AICPA Issues Internal Control Reporting Exposure Draft
Sarbanes-Oxley stipulates that management of public companies must include an assessment of internal control procedures in its annual report, and that the outside auditor must attest to that assessment. The SEC had originally set an effective date of September 15, 2003 to implement this provision.
Although the responsibility for setting auditing standards for public companies has shifted to the fledgling Public Company Accounting Oversight Board, the ASB made this move to assist members in getting ready for final regulations. "In the interest of the public, we need to prepare auditors for the SEC's final rule," said James Gerson, Chair of the Auditing Standards Board.
The proposed standards would direct an auditor to evaluate a company's entire system of internal control over financial reporting, including controls such as antifraud programs and controls that address the tone management sets for itself and the organization as a whole.
Included in the exposure draft are proposed Statements on Auditing Standards (SASs) and Statement on Standards for Attestation Engagements (SSAE), including:
- Auditing an Entity’s Internal Control Over Financial Reporting in Conjunction With the
Financial Statement Audit
- Amendment to Statement on Auditing Standards No. 100, Interim Financial Information
- Reporting on an Entity’s Internal Control Over Financial Reporting, which will supersede Chapter 5, "Reporting on an Entity’s Internal Control Over Financial Reporting," of SSAE No. 10, Attestation Standards: Revision and Recodification (AICPA, Professional Standards, vol. 1, AT section 501), as amended.
A full copy of the exposure draft is available for download  from the AICPA Web site.
Comments are requested by May 15, 2003 and may be sent to:
Julie Anne Dilley
Audit and Attest Standards