|
Monday, December 20, 2004
Role Of Auditors Still Evolving; Accounting: Another Sarbanes-Oxley provision goes into effect in 2005
From Investor's Business Daily
As companies head into the new year, they're scrambling to comply with one of the most important -- and most complicated -- aspects of the Sarbanes Oxley Act.
The 2002 legislation was aimed at curbing financial malfeasance. These days, section 404 of that legislation has managers and accountants sweating. That section requires firms to review their internal controls, fix any that aren't up to snuff and evaluate those controls in their annual reports.
For most companies, the additional reporting must be included in the annual report for the first fiscal year that ends after April 15, 2005.
Tim Ryan, who heads the financial services audit and business advisory practice at accounting firm PricewaterhouseCoopers, says the law has brought a variety of changes for managers, audit committees and in-house and outside auditors.
