July 29, 2007

AS 5: The Latest Chapter in the SOX 404 Saga

Following an extended comment period, Auditing Standard No. 5, which supersedes AS 2, was approved by the SEC on July 25, 2007.  Now that another chapter in the regulatory saga of SOX 404 is complete, it is time once again to take stock of what has (and not) been accomplished by Congress, the SEC and the PCAOB.

Frederick Lipman, founder and president of the Association of Audit Committee Members, Inc. (AACMI) trenchantly observed as follows in a recent communication to its members (Fred is also the leader of the securities law practice at Blank Rome LLP):

“The corporate corruption scandals which motivated the Sarbanes-Oxley Act of 2002 were the result of fraud by CEOs and CFOs and it is unclear how Section 404 mitigates this risk, since internal controls can be overridden by the CEO or the CFO.  The SEC has conceded as much in  SEC Release No. 33-8810 (June 27, 2007) which contains the following revealing comment: 

‘ICFR cannot provide absolute assurance due to its inherent limitations; it is a process that involves human diligence and compliance and is subject to lapses in judgment and breakdowns resulting from human failures.  ICFR also can be circumvented by collusion or improper management override.  Because of such limitations, ICFR cannot prevent or detect all misstatements, whether unintentional errors or fraud.  However, these inherent limitations are known features of the financial reporting process, therefore, it is possible to design into the process safeguards to reduce, though not eliminate, this risk.’ [Emphasis supplied by Lipman] 

It therefore remains questionable whether any of the corporate corruption scandals would have been avoided by the costly internal controls mandated by the regulators.  The regulators are to be congratulated, however, for at least attempting to mitigate some of these costs by adopting Auditing Standard No. 5.”

I have long argued that SOX 404 was flawed, and that investors would have been better served by requirements for mandatory audit firm (as opposed to partner as provided in SOX).  I'll explain why I feel that way in a subsequent post.  I'll also be commenting on the new definitions of 'material weakness' and 'significant deficiency' as used in both AS 5 and SEC rules.

Other Things You Were Dying to Know about AS 5

The new standard is effective for audits of internal control over financial reporting (ICFR) required by Section 404(b) of SOX for fiscal years ending on or after November 15, 2007.  Earlier adoption is permitted, but auditors who elect to comply with AS 5 before its effective date must also comply at the same time with PCAOB Rule 3525, and other PCAOB standards as amended by Auditing Standard No. 5.  Auditors who do not elect to comply with AS 5 before its effective date must nonetheless use the kinder and gentler definition of "material weakness" contained in AS 5.

PCAOB Rule 3525, relating to auditor independence, requires auditors to comply with specific documentation and other procedures when requesting audit committee pre-approval of internal control-related services.  Similar requirements were contained in AS 2, and they parallel the auditor’s responsibilities in seeking pre-approval to perform tax services for an audit client under PCAOB Rule 3524.

Jul 29, 2007 10:49:14 PM | SOX

1 Comment

Rick Julien

Tom

I only have time for a quick reply

You and I have discussed this before during some presentations.....I respectfully disagree with you and Fred on this. The effectiveness of SOx 404 if effectively implemented and audited will work in most cases. It is not about any specific requirement but the interrelated nature of the entity level controls that will created an environment that there will need to be substantial collusion for financial fraud to continue for any amount of time. An active, knowledgeable audit committee, an effective hot line , ethics training, sub certifications, qualified financial reporting staff, a thoughtful 302 disclosure committee, a strong internal audit function etc etc

This really requires a strong active audit committee that believes in good corporate governance .........

SOx has been a good thing for our capital markets
Rick

Posted by: Rick Julien | August 06, 2007 at 07:42 PM

The comments to this entry are closed.

NEXT POST
EITF 07-03: Which Part of 'Nonrefundable' Doesn't EITF Understand? EITF Consensus 07-03, Accounting for Nonrefundable Advance Payments for Goods or Services to Be Used in Future Research and Development Activities, is very straightforward and basic; so much so that it might require less than one class period of Accounting 101 to discuss thoroughly. Here is a typical fact pattern: Entity A outsources R&D activities to Entity B, who requires a nonrefundable advance payment. Should Entity A capitalize or expense the advance payment? Proponents of the asset/liability view (i.e., expense measurement based only on changes in assets and liabilities) would support immediate expensing; proponents of the competing revenue/expense view (i.e.,...
PREVIOUS POST
FAS 158: Pension Accounting Crawls its Way Towards Reality The FASB has belatedly, and only half-way closed the proverbial barn door on misleading pension accounting in FAS 158. In re-measuring pension assets and liabilities on the balance sheet, Paragraph 16a of SFAS 158 requires that the effect on equity of the transition to FAS 158 be reflected as an adjustment of the ending balance of accumulated other comprehensive income (AOCI). This would have taken effect on December 31, 2006 for calendar year-end companies. Apparently, however, a significant number of companies (I wish I knew how many) have not fully complied with the FAS 158 transition rules--by incorrectly reporting the...

Tom Selling

Professor Emeritus of Accounting, now working as an independent provider of consulting, training and litigation support services.

The Typepad Team

Search

My Other Accounts

Recent Comments