Risk Management

SEC Tells Staff to Revise AS5

Commissioners gave the SEC staff the go-ahead to work with the PCAOB on making the proposed internal-control auditing standard less prescriptive an...
Sarah JohnsonApril 5, 2007

The Securities and Exchange Commission is sending its accounting staff to work with the Public Company Accounting Oversight Board on additional revisions to the auditing standard that has been criticized by public companies and legislators for creating costly audits of internal controls.

At a Wednesday SEC hearing, staff members of the Office of the Chief Accountant asked the commissioners for permission to work with the PCAOB to address several concerns that were raised during the current public comment period on the revised Auditing Standard No. 2 — which both regulators loosely refer to as AS5. Saying the staff will be “fine-tuning” AS5, the commissioners voted unanimously on all the staffers’ requests.

The staff will now work on matching the tone and wording of AS5 with the SEC’s revised guidance for company management on complying with Section 404, the Sarbanes-Oxley Act’s provision for management’s assessment of internal controls over financial reporting. They will also work with the PCAOB to incorporate more principles-based language into AS5, clarify how the new standard is scalable for companies of all sizes, and adopt a less prescriptive approach for how auditors will decide to use the work of others, such as a company’s internal auditors.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

Both the SEC and the PCAOB released their revisions to Section 404 and AS2, respectively, in mid-December and each received more than 150 comment letters from CFOs, investor groups, legislators, and audit firms by their February 26 deadline. In many of those letters, CFOs said the two standards were not aligned and were incompatible, while others said the tone and wording of the proposed rules were too different. Some said the proposals wouldn’t produce any improvement in corporations’ and auditors’ reviews of internal controls over financial reporting.

Since then, the SEC and the PCAOB have talked informally about the issues the letter writers raised, and PCAOB members have thought about how it will revise AS5, said Mark Olson, chairman of the PCAOB. “I anticipate that the board will be able to make several improvements, including further streamlining the standard in order to provide additional flexibility to promote scalability, avoid unintended consequences, and address valid concerns,” he said.

SEC chairman Christopher Cox said he wants those improvements made before spring ends. He wants the new auditing standard ready for SEC approval by the end of May or early June, so that the audit firms can reference it for their 2007 financial statement audits.

The PCAOB was created by Sarbox as a non-government, corporate agency that falls under the SEC’s purview. As the watchdog and standard-setter for audit firms, the PCAOB’s budget and rules need the SEC’s approval. The PCAOB’s standards “couldn’t take effect if the SEC does not accept them,” Cox said.

The two most cited concerns raised in the comment letters — several of which were sent to both regulators — was the issue of alignment between the proposed standards and how the revisions will apply to small businesses. The SEC has repeatedly pushed back the deadline for non-accelerated filers — those companies with a public float of $75 million or less — to comply with Section 404 and its sister auditing standard. Even after the SEC made changes, lawmakers said the commission hadn’t done enough to address small businesses’ concerns. At the Wednesday, hearing, Cox noted that this issue has been raised by several lawmakers, including Senators Chris Dodd and John Kerry and Congressman Barney Frank. On the other hand, investor groups worry that the SEC will “roll back” Sarbox too far and risk allowing loose audits of internal controls to occur.

To address concerns of small companies that have yet had to comply with Sarbox, the PCAOB noted in AS5 that auditors should keep in mind a company’s size and complexity when conducting an audit. The SEC staff wants to open up the standard so that this section could apply to less complex organizations, such as a large company that has only one complex accounting area. Audits should be scaled to account for the particular circumstances of companies of varying size and complexity, according to the staffers. “We think the PCAOB could better illustrate for auditors” how to address this issue, said Nancy Salisbury, senior associate chief accountant.

Those companies that are Sarbox-compliant have said their audit bills have gotten more expensive since AS2 took effect. They have noted to regulators several instances where auditors seemed to have taken an overly conservative approach and sometimes focused on areas that had little or no connection to financial statements. By adopting a top down, risk based approach with AS5, the PCAOB has said it hopes auditing bills will be cheaper as the standard would encourage auditors to focus on only those areas that could lead to a material misstatement.

AS5 is also intended to give more leeway for the use of professional judgment and eliminate any auditor’s tendency to use a checklist process. But the disconnect between the SEC’s overly vague tone and wording for the revised 404 and the heavily prescriptive language for AS5 could just lead to confusion, CFOs wrote in their comment letters. The result would be finance departments still using the PCAOB guideline as a de facto management guidance to calm their audit firms’ nerves, they wrote.

Olson said he agrees with the sentiment and plans to address the issue. Although the guidelines for management and the auditors are connected, “we must not lose sight of the fact that management and the auditor have different perspectives on the company’s internal controls, and the assessment and audit have different objectives under Section 404,” Olson said.

Olson read from a prepared statement and was not asked any questions by the commission.

Understanding Which ERP Modules Your Business Needs – And When