Corporate Governance Bulletin
SEC and PCAOB To Take Action on Section 404 Internal Controls Reporting Matters
The SEC recently announced a series of actions it and the PCAOB intend to take to improve the implementation of the internal control reporting requirements of Section 404 of the Sarbanes-Oxley Act of 2002.
These actions include:
• Providing Guidance for Companies. The SEC has received many requests for additional guidance for management on how to complete its assessment of internal control over financial reporting, as required by Section 404 of the Sarbanes-Oxley Act. In response, the SEC intends to take the following steps:
– The SEC plans to solicit public input on the management assessment process to ensure that the guidance the SEC ultimately proposes will address the needs and concerns of all public companies. The SEC will also seek input on the appropriate role of outside auditors in
connection with management’s assessment and on the manner in which outside auditors provide their attestation to assist in its consideration of possible alternatives to the current approach.
– The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is working to provide guidance on its 1992 Internal Control - Integrated Framework to address the needs of smaller companies. The SEC will consider the extent to which the additional COSO guidance is useful to smaller public companies in completing their Section 404 assessments.
– The SEC anticipates that it will issue guidance to management to assist in its performance of a top-down, risk-based assessment of internal controls. The SEC intends that this guidance will be scalable and responsive to the individual circumstances of companies of all sizes. The guidance will also be sensitive to the fact that many companies have already invested substantial resources to establish and document programs and procedures to perform their assessments over the last few years. The form of the guidance has yet to be determined.
• Revising Auditing Standard No. 2. The PCAOB intends to propose revisions to Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. The proposed revisions would:
– Seek to ensure that auditors focus during integrated audits on areas that pose higher risk of fraud or material error;
– Incorporate key concepts contained in the guidance issued by the PCAOB in May 2005
(discussed in our Corporate Governance Bulletin #29); and
– Revisit and clarify what, if any, role the auditor should play in evaluating the company’s
process of assessing internal control effectiveness.