CFO Blog: Commentary and Opinion

You are here: Home : CFO Blog : That Was Fast. Will It Work?

That Was Fast. Will It Work?
Posted by Tim Reason | | US
May 16, 2005 4:22 PM ET

As PCAOB Chairman William McDonough promised during the SEC's April 13 roundtable on 404, the PCAOB responded swiftly to company complaints of auditor overkill on 404 audits today with new guidance and a staff Q&A.

The PCAOB's release today notes that the Q&A seeks "to correct the misimpression that certain provisions of Auditing Standard No. 2 need to be applied in a rigid manner that discourages auditors from exercising the judgment necessary to conduct an internal control audit in a manner that is both effective and cost-efficient."

Whaddya say folks? Will this do the trick? Will audits be more risk-based as a result? Cheaper? Did the PCAOB give away the store, do too little, or get it just right?

Comments (4)

Comments | Post a Comment

Critics (some of whom were cited in my recent article) who felt 404 costs were high because companies had underinvested in internal controls will likely see the following part of the PCAOB's statement as a victory for the extensive corporate bellyaching that took place during the month of March: "[A]lthough we have not performed
a detailed analysis, it is sufficiently clear to us that the costs to date associated with the implementation of Section 404 have been too high. For the Section 404 process to be sustainable, these costs must be reduced in future years.

The PCAOB, in fact, cites FEI's cost study shortly before making this statement.

But will this new statement reduce costs?

Posted by Tim Reason | May 16, 2005 03:26pm

Still reading through this and am surprised to find that "according to a recent survey commissioned by the largest U.S. accounting firms, auditors believe that the total costs of compliance with Section 404 will decline by 46 percent next year."

Wow. Forty-six percent? I was reporting this stuff pretty closely last month, but somehow I missed that one.

While we're on the subject, who exactly did they survey? That sure wasn't the estimate I heard from the business groups I spoke to.

Posted by Tim Reason | May 16, 2005 03:38pm

Reading through some more, I see the PCAOB has addressed very specifically some of the major complaints coming from corporations. Automated controls, for example, do not need to be tested annually if there is no evidence of a change. And the PCAOB, in question 53, states flat out that documentation is not necessary for an auditor to conclude that a control was effective?a huge source of complaints from registrants.
Posted by Tim Reason | May 16, 2005 04:38pm

I don't know if the blog will allow it, but my comment is bascically my post to the SEC comment site, which, upon my last checking, never actually made it to the site, even though I got the "official" .pdf confirmation (the atachments were posted, but not the actual comment):

Home | EDGAR Search Home | Latest Filings | Previous Page
Thank you for taking the time to comment on this release. Your comments for file number 4-497 were received on March 29,2005.
Please save this page for your records.

Comments received from:

Dwayne E Jorgensen, CIA, CFE
Global Practice Leader, Sarbanes-Oxley Services & IT Governance, CTG
Duluth, Georgia


Most organizations have tackled 302 compliance by developing ad-hoc cascading certifications which require several layers of management to sign off on the information prior to the CEO and CFO. In addition, most companies have attempted to satisfy by in many cases first-time documentation of the processes which create their financials, in order to satisfy 404 compliance criteria for their external auditors. Finally, most of the efforts to-date has been extremely labor-intensive, without establishing systems designed to improve process efficiencies, nor retain control
documentation in a reusable fashion, which will require significant efforts to
replicate the control analysis on both a quarterly and annual ongoing basis.
This is due in part to no clear front-runner in the marketplace in the development of a continuous monitoring solution. Now that the first year of 404 compliance has occurred, most CFOs are realizing that a significant
amount of the efforts previously spent on the attainment of their first 404 attestation will need to be spent again in 2005 on 302 and 404 efforts according to Gartner, 6 Billion will be spent in 2005.

This realization has significant impact on the current trend towards less is more coming from certain camps, especially pertaining to small-to-mid-cap companies. What is truly istressing are recent comments as quoted in CFO magazine that the issue is embedded in COSO itself, versus current efforts to satisfy Sarbanes-Oxley.

COSO, in its purest form, should be equally applicable regardless of size of organization. The key, of course, is in the application of the monitoring layer, using both management and an independent third party, and the frequency of the monitoring. The monitoring layer, along with the timing and depth, is actually what the current furor is about, not the other layers. Ironically, it was the abuse of this layer in recent years that lead to the collapse of huge companies, and the need for the Act in the first place.

The clear answer, for all size companies, is to increase the frequency, ideally to the opitmal state of continuous monitoring. The most logical, and cost-effective, way to accomplish this is through automation, to the extent possible, of the entire COSO model in the organization.

In my opinion, current efforts towards rethinking what has already been done, redirected towards this optimal solution of continuous monitoring,would have signficant benefit for companies of all size, and therefore, their shareholders as well.

Attachment 1: Dwayne Jorgensen short bio March 2005.doc
Attachment 2: Tip of the Compliance Iceberg.pdf
Attachment 3: SOX Automated Monitoring Position Paper-DEJ.pdf
Posted by Dwayne Jorgensen | May 18, 2005 09:54am

previous post next post
How I Fell Into the Uncanny Valley of Digital Marketing
Gold Medal Whining
Happy Birthday, iPhone; Bye, Bye BlackBerry
Happy Birthday, iPhone; Bye, Bye BlackBerry
This Is An Angry, But Positive Blog
« JULY 2017 »
Sun Mon Tue Wed Thu Fri Sat
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31      
Email to a Colleague
  Printer Friendly Version  
  RSS Feeds  
CFO Daily Briefing
CFO Weekly Briefing
Notify me of future events
Enter your email address to begin receiving updates on these topics.