Following a LONG comment period - Auditing Standard #5 was approved by the SEC on July 25, 2007 to replace AS 2 and FINALLY put some relief for companies in the SOX 404 Pain-Crunch. (Yay!)
I’ve been seeing more and more information on the internet the last month about the importance on Auditing Standard #5 when it comes to Sarbanes-Oxley and IT Compliance. AS 5 is a HUGE step forward for many people out there feeling the COST of Attempting to be Compliant… But it’s not the TOTAL solution to the problem - the PCAOB, SEC and Congress are continuously weighing the options for Corporations - to prevent more of these ’scandals’ appearing in the news, it’s an uphill battle - but we all appear to be using the right gears to get closer to a solution.
So what’s GREAT about AS 5?
We can all agree that SOX Section 404 has LONG been flawed and costly. With AS 2 they attempted to put the internal control powers to the discretion of the auditing firm - with AS 5 they are now allowing more ‘grey areas’ between the corporation and audit firm to define RISKS, MATERIAL WEAKNESSES and SIGNIFICANT DEFICIENCIES. (i..e. Saving money in labor and consulting fees normally spent to argue these pain-points).
With AS 5 the PCAOB is providing a RISK based auditing alternative - which will allow more companies to better mitigate their risks from the get-go, and also save money on launching their Sarbanes-Oxley Attestation programs.
AS 5 also allows a company to be ’scalable’ on their compliance project based on their size and complexity of internal controls over financial reporting. Providing a better efficiency in the audit to SAVE costs for Small and Medium sized public companies.
Auditors are ‘allowed’ more powers in their own judgment and negotiations with internal corporate auditors, eliminating unnecessary procedures for AS 2.
The SEC also adopted the definition of SIGNIFICANT DEFICIENCY - "a deficiency in Internal Controls over financial reporting that is less severe than a material weakness, but important enough to merit attention".
The good news for our Radian Compliance practice - it that a lot of our key tools we provide to clients are leading the way right along with what the PCAOB and SEC have approved with AS 5.
Take a look at our IT Bill of Rights Blog series to read up on some of the progressive and empowering Auditing ideas we provide to our clients readying for an Audit… and please share your thoughts and ideas with me on how the new Auditing Standard will affect your preparations for the Nov. 15, 2007 deadline.
THINGS LAURIE FAITH LIKES THE MOST FROM AS 5
1) Management’s risk assessment and principles-based judgment are emphasized over the prescriptive auditor-focused approach under AS 2.
2) The risk analysis starts at the financial statement level and entity level controls. (Top - Down, makes it easier and more effective to implement an IT Compliance program)
3) There is an increased emphasis on entity-level controls. (Again - makes the whole Internal Control and General Control environment easier to navigate)
4) The objective is to opine on the effectiveness of internal control over financial reporting vs. opining on management’s assessment of internal control (AS 2). (effectiveness and Testing are KEY, and save a lot of time and paperwork negotiating management initial assessment)
5) AS 5 permits the auditor to place greater reliance on the work of others. (you hear that? Call us up! We can help get your clients in tip-top shape before you even get onsite!)
6) There is an increased emphasis on fraud. (Signing statements and all - it’s hard for the CEO and CFO to let known fraud’s fly under the radar)