In an effort to help auditors understand and implement Section 404 of the Sarbanes-Oxley Act - "Management Assessment of Internal Controls" - the AICPA's Auditing Standards Board (ASB) has issued an exposure draft on Internal Control Reporting. The proposed standard expands the scope of a public company audit as "an integrated activity that consists of an audit of the financial statements and an audit of internal control."
Sarbanes-Oxley stipulates that management of public companies must include an assessment of internal control procedures in its annual report, and that the outside auditor must attest to that assessment. The SEC had originally set an effective date of September 15, 2003 to implement this provision.
Although the responsibility for setting auditing standards for public companies has shifted to the fledgling Public Company Accounting Oversight Board, the ASB made this move to assist members in getting ready for final regulations. "In the interest of the public, we need to prepare auditors for the SEC's final rule," said James Gerson, Chair of the Auditing Standards Board.
The proposed standards would direct an auditor to evaluate a company's entire system of internal control over financial reporting, including controls such as antifraud programs and controls that address the tone management sets for itself and the organization as a whole.
Included in the exposure draft are proposed Statements on Auditing Standards (SASs) and Statement on Standards for Attestation Engagements (SSAE), including:
A full copy of the exposure draft is available for download [1] from the AICPA Web site.
Comments are requested by May 15, 2003 and may be sent to:
Julie Anne Dilley
Audit and Attest Standards
jdilley@aicpa.org [2]
Links:
[1] http://www.aicpa.org/download/auditstd/2003_0318_SSAE_intcontrl.pdf
[2] mailto:jdilley@aicpa.org