Upload
molly-simmons
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
11
Practical Implications of U.S. Practical Implications of U.S. Requirements to Report on Requirements to Report on
Internal ControlInternal ControlAndrew D. Bailey, Jr.Andrew D. Bailey, Jr.
Deputy Chief Accountant: Professional PracticeDeputy Chief Accountant: Professional PracticeU.S. Securities and Exchange CommissionU.S. Securities and Exchange Commission
October 2005October 2005
22
FEE Forum on Risk FEE Forum on Risk Management and Internal Management and Internal
Control in the European UnionControl in the European Union
Brussels, BelgiumBrussels, Belgium
October 25, 2005October 25, 2005
33
The Securities and Exchange The Securities and Exchange Commission, as a matter of policy, Commission, as a matter of policy, disclaims responsibility for any private disclaims responsibility for any private publication or statement by any of its publication or statement by any of its employees. Therefore, the views employees. Therefore, the views expressed today are my own, and do expressed today are my own, and do not necessarily reflect the views of the not necessarily reflect the views of the Commission or the other members of Commission or the other members of the staff of the Commission.the staff of the Commission.
DisclaimerDisclaimer
44
SEC SOX Related InitiativesSEC SOX Related Initiatives– Early Activities Early Activities
PCAOB establishmentPCAOB establishmentCEO and CFO certifications CEO and CFO certifications Internal Control Reporting (404)Internal Control Reporting (404)Codes of ethics for senior executives Codes of ethics for senior executives Financial experts on audit committees Financial experts on audit committees Retention of audit records Retention of audit records Stronger auditor independence standards Stronger auditor independence standards Prohibitions on improper influence of auditorsProhibitions on improper influence of auditorsStandards for listed company audit Standards for listed company audit committeescommittees
55
SEC and PCAOB InitiativesSEC and PCAOB Initiatives
– More Recent SEC and PCAOB Activity:More Recent SEC and PCAOB Activity:Internal control auditing and reporting (AS 2)Internal control auditing and reporting (AS 2)
SEC 404 FAQ and PCAOB AS 2 Q&A including SEC 404 FAQ and PCAOB AS 2 Q&A including SEC Staff Comments follow-up to May 2005 SEC Staff Comments follow-up to May 2005 RoundtableRoundtable
Documentation (AS 3)Documentation (AS 3)
Rule 3102 Certain TermsRule 3102 Certain Terms
Elimination of a Material Weakness (AS 4)Elimination of a Material Weakness (AS 4)
Independence and Tax (Rules 35XX) Independence and Tax (Rules 35XX)
Stock Comp/Fair Value (PCAOB FAQ in process)Stock Comp/Fair Value (PCAOB FAQ in process)
66
Releted PCAOB InitiativesReleted PCAOB Initiatives
PCAOBPCAOB– Engagement Quality ControlEngagement Quality Control
Second Partner ReviewSecond Partner Review
– Communications with the Audit CommitteeCommunications with the Audit Committee– Financial FraudFinancial Fraud– Risk AssessmentRisk Assessment– Related Party TransactionsRelated Party Transactions
77
404 and AS 2 – Year 1 and 404 and AS 2 – Year 1 and BeyondBeyond
88
The 404/AS 2 IndustryThe 404/AS 2 Industry
There is no question that the most There is no question that the most influential and controversial activity influential and controversial activity occupying the Professional Practice occupying the Professional Practice Groups time has been the implementation Groups time has been the implementation of the SEC’s 302 and 404 rules and its of the SEC’s 302 and 404 rules and its companion Audit Standard, AS 2.companion Audit Standard, AS 2.
