Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments

Similar documents
SEC Votes to Propose Interpretive Guidance for Management to Improve Sarbanes-Oxley 404 Implementation

[RELEASE NOS ; ; FR-77; File No. S ]

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Business development companies

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

Evaluating Internal Controls

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Speech by SEC Staff: Remarks Before the 2006 AICPA National Conference on Current SEC and PCAOB Developments

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

Mr. Thomas Ray Deputy Chief Auditor Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC

2. The auditors' report on a corporation's financial statements usually is addressed to the president of the company.

AUDIT RESPONSIBILITIES AND OBJECTIVES

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

) ) ) ) ) ) ) ) ) ) ) ) PROPOSED AUDITING STANDARDS RELATED TO THE AUDITOR'S ASSESSMENT OF AND RESPONSE TO RISK

ABA Section of Business Law. Internal Control Reporting Under Section 404: An Update and Current Assessment. November 19, 2004

Report on Inspection of Ernst & Young Accountants LLP (Headquartered in Rotterdam, Kingdom of The Netherlands)

Chapter 06. Audit Planning, Understanding the Client, Assessing Risks, and Responding. McGraw-Hill/Irwin

STANDARD-SETTING UPDATE OFFICE OF THE CHIEF AUDITOR MARCH 31, 2018

American Accounting Association Auditing Section Auditing Standards Committee. RE: Invitation to Comment on PCAOB Rulemaking Docket Matter No.

Standing Advisory Group Meeting

SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017

covered member immediate family impaired not a covered member close relative not impaired

up Texas Society of ~ Certified Public Accountants

α β 19 November 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

Present and functioning: Fine-tuning your ICFR using the COSO update

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

2013 INSPECTION OF ENTERPRISE CPAS, LTD.

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

STANDING ADVISORY GROUP MEETING

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

STANDING ADVISORY GROUP MEETING

2013 INSPECTION OF GEORGE STEWART, CPA

Auditing Standard 16

STANDARD-SETTING UPDATE OFFICE OF THE CHIEF AUDITOR SEPTEMBER 30, 2017

Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

Chapter 02. Professional Standards. Multiple Choice Questions. 1. Control risk is

Auditing & Assurance Services, 7e (Louwers) Chapter 2 Professional Standards

STANDING ADVISORY GROUP MEETING AUDITOR'S REPORTING MODEL MAY 18 19, 2016

Case #1.1 Waste Management: The Matching Principle

February 23, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

February 23, Public Company Accounting Oversight Board Office of the Secretary 1666 K Street, N.W. Washington, D.C.

STANDARD-SETTING UPDATE OFFICE OF THE CHIEF AUDITOR DECEMBER 31, 2017

Public Company Accounting Oversight Board

STANDARD-SETTING AGENDA OFFICE OF THE CHIEF AUDITOR JUNE 30, 2016

Via November 21, 2003

CABOT OIL & GAS CORPORATION AUDIT COMMITTEE CHARTER

November 21, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

ABA. Defending Liberty Pursuing Justice AMERICAN BAR ASSOCIATION

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

Report on Inspection of K. R. Margetson Ltd. (Headquartered in Vancouver, Canada) Public Company Accounting Oversight Board

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

COSO 2013: Updated internal control framework

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

STANDING ADVISORY GROUP MEETING DESIGNING AND IMPLEMENTING A SYSTEM OF QUALITY CONTROL OCTOBER 13-14, 2010

) ) ) ) ) ) ) ) ) ) ) ) REPORTING ON WHETHER A PREVIOUSLY REPORTED MATERIAL WEAKNESS CONTINUES TO EXIST. PCAOB Release No July 26, 2005

G13 - ITGCs Role in Internal Control over Financial Reporting William J. Powers

ASC 606 Transition: The role of ICFR and Auditor Expectations. Presented by Dave Christensen, Managing Consultant, Finance & Accounting February 2017

