SOX 404, AS2 Guidance Is Looming

Auditing and securities regulators have decided to coordinate their schedules this fall, preparing a double feature of new guidance for corporations struggling to comply with Sarbanes-Oxley and for auditors who have misunderstood Auditing Standard No. 2—all within the next two months.

First up is the Public Company Accounting Oversight Board, which wants to reveal its proposal to amend AS2 “later this fall,” according to PCAOB Chairman Mark Olson, who made the remarks in a speech Oct. 17 at the National Association of Corporate Directors.

While Olson gave no specific target date for unveiling the revised AS2, he did say the board wants its proposal to coincide with the Securities and Exchange Commission’s release of proposed guidance for corporate managements trying to comply with SOX Section 404—which the SEC plans to reveal to the world at its meeting Dec. 13.

Olson

“Because there is a great deal of value in these two initiatives being available for public consideration concurrently, the PCAOB is coordinating with the SEC so that the comment periods for the PCAOB’s revised AS2 and the SEC’s management guidance overlap sufficiently,” Olson said.

The tug-of-war between auditors and companies over how to comply with Section 404—which spells out how to test and monitor internal controls over financial reporting—has dominated corporate-governance debates all year. Companies say auditors take AS2 to unnecessary extremes, driving compliance costs sky-high; auditors say they are adhering to standards set forth by their regulatory oversight body, the PCAOB.

To resolve the tension, the PCAOB plans to loosen some more onerous provisions of AS2, while the SEC will give separate compliance guidance to companies so they can stand on firmer ground when they rebuff what they see as overzealous demands from auditors.

What PCAOB Hopes AS2 Revisions Will Achieve

Olson outlined four goals that are driving the revisions to AS2:

First, the PCAOB wants to make the standard easier to read, easier to understand, and “more clearly scalable to companies of any size,” he said. That would address outcry from the market that smaller companies are unfairly punished by the standard because they don’t have the staff or infrastructure to establish the kind of control environment AS2 seems to require.

Second, the Board will consider whether it can strip away any language that “encourages auditors to perform procedures that are not necessary to achieve the intended benefits of the audit.” That would answer criticisms that auditors are over-auditing—especially by testing transactions excessively—because they believe it’s required by AS2.

Third, the Board will look for ways to “make explicit in the standard the PCAOB’s past guidance on how to make internal control audits as efficient as possible.” Companies have told the PCAOB that audit firms aren’t observing guidance the board has issued previously calling for streamlined audit processes and increased efficiency.

Fourth, the board wants ways to make sure the standard focuses on the big picture. “The proposal should emphasize the importance of a company’s control environment, and how it can impact the risk of financial reporting fraud or other material failure, in order to focus auditors on what really matters, which is identifying material weaknesses in a company’s system of internal control before those weaknesses result in material misstatements in the company’s published financial statements,” Olson said.

PCAOB spokesman Michael Shore says the Board has not submitted a formal draft of its planned changes to AS2 to the SEC, although Bill Gradison, board member and former acting chair, told reporters last month that an informal draft was in the hands of the SEC.

Shore said the board exchanges informal documents with the SEC “on a regular basis,” but a formal draft would go through public comment before being handed to the SEC for review.

In a meeting of the board’s Standing Advisory Group earlier this month, PCAOB Chief Auditor Thomas Ray said implementation of AS2 and now its pending revision remains a high priority. In addition, the PCAOB staff is working on guidance for auditors of smaller public companies and is following a new approach with audit firm inspections that focuses more on proper AS2 implementation, he said.

“I expect these activities to continue to require a considerable portion of our resources over the next 12 months,” he said.

And In Other News …

Beyond AS2, Ray said the Board is focused on making changes to auditing literature that accompanies Financial Accounting Standard 154, Accounting Changes and Error Corrections. Issued last year, FAS 154 changes the way companies account for and disclose accounting changes in financial statements, so the PCAOB wants to revise the corresponding auditing literature to make it consistent, Ray said.

PCAOB STATEMENT

Below are excerpts of PCAOB Chief Auditor Tom Ray's speech on Oct. 5 to the PCAOB Standing Advisory Group, outlining his priorities for the upcoming year.

We have identified three projects in the next level of priority. We expect to begin these projects during the next year based on the SAG's input and further discussion with the Board.

Related Parties

In this project, we would reevaluate the auditor's obligation for the identification and evaluation of related parties and related-party transactions.

Related parties and related-party transactions have proven difficult for auditors, because such transactions are not always easily identifiable and the substance of the transactions is not always readily apparent. While the auditing standard and related auditing interpretation encourage the auditor to evaluate related-party transactions as a high risk area, auditors sometimes rely primarily on management and the company's principal owners to identify related parties and related-party transactions.

We would evaluate what direction is needed to help auditors understand the procedures that are necessary to obtain reasonable assurance that related parties and related-party transactions are identified, appropriately disclosed, and do not contain misstatements that are material to the financial statements taken as a whole.

We previously listed this project underneath the broader heading of fraud, but now we believe it is appropriate to undertake a separate standards-setting project on this subject. This project, nevertheless, would address fraud risks.

Confirmations

In this project, we would reevaluate the auditor's use of confirmations to corroborate a company's account balances and transactions directly with third parties. The existing standards do not address all areas for which direct confirmation with third parties may be preferable to applying other audit procedures. For example, existing standards do not direct the auditor to confirm cash account balances—although in my experience, that is a customary practice—or the terms of significant transactions or agreements.

The existing standards also do not address certain practice issues, such as when management requests the auditor not to confirm; how related party confirmations differ from confirmations to independent third parties and the circumstances in which related party confirmations should be used; and authenticating confirmation responses received electronically.

Similar to related parties, we previously listed this project underneath the broader heading of fraud. Although this project would consider fraud-related issues, we believe it is appropriate to undertake a separate standards-setting project on this subject.

Specialists

In this project, we would reevaluate the auditor's use of specialists, either when a company engages or employs a specialist and the auditor uses that specialist's work as evidential matter in performing an audit, or when the auditor engages a specialist and uses that specialist's work as evidential matter.

Specialists are used in determining valuations—including fair value measurements—used in financial statements, determining the physical characteristics relating to quantity of assets on hand or their condition, determining amounts by using specialized techniques or methods, and

interpreting technical requirements, regulations, or agreements.

Earlier this year, the SAG discussed issues relating to specialists. Based on that feedback, and given the increased use of fair value measurements in financial reporting, we are planning to undertake a separate project to reevaluate the auditor's use of specialists.

The IAASB currently has projects-in-process on related parties, confirmations, and specialists. The Auditing Standards Board also has projects-in-process on related parties and the use of specialists. We are monitoring those projects, and will consider their results.

Source

PCAOB Chief Auditor’s Statement On 2007 Standards-Setting Priorities (Oct. 5, 2006)

The Board also is working on an auditing standard required in Sarbanes-Oxley Section 103 to give audit firms more guidance on how to conduct the concurring or second-partner review, which PCAOB prefers to call the “engagement quality review.” That is the review performed by an audit partner who is not a member of the regular audit engagement team, who must sign off on the audit before the report is issued.

Ray

Ray said the Board is taking time to “evaluate what we are learning in the inspections process about engagement quality review that are being conducted under the board’s interim concurring partner standard, and (we) have made substantial progress on this project.”

Finally, the Board is still in the “preliminary stages” of long-awaited guidance regarding the auditor’s role in assessing a company’s risk, especially its risk for fraud. Ray said the Board is evaluating recently revised standards issued by the International Auditing and Assurance Standards Board and the Auditing Standards Board of the American Institute of Certified Professional Accountants.

“In addition, over the past year, the staff has begun to evaluate how the auditor's fraud risk assessment should be integrated with the auditor's overall risk assessment, and we believe there may be an opportunity to clarify this relationship,” Ray said.

Request For Guidance Comes On Heels Of FAS 157 Issuance

SAG members urged the Board to make more progress on defining an auditor’s role in detecting fraud, but also to consider more closely the audit process in light of the growing importance of fair-value measurements in financial reporting. The Financial Accounting Standards Board issued Statement No. 157, Fair Value Measurements, only in September, and SAG members are urging the PCAOB to give auditors some guidance on how to audit financial-statement figures when they are based to an increasing degree on estimates and assumptions.

Damon Silvers, associate general counsel for the AFL-CIO, said the investing public would be outraged if it fully understood that auditors have “no clear duty to look for fraud.” At the SAG meeting, Silvers and Ray debated the extent to which an auditor is obligated to seek evidence of fraud. “The standard should be clearer,” Silvers said.

John Morrissey, operating controller for General Electric, told the PCAOB it needs to bring auditing practices into step with the growing use of fair value in accounting. Fair value “is becoming more and more important,” he said. “We need to make sure we’re in front of the curve.”

Ray said earlier that the Board is evaluating existing auditing standards on how to audit estimates and on using the work of specialists, such as valuation specialists, to determine if changes or guidance might be warranted.