Even before President Bush told an enthusiastic Wall Street audience in January that "we don't need to change the [Sarbanes-Oxley] law, we need to change the way the law is implemented," the Public Company Accounting Oversight Board (PCAOB) was taking steps to do precisely that. But as it advances an openly "principles-based" approach in replacing Auditing Standard No. 2 with Auditing Standard No. 5, some question whether the new standard is doomed to fail unless associated laws and practices also change.

In an effort to make the auditing of internal controls more efficient, the new AS #5 would no longer require auditors to offer an opinion on management's evaluation of internal controls. It would instruct auditors to cover the areas of greatest risk, rather than obliging them to visit the majority of operations, and also permit them to rely on previous audits rather than start from scratch each year.

While the new rule is subject to revision (following a comment period that ended February 26) and approval from the Securities and Exchange Commission, it looks likely to pass. SEC officials have applauded the changes and note that the Commission's own guidance on the topic takes a similarly principles-based approach.

But critics say the revision will have little impact given the potential for investors to sue auditors and companies. "You can't just go out and change from rules to principles without changing the environment as well," contends Dennis Stevens, director of internal audit for Alamo Group. Unless changes in the legal environment occur — caps on the damages that audit firms might face, for example — Stevens says that "AS #5 is not going to work."

Auditors expect change to be slow. Susan Lister, national director of audit policy at BDO Seidman, says AS #5 is "a step in the right direction," but will take time to implement. With "hundreds of engagement teams, it's difficult to ensure that people are making appropriate judgments when most are inexperienced," she says. "And then you have inspectors coming in, and their judgments will undoubtedly be different than ours." For now, at least, the firm is likely to keep rules-based policies in place for protection.

These difficulties, though, seem unlikely to derail the move to principles-based accounting. Zoe-Vonna Palmrose, SEC deputy chief accountant for auditing and professional practice issues, says that the approach, as part of a broader effort to combat accounting complexity, "is at the top of [SEC] chief accountant Conrad Hewitt's agenda."

The SEC may form a working group comprising managers, auditors, and regulators that would explore the broader changes needed to make principles-based accounting more viable. — Alix Stuart

Going for the Records

In their efforts to reduce sick time and rein in soaring health-insurance premiums, companies have invested in a range of employee health and wellness programs. Now, several large employers have decided to attack the issue from a different angle: they've teamed with an Oregon-based nonprofit to offer workers an electronic health-record-keeping service intended to provide more-efficient medical care and avoid duplicative treatments.

Donating $1.5 million apiece to the effort, Pitney Bowes, Wal-Mart, Intel, and others have contracted with the Omnimedix Institute to build a database, to be known as Dossia, that will contain records from doctors, hospitals, pharmacies, and other sources. These comprehensive records would be the property of each employee, not of the employer, and would, proponents say, save time and money (including insurance premiums) while improving employees' medical outcomes. The National Association of Manufacturers is urging its members to sign on because, as Jeri Gillespie, NAM's vice president for human-resources policy, says, "businesses fund our health-care system, and any move that drives out waste is good both for employers and employees."

Not surprisingly, the concept has triggered concerns about privacy and accuracy. Omnimedix insists that the database will be secure, pointing out that it has hired experts not from the health-care field but from the banking industry. Privacy advocates counter that the banking industry has not been immune to data theft. "Medical-records systems, like banking systems, are prone to hacker attacks and improper disclosure," says Marc Rotenberg, executive director of the Electronic Privacy Information Center. "The systems are not adequately designed and the law does not provide adequate safeguards."

Deborah Peel, an Austin, Texas, psychiatrist who founded and chairs the activist group Patient Privacy Rights, agrees. "There is no law that guarantees that the promises big employers make are ones they have to keep," she says. Dossia is expected to be up and running sometime this summer. — Rob Garver

• 1
• 2
• 3
• 4
• 5
• next »