PCAOB Revises AS2

A new version of the controversial auditing standard has gone to the SEC for review, CFO.com has learned.

The Public Company Accounting Oversight Board has submitted a draft of changes to the Securities and Exchange Commission for its Auditing Standard 2, a guideline that many, including the SEC and participants of the Sarbanes-Oxley roundtables, have wanted revised.

AS2 has been criticized because auditors, who use it to audit a company’s internal controls over financial reporting as mandated by Sarbox Section 404, appear to use it too conservatively. At the same time, companies that used AS2 as a default framework to prepare for such audits appear to have done far more work than necessary.

The PCAOB’s proposed revisions will simplify the standard, PCAOB board member and former acting chair Bill Gradison told CFO.com. The revised AS2, he said, “is going to be a much shorter version and will incorporate a lot of the changes that we have focused on in our stress on efficiency.”

At the same time, he added, “We will be dropping out the sections which have been used by issuers as a sort of default position of what they have to do.” Instead, he said, “the SEC will be filling that gap — their role is to issue rules for issuers and ours is for auditors.”

Realizing that some public companies have been using AS2 as a guidance for their own internal controls, the Securities and Exchange Commission has been working on ways to give them more guidance, Gradison said during one of the PCAOB’s “Forum on Auditing in the Small Business Environment” in Boston.

As of Friday, Gradison said, the SEC had not reviewed PCAOB’s draft of a revised AS2. There will likely be an informal back-and-forth discussion between the two organizations before the PCAOB will release the revisions for 60 days of public comment. After the PCAOB finalizes its version of the rule, the SEC, which oversees the PCAOB, will also have a public-comment period before the rule is formally adopted.

The core principles of AS2 haven’t changed, Bryan Morris, assistant chief auditor of standards for PCAOB, said during the forum. “We have made efforts to streamline the standard to make it as clear and concise and easy to read for most auditors and some non-auditors,” he said.

Many of the proposed changes relate to confusing definitions: The PCAOB tinkered with how “significant deficiency” and “material weakness” are defined, for example, to clarify where control holes, if any, lie. And they have attempted to explain that materiality for an internal control audit and the audit of financial statements are the same concept, even though many have assumed AS2 mandates they be separate.

In addition to tweaking the language, the PCAOB hopes to clarify that auditors do not need to evaluate how CFOs come up with their assessments of internal controls. While this may give the auditor a sense of how a CFO views risk, for example, it’s not necessary for the audit, Keith Wilson, PCAOB’s associate chief auditor of standards, said during the forum.

That change likely will please many corporate executives. Perhaps the top complaint about 404 voiced at the first SEC roundtable was that auditors must opine on management’s own assessment of internal controls. Since auditors already issue their own opinion about internal controls, the second auditor’s opinion was widely considered by business to be a duplicative and unnecessarily costly addition.

“The auditor’s role with management’s assessment was never intended to be a full-blown audit of management’s assessment process,” Wilson said. “The opinion was and is intended to be on management’s conclusion as stated in their report about whether or not internal controls are effective. Apparently there’s been a good bit of misunderstanding on that point where auditors felt compelled to do a very thorough examination of management’s assessment process with the objective of opining on how good the process was.”

During the PCAOB’s Standard Advisory Group meeting in mid-June, the group’s chairman and PCAOB chief auditor, Tom Ray, presented potential changes to AS2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction With An Audit of Financial Statements, which include:

• Incorporate key concepts and direction into AS2 from previous guidance and clarification.

• Clarify the auditor’s role regarding the effectiveness of company controls.

• Reconsider the “strong indicators of a material weakness” to allow for more judgment in determining whether a deficiency exists.

• Clarify materiality and scoping where appropriate.

• Emphasize the integration of the audit of internal control with the audit of the financial statements.

• Allow for and promote auditors’ use of experience gained in previous years’ audits to focus and make most efficient the work in subsequent years.

Discuss

Your email address will not be published. Required fields are marked *