Firm Overview Video
Subscribe(Text for those without flash or javascript) Fulcrum's professionals are experienced CPAs, MBAs, ASAs, CFAs, affiliated professors and industry specialists Our expertise encompasses damages analysis, lost profit studies, business and intangible asset valuations, appraisals, fraud investigations, statistics, forensic economic analysis, royalty audits, strategic and market assessments, computer forensics, electronic discovery and analysis of computer data.
SEC and PCAOB Each Pass Rules Easing Section 404 Requirements
May 2007
Library Sections:
- Expert Testimony
- Damages Analysis
- Investigations and Forensic Accounting
- Computer Forensics / Electronic Discovery
- Sarbanes-Oxley Whistleblower Solutions
- Valuations and Appraisals
- Financial Reporting
- Tax Advice and News
- Other Current Events and Economic Commentary
- Financial Calculators and Related Advice
Last week, the Securities and Exchange Commission (SEC) unanimously approved “interpretive guidance” to Section 404 of the Sarbanes-Oxley Act. Section 404 is the costly rule mandating an assessment and reporting on internal accounting controls. The revisions are intended to ease the regulatory compliance for public companies by allowing them to tailor their assessments of internal accounting controls to the scale of the business. Although small public companies (those with market capitalization of under $75 million) will now have to comply with the law, those businesses already burdened with an overly mechanical application of the existing standards will be pleased with the regulatory relief.
The new rules will apply to 2007 financial statements, thus providing immediate benefits. The Sarbanes-Oxley Act itself is not changed, but the rules promulgated to apply the statute have been changed.
Absent these changes occurring, Congress would have likely amended Section 404. In the three years since Section 404 became effective, businesses’ complaints of cost exceeding related benefits raised concerns about the competitiveness of American capital markets. The reduced rules described below are a better solution than a complete rollback of Section 404.
The SEC’s Revisions
The new rules include the following:
1. Management needs to exercise judgment to determine areas that are both material and pose a risk to reliable financial reporting. Controls must be identified which address these risks. Once these risks and controls are identified, it is not necessary to include additional controls in management’s evaluation.
2. Auditors are now required to issue only one opinion on internal controls, instead of the two opinions on internal controls that are currently required. The remaining auditors’ opinion evaluates the effectiveness of internal control over financial reporting. The eliminated opinion involves management’s assessment of the effectiveness of internal control, which will now be encompassed in the single opinion. The hope is that, by decoupling the process of management’s assessment from the auditors’ standards, (i) management and auditors will not mechanically look to the audit standards for guidance in performing management’s assessments, and (ii) the auditors can appropriately focus their attention on the end results.
3. Documentation of the above process must occur, but the documentation can take different forms, and can be presented flexibly. The documentation does not need to include all controls within a process that ultimately affects financial reporting. The documentation can also include "ongoing daily interaction" of the business, such as information recorded in routine internal reports and memos, as evidence to support management’s evaluation of their companies' controls.
The revised rules are generally well received. The only large exceptions are (i) the large accounting firms, who enjoyed the work that is being eliminated, and (ii) some companies with a less than $75 million market capitalization, who were hoping to get a permanent exemption from Section 404. The SEC rejected further implementation delays for the smaller companies, concluding instead that the new guidance will simplify Section 404 reporting to a sufficient extent that further delays for the smaller companies are unnecessary. For these smaller public companies, a Section 404 assessment must be part of calendar 2008 reporting.
The PCAOB’s Revisions
As expected, the day after the SEC’s action, the Public Company Accounting Oversight Board (PCAOB) voted to adopt Auditing Standard 5, “An Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements” (AS5). AS5 replaces the PCAOB’s previous internal control standard. AS5 is also effective for all calendar year 2007 audits.
AS5 redefines a material weakness. A material weakness must be reported to the audit committee and the external auditor, and then reported in the 10K. The definitional change will likely decrease the likelihood that an internal control problem is regarded as material.
Similar to the SEC’s guidance described above, AS5 focuses the audit on the areas that present the greatest risk. It provides auditors a range of alternatives for addressing lower-risk areas. The audit is to use a top-down approach, meaning that the testing of lower-level controls is affected by the assessment of the higher-level risks and controls. The principles-based testing requires judgment, rather than following a mechanical roadmap.
Fulcrum Inquiry is an
accounting and
financial investigation firm. We assist lawyers and their clients with complex measurements and
valuations.