April SEC 404 RoundtableApril SEC 404 Roundtable
May SEC 404 Roundtable Follow-up May SEC 404 Roundtable Follow-up
99
Management’s Assessment of Management’s Assessment of Internal Control Under Section 404Internal Control Under Section 404
– 404 requires management to assess the 404 requires management to assess the effectiveness of its internal controls over effectiveness of its internal controls over financial reportingfinancial reporting
– Effective dates (for fiscal years ending on or Effective dates (for fiscal years ending on or after):after):
November 15, 2004 for Accelerated filers (45 day November 15, 2004 for Accelerated filers (45 day temporary postponement for certain filers)temporary postponement for certain filers)
July 15, 2006 for Non-Accelerated filers and July 15, 2006 for Non-Accelerated filers and foreign private issuers (9/21/05 extended to foreign private issuers (9/21/05 extended to 7/15/07)7/15/07)
1010
Current 404/AS 2 ActivitiesCurrent 404/AS 2 Activities
Current Activities Related to 404 Current Activities Related to 404 Evaluating feedback and next stepsEvaluating feedback and next stepsMonitoring reporting resultsMonitoring reporting resultsConsidering issues related to small Considering issues related to small
businessbusiness
1111
Feedback on ImplementationFeedback on Implementation
– Request for Public CommentRequest for Public CommentOver 200 comment letters receivedOver 200 comment letters received
– Commission Roundtable April 13Commission Roundtable April 13thth
54 participants54 participants
Representing issuers, auditors, investors, audit Representing issuers, auditors, investors, audit committees, among otherscommittees, among others
6 panels focusing on different topics6 panels focusing on different topics
1212
Roundtable and Comment LettersRoundtable and Comment LettersWhat We’ve Heard:What We’ve Heard:
Benefits Benefits – Promotes investor confidencePromotes investor confidence– Increased management focus on controls – Increased management focus on controls –
impacting tone at the topimpacting tone at the top– Improved controls documentation Improved controls documentation – Understanding throughout organization of Understanding throughout organization of
importance of internal controlsimportance of internal controls– Identification of operating efficiency Identification of operating efficiency
opportunitiesopportunities
1313
Roundtable and Comment LettersRoundtable and Comment LettersWhat We’ve Heard:What We’ve Heard:
Costs Costs – Significant training efforts Significant training efforts Deferred maintenance Deferred maintenance
Development of controlsDevelopment of controlsAutomation of controlsAutomation of controlsIntegration of systemsIntegration of systemsDocumentation of controlsDocumentation of controls
Auditor costs – greater than expectedAuditor costs – greater than expectedOpportunity costs Opportunity costs
1414
Roundtable and Comment LettersRoundtable and Comment LettersWhat We’ve Heard:What We’ve Heard:
Scope of TestingScope of Testing– Call for more risk-based approachCall for more risk-based approach– Need for more use of judgment Need for more use of judgment
Assessing materiality and designing scopeAssessing materiality and designing scope
Identifying “key” controls and significant accountsIdentifying “key” controls and significant accounts
– IT general computer controls / new systemsIT general computer controls / new systemsExtent of general computer controls testingExtent of general computer controls testing
Testing and remediation of control deficiencies in Testing and remediation of control deficiencies in new systemsnew systems
1515
Roundtable and Comment LettersRoundtable and Comment LettersWhat We’ve Heard:What We’ve Heard:
Using the Work of Management and OthersUsing the Work of Management and OthersDuplicated work effortsDuplicated work effortsCall for ability to rely more on work of Call for ability to rely more on work of
management and othersmanagement and othersPrincipal audit evidencePrincipal audit evidence
1616
Roundtable and Comment Letters Roundtable and Comment Letters What We’ve Heard:What We’ve Heard:
Terminology and DefinitionsTerminology and Definitions– Difficulty and inconsistencies in applying:Difficulty and inconsistencies in applying:
Significant DeficiencySignificant Deficiency
Material WeaknessMaterial Weakness
More than a remote likelihoodMore than a remote likelihood
More than inconsequentialMore than inconsequential
1717
Roundtable and Public Comments Roundtable and Public Comments What We’ve Heard:What We’ve Heard:
Communications with AuditorsCommunications with AuditorsNeed to restore communication between Need to restore communication between
auditors and issuersauditors and issuersAdditional guidance on potential auditor Additional guidance on potential auditor
independence implicationsindependence implications
1818
Roundtable and Public Comments Roundtable and Public Comments What We’ve Heard: What We’ve Heard:
Other Other Encourage use of judgment through the Encourage use of judgment through the
inspections processinspections processRequest to indefinitely delay the final Request to indefinitely delay the final
accelerated filing datesaccelerated filing datesFully integrate financial statement and internal Fully integrate financial statement and internal
control audits to achieve efficiencycontrol audits to achieve efficiencyDesire to share best practicesDesire to share best practices
1919
Actions Actions
Continuing Commitment to SOX 404Continuing Commitment to SOX 404 Want to address unintended consequences while Want to address unintended consequences while
maintaining investor safeguardsmaintaining investor safeguards
Additional Guidance Posted 5-16-05Additional Guidance Posted 5-16-05 SEC Commission Press Release and Staff SEC Commission Press Release and Staff
StatementStatement PCAOB Board Statement and Staff Q&APCAOB Board Statement and Staff Q&A June SAG meeting devoted to AS2June SAG meeting devoted to AS2
2020
What We’ve Done: SEC Staff What We’ve Done: SEC Staff StatementStatement
– May 16, 2005 Staff Statement issuedMay 16, 2005 Staff Statement issued
Reasonable AssuranceReasonable Assurance
Top-Down Approach / Risk-Based AssessmentsTop-Down Approach / Risk-Based Assessments
Scope of AssessmentsScope of Assessments
Timing of Management’s TestingTiming of Management’s Testing
Evaluating Control DeficienciesEvaluating Control Deficiencies
Disclosures About Material WeaknessesDisclosures About Material Weaknesses
Information Technology IssuesInformation Technology Issues
Communications with AuditorsCommunications with Auditors
2121
SEC Staff StatementSEC Staff Statement
Reasonable AssuranceReasonable AssuranceLevel of assurance regarding the reliability of Level of assurance regarding the reliability of
financial statementsfinancial statementsReasonable assurance does not mean Reasonable assurance does not mean
absolute assurance but it does mean a high absolute assurance but it does mean a high level of assurancelevel of assurance
2222
SEC Staff StatementSEC Staff Statement
– Top-Down / Risk Based AssessmentsTop-Down / Risk Based AssessmentsFocus should be on controls and accounts most Focus should be on controls and accounts most likely to have a material impact on financial likely to have a material impact on financial statementsstatements
Judgment should be used in identifying accounts Judgment should be used in identifying accounts and key controls to testand key controls to test
Resources should be devoted to areas of greatest Resources should be devoted to areas of greatest riskrisk
Audits should not be “check the box” exercisesAudits should not be “check the box” exercises
2323
SEC Staff Statement SEC Staff Statement
– Scope of AssessmentsScope of AssessmentsJudgment should be used in identifying accounts Judgment should be used in identifying accounts and key controls to testand key controls to test
Judgment should be used in determining the Judgment should be used in determining the extent of testing of key controlsextent of testing of key controls
Should relate to the risk of material misstatement Should relate to the risk of material misstatement in the annual, not interim financial statementsin the annual, not interim financial statements
2424
SEC Staff StatementSEC Staff Statement
Timing of Management’s TestingTiming of Management’s TestingEffective testing and assessment may be Effective testing and assessment may be
performed during the yearperformed during the yearJudgment must be used in determining additional Judgment must be used in determining additional
testing required closer to year-end testing required closer to year-end
Evaluating Control DeficienciesEvaluating Control DeficienciesJudgment must be used in determining the Judgment must be used in determining the
severity of control deficienciesseverity of control deficiencies
2525
SEC Staff StatementSEC Staff Statement
Disclosures About Material WeaknessesDisclosures About Material WeaknessesThe nature of the weaknessThe nature of the weaknessThe impact of the weakness on financial The impact of the weakness on financial
reportingreportingPlans for remediating the weaknessPlans for remediating the weakness
2626
SEC Staff StatementSEC Staff Statement
Information Technology IssuesInformation Technology IssuesInclude relevant IT controls in the assessment Include relevant IT controls in the assessment
(controls related to financial reporting)(controls related to financial reporting)Judgment must be used in identifying IT Judgment must be used in identifying IT
controls to testcontrols to testInclude IT upgrades and new systems in Include IT upgrades and new systems in
assessmentassessment
2727
SEC Staff StatementSEC Staff Statement
Communications with AuditorsCommunications with AuditorsThe chilling effect was an unintended The chilling effect was an unintended
consequenceconsequenceAuditor’s discussing and exchanging views Auditor’s discussing and exchanging views
with management does not in itself violate with management does not in itself violate independence principlesindependence principles
Judgment is required in ongoing dialogues Judgment is required in ongoing dialogues with managementwith management
2828