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

STANDING ADVISORY GROUP MEETING

American Society of Corporate Secretaries. November 21, 2003

An Overview of the 2013 COSO Framework. August 2013

STANDING ADVISORY GROUP MEETING OCA CURRENT STANDARD-SETTING AGENDA APRIL 7-8, 2010

Auditing and Attestation (AUD) - Content Outline Effective January 2014

Community Bankers Conference

The New COSO Framework: Avoiding Deficiencies and Driving Change

Report on Inspection of KPMG AZSA LLC (Headquartered in Tokyo, Japan) Public Company Accounting Oversight Board

1095 Avenue of the Americas New York, NY Peter M. Carlson Executive Vice President and Chief Accounting Officer

IAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

Report on Inspection of Deloitte & Associes (Headquartered in Neuilly-sur-Seine, French Republic) Public Company Accounting Oversight Board

ISA 240 (Redrafted), The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

IAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

2016 INSPECTION OF BHARAT PARIKH & ASSOCIATES CHARTERED ACCOUNTANTS. Preface

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

Reliable Financial Reporting. Evaluating Deficiencies in Internal Control Over Financial Reporting

Implementing the new revenue guidance in the manufacturing industry

STAFF QUESTIONS AND ANSWERS

International Standard on Auditing (UK) 701

SA 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL

STANDING ADVISORY GROUP MEETING OCA CURRENT STANDARDS-SETTING AGENDA OCTOBER 14-15, 2009

Good morning. I m pleased to be with all of you today here in Washington, a city that often gets a bad rap.

Report on Inspection of KPMG Cardenas Dosal, S.C. (Headquartered in Mexico City, United Mexican States)

PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD

) ) ) ) ) ) ) ) ) ) ) )

SECURITIES DISCLOSURE

Concordia University College of Alberta. Master of Information Systems Security Management (MISSM) Program Ada Boulevard, Edmonton, AB

AUDIT COMMITTEE CHARTER DATED AS OF AUGUST 5, 2010

Auditing Standard No. 2 vs. Auditing Standard No. 5: Implications for Integrated Audits and Financial Reporting Quality

SAS Teleconference

31 May Dear Ms. Brown:

1666 K Street, NW K Street, NW Washington, D.C Telephone: (202) Facsimile: (202)

Chapter 02. Professional Standards. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Financial Reporting On the Internet

US U.S. AAM vs. DTTL AAM A Refresher Deloitte Touche Tohmatsu

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Transcription:

Home Previous Page Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments by Josh Jones Professional Accounting Fellow, Office of the Chief Accountant U.S. Securities and Exchange Commission Washington, D.C. December 10, 2007 As a matter of policy, the Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or other members of the SEC staff. The overall objective of the requirement for management to evaluate the effectiveness of its internal control over financial reporting ("ICFR") under Section 404 of the Sarbanes-Oxley Act (the "Act") is to disclose to investors information about the quality of a company's internal controls to utilize when making investment decisions. Earlier this year the Commission issued interpretive guidance (the "guidance") and adopted certain amendments to Regulation S-X to help management comply with Section 404 more cost effectively. While clearly one of our objectives was to improve the efficiency of the evaluation, I thought I would spend my time today discussing four aspects of the guidance that were intended to improve the effectiveness of the evaluation as well. These four aspects are: 1. Evaluation of the design of a company's ICFR 2. Focus on areas of higher risk 3. Evaluation of deficiencies 4. Disclosures of material weaknesses Evaluation of Design During the first phase of the evaluation, the guidance directs management to http://www.sec.gov/news/speech/2007/spch121007jj.htm (1 of 5) [12/12/2007 6:52:24 AM]

identify financial reporting risks. Once management has identified these risks, it must ask itself two questions: 1. Do I have controls in place that address these risks? 2. If so, are they designed such that they can effectively prevent or detect misstatements that could result in material misstatements in the financial statements? Reliable and informative disclosures to investors about ICFR require thoughtful and critical consideration of these questions early in the evaluation process. This often takes judgment, but the answers have a significant impact on both the amount of effort needed to conduct the evaluation and the quality of management's conclusion. For example, if the answer to either of these two questions is "no," a deficiency exists in the design of its controls that management must evaluate to determine if it is a material weakness. If management concludes the deficiency in design is a material weakness, then no further testing of operating effectiveness is necessary for the purposes of deciding whether it should be disclosed. This illustrates how the early identification of a design deficiency should impact the number of controls subject to management's evaluation procedures, which should also have a direct correlation to the effort required. The evaluation of design is fundamental to the quality of the assessment process as well. For example, the early identification of design deficiencies can provide management with information about control weaknesses before they result in a material misstatement in the financial statements. Also, the guidance directs companies to specifically consider the risks of fraudulent financial reporting and whether it has controls in place to adequately address those risks. This emphasis is consistent with the notion that addressing the risk of fraud is important to achieving reliable financial reporting and that such controls are integral to an effective system of internal control. Investors are entitled to know when a company's controls are not adequate to address material fraud risks, and companies should recognize that the identification of fraud risks does not mean that a fraud has occurred just as it should not take an incident of fraudulent financial reporting to recognize that fraud risks exist. These examples hopefully illustrate how a critical review of the design of the controls implemented to address financial reporting risks, which includes the proper involvement of senior management, plays an integral role in management's annual assessment process. Focus Effort on Areas of Higher Risk After management has determined that its controls are designed effectively, during the next phase of the evaluation, the guidance directs management to evaluate whether the controls identified actually operated in a manner consistent with their design. It is important to note, however, that the objective of the guidance wasn't on simply gathering less evidence, but on focusing management's methods and procedures on the areas most critical to ensuring reliable financial reporting. A review of assessment reports from the first three years of ICFR reporting show that a majority of material http://www.sec.gov/news/speech/2007/spch121007jj.htm (2 of 5) [12/12/2007 6:52:24 AM]

weaknesses related to areas such as revenue recognition, income tax accounting, liabilities and reserves 1 that are generally considered higher risk because they are typically subject to significant judgment or complex accounting requirements, and are common sources of restatements. Given the importance of areas such as these to a company's financial reporting, the framework provided in the guidance requires management to gather more evidence in higher risk areas, while at the same time provides flexibility in the evidence needed to support the effective operation of controls in lower risk areas. I should highlight that the guidance in this area is supplemented with a diagram that we believe is helpful to illustrate how this framework is intended to be applied. Focusing management in this manner should help foster the earlier identification and remediation of deficiencies in internal control, and ultimately, provide more timely and reliable information for investors. Evaluation of Deficiencies A third aspect of the guidance that was intended to improve the effectiveness of the evaluation relates to the evaluation of deficiencies. A review of material weakness disclosures has indicated that a majority were the direct result of the identification by either management or its external auditor of material or numerous adjustments associated with the preparation of the year-end financial statements. 2 Two questions arising from this information are: 1) whether the weakness, in fact, resulted in a control breakdown during the fourth quarter of the year or if a weakness existed in the company's internal control prior to then that should have been identified and 2) whether other material weaknesses existed at year-end that were not reported because they did not result in a material adjustment to the financial statements? These are critical questions in determining whether investors are provided with appropriate disclosures. With regards to the first question, management should consider the root causes of each material weakness and whether its internal control system is designed to identify material weaknesses prior to the identification of an adjustment in the financial statements. When evaluating these situations, management should be mindful of the need to consider the effectiveness of its entity-level controls, including its risk assessment and monitoring activities, and how those programs inform its process for identifying and evaluating changes in its ICFR for the purposes of making its quarterly certifications. This will help it determine if its internal control system is designed to provide it with timely information about control weaknesses and if not, why this fact doesn't represent a material weakness that should be disclosed to investors. While control deficiencies cannot ever be completely eliminated, a control system's ability to provide timely identification of control breakdowns that is, before they result in errors in the financial statements is an important component of effective internal control systems as prescribed by control frameworks such as COSO. With regards to the second question regarding the existence of other material weaknesses, the data indicates that management, as well as auditors, may http://www.sec.gov/news/speech/2007/spch121007jj.htm (3 of 5) [12/12/2007 6:52:24 AM]

often be placing primary reliance on the occurrence of a material adjustment and/or misstatement as the decisive factor in its evaluation of whether or not a deficiency represents a material weakness. However, it is important to remember that this is not a pre-condition to the determination that a material weakness exists. Said differently, it does not take an error in the financial statements to have a material weakness. Instead, management is expected to use all of the facts and circumstances surrounding the deficiency, or combination of deficiencies, when evaluating whether or not a reasonable possibility exists that a material misstatement could occur in the company's annual or interim financial statements. In addition, if a deficiency exists, but a compensating control leads management to conclude that a deficiency represents only a significant deficiency, then the company's evaluation process will need to have evaluated the design and operation of such compensating controls and have support for the effectiveness of those controls as well. The guidance includes a number of considerations to assist management in making all of these determinations, and while these decisions are complex and require management to utilize significant judgment, they are critical to providing investors with the information envisioned by the Act. Companies should understand that, in certain situations, the staff may request information about management's evaluation of deficiencies in order to gain an understanding of how a company evaluated those deficiencies that were determined to be less severe than a material weakness. Material Weakness Disclosures The last area I would like to discuss relates to management's disclosure of the results of its evaluation. The disclosure of material weaknesses in management's assessment report was intended to provide investors with robust information about their actual (if any) and potential effect on a company's financial reporting. However, a common criticism of the disclosures is that the descriptions provided makes it difficult for investors to understand their impact. The interpretive guidance contains a number of items management should consider including in its disclosures to help provide investors with sufficient information to use in their assessment of the risks to the reliability of the company's financial reporting. For example, the guidance explains that the description of material weaknesses would be more helpful if it allows investors to distinguish between those that may have a pervasive impact and those that do not. An example of a pervasive impact could be one that impacts an entire division, an entire process, or all of ICFR. Again, a review of material weakness disclosures illustrates that companies with ineffective ICFR disclose, on average, two or more material weaknesses. 3 In addition, greater than 50% of the disclosures included a weakness due to a lack of resources in personnel or technical expertise. 4 Disclosures of these weaknesses often conclude that the cause was isolated to the specific area where the issue was discovered. However, given that these weaknesses are generally accompanied by others, a question arises as to whether other problems exist http://www.sec.gov/news/speech/2007/spch121007jj.htm (4 of 5) [12/12/2007 6:52:24 AM]

within the company's system of internal control, such as in its risk assessment or monitoring programs, that were the underlying cause of the deficiency. Said differently, is the material weakness disclosed representative of the issue resident in the company's control system or is there another, more pervasive material weakness that should have been identified and disclosed. While the discovery of multiple material weaknesses does not automatically indicate deficiencies in these areas of entity-level control, such deficiencies may be important to investors given their pervasive impact on ICFR, and management should be mindful of this when evaluating and communicating the results of its assessment. As part of our review of material weakness disclosures, the OCA staff provide input into the Division of Corporation Finance's review of filings to the extent these disclosures can be improved along the lines suggested in the interpretive guidance. Conclusion In closing, I hope the examples provided help illustrate how the Commission's interpretive guidance was intended to improve both the efficiency and effectiveness of the evaluation. On another quick note, the Commission has created a brochure as a complement to the interpretive guidance that provides an easy-to-use summary of the requirements for management's assessment and reporting. It was intended to help make management's first assessment easier and is available on the Commission's website. This concludes my remarks. Thank you. Endnotes 1Per Audit Analytics as of October 19, 2007 2 Per Audit Analytics as of October 19, 2007, approximately 55%, 70% and 67% of material weaknesses in Years 1, 2 and 3, respectively, were as a result of the identification of numerous and/or material adjustments in the preparation of the year-end financial statements. 3Per Audit Analytics as of October 19, 2007 4Ibid http://www.sec.gov/news/speech/2007/spch121007jj.htm Home Previous Page Modified: 12/11/2007 http://www.sec.gov/news/speech/2007/spch121007jj.htm (5 of 5) [12/12/2007 6:52:24 AM]

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback