
1) Management’s risk assessment and principles-based judgment are emphasized over the prescriptive auditor-focused approach under AS 2.
2) The risk analysis starts at the financial statement level and entity level controls. (Top - Down, makes it easier and more effective to implement an IT Compliance program)
3) There is an increased emphasis on entity-level controls. (Again - makes the whole Internal Control and General Control environment easier to navigate)
4) The objective is to opine on the effectiveness of internal control over financial reporting vs. opining on management’s assessment of internal control (AS 2). (effectiveness and Testing are KEY, and save a lot of time and paperwork negotiating management initial assessment)
5) AS 5 permits the auditor to place greater reliance on the work of others. (you hear that? Call us up! We can help get your clients in tip-top shape before you even get onsite!)
6) There is an increased emphasis on fraud. (Signing statements and all - it’s hard for the CEO and CFO to let known fraud’s fly under the radar)
Posted in Compliance Management, Regulatory Reform, Sarbanes Oxley | No Comments »