PCAOB Policy Statement and PCAOB Policy Statement and Staff Q&A’sStaff Q&A’s
May 16, 2005 GuidanceMay 16, 2005 GuidanceAudit IntegrationAudit IntegrationThe use of Professional JudgmentThe use of Professional JudgmentTop-down Approach / Risk-based Top-down Approach / Risk-based
AssessmentsAssessmentsUsing the Work of OthersUsing the Work of OthersAuditor Communications with ClientsAuditor Communications with ClientsAdditional Guidance ExpectedAdditional Guidance Expected
2929
Reporting Results So Far…Reporting Results So Far…
Through early July:Through early July: 3,140 filings3,140 filings 419 (13.3%) received audit opinion 419 (13.3%) received audit opinion
indicating ineffective ICFR indicating ineffective ICFR Over 50% had revenues less than $500 million Over 50% had revenues less than $500 million Conversely, less than 10% had revenues greater Conversely, less than 10% had revenues greater
than $1 billionthan $1 billion
3030
Reporting Results So Far…Reporting Results So Far…
Filed Filed reports by reports by industryindustry
With MWWith MW
(% of 419)(% of 419)
ManufacturingManufacturing 32%32% 30%30%
Finance, Insurance, Real Finance, Insurance, Real EstateEstate
29%29% 18%18%
ServicesServices 14%14% 21%21%
Transportation, Transportation, Communication, UtilitiesCommunication, Utilities
12%12% 10%10%
Wholesale and Retail TradeWholesale and Retail Trade 8%8% 14%14%
OtherOther 5%5% 7%7%
3131
419 Adverse Opinions419 Adverse OpinionsWhat types of issues did they What types of issues did they
have?have? Accounting Failures (GAAP) with respect to Accounting Failures (GAAP) with respect to
specific accounts (95%)specific accounts (95%) Accounting documentation, policy and Accounting documentation, policy and
procedures (87%)procedures (87%) Material or numerous auditor/year-end Material or numerous auditor/year-end
adjustments (46%)adjustments (46%) Accounting personnel resources, Accounting personnel resources,
training/competency issues (40%)training/competency issues (40%) Restatement or non-reliance on financial Restatement or non-reliance on financial
statements (39%)statements (39%)
3232
PCAOB Standard:PCAOB Standard:Elimination of Material WeaknessesElimination of Material Weaknesses
– Voluntary engagementVoluntary engagement– Allows auditors to provide reasonable assurance Allows auditors to provide reasonable assurance
that MW has been remediatedthat MW has been remediated– Significant flexibility in how the auditors perform Significant flexibility in how the auditors perform
engagement engagement – PCAOB comment period ended May 16, 2005PCAOB comment period ended May 16, 2005– Board voted approval July 2005.Board voted approval July 2005.– SEC Comment period (TBD)SEC Comment period (TBD)– SEC FAQ (TBD)SEC FAQ (TBD)
3333
Small Business ConcernsSmall Business Concerns
Guidance from COSO – application for Small Guidance from COSO – application for Small Businesses Businesses Expect to issue exposure draft this summerExpect to issue exposure draft this summer
Advisory Committee on Smaller Public Advisory Committee on Smaller Public CompaniesCompanies404 Subcommittee404 SubcommitteeRecommendations expected to be finalized end of Recommendations expected to be finalized end of
September, to be approved by full committee in September, to be approved by full committee in OctoberOctober
3434
SEC Advisory Committee on SEC Advisory Committee on Smaller Public CompaniesSmaller Public Companies
Established December 2004 to examine the impact of Established December 2004 to examine the impact of Sarbanes-Oxley Act and other federal securities laws Sarbanes-Oxley Act and other federal securities laws on smaller companies.on smaller companies.
Agenda items include:Agenda items include:Definition of “smaller public company”Definition of “smaller public company”Consideration of Section 404 of SOAConsideration of Section 404 of SOACorporate governance and disclosureCorporate governance and disclosureAccounting standardsAccounting standardsCapital formationCapital formation
http://www.sec.gov/info/smallbus/acspc.shtmlhttp://www.sec.gov/info/smallbus/acspc.shtml
3535
COSO ActivitiesCOSO Activities
In January 2005, COSO announced a new In January 2005, COSO announced a new project, project, Implementing the COSO Control Implementing the COSO Control Framework in Smaller BusinessesFramework in Smaller Businesses
Anticipate an exposure draft to be issued in Anticipate an exposure draft to be issued in the near futurethe near future
3636
Recent Commission ActionRecent Commission Action
On September 21, 2005, the Commission On September 21, 2005, the Commission extended for one additional year the extended for one additional year the compliance dates for non-accelerated compliance dates for non-accelerated filers ($75 million or less) and for Foreign filers ($75 million or less) and for Foreign Private Issuers that would qualify as non- Private Issuers that would qualify as non- accelerated filers to the fiscal year ending accelerated filers to the fiscal year ending or after July 15, 2007.or after July 15, 2007.
3737
Question and Answer SessionQuestion and Answer Session