PCAOB & SEC Issue Internal Controls Auditing Guidance
“It is clear to us that the internal control assessment and audit process has the potential to significantly improve the quality and reliability of financial reporting,” PCAOB Chairman William J. McDonough said. “At the same time, it is equally clear to us that the first round on internal control audits cost too much. Through the guidance we issue today, as well as our upcoming inspections, we are committed to seeing the AS No. 2 is implemented in a manner that captures the benefits of the process without unnecessary and unsustainable costs.”
According to the Board Policy Statement , in order to properly plan and perform an internal controls audit, auditors should:
- Integrate internal control and financial statement audits in such a way that the evidence gathered and tests used in the course of either audit can be applied toward the completion of both audits.
- Tailor audit plans to the risks facing each client rather than relying on standardized “checklists”.
- Utilize a top-down approach beginning with company-level controls, in order to identify areas relevant to internal controls that need further testing and to eliminate those areas that, based on risk assessments, have little likelihood of containing material misstatements.
- Take advantage of the flexibility of AS No. 2 to use the work of others.
- Communicate with audit client’s in a direct and timely manner when the client seeks the auditor’s views on internal control issues, particularly prior to the client making decisions, implementing processes or finalizing financial reports.
Also on Monday, the Securities and Exchange Commission (SEC) issued a complementary Commission Statement on Implementation of Internal Control Reporting Requirements . The Statement recognizes that implementation of AS No. 2 has resulted in significant cost increases, some of which may have been excessive or unnecessary. Public accounting firms are urged to recognize a zone of acceptable and reasonable conduct that is acceptable in the implementation of Section 404 of the Sarbanes-Oxley Act (SOX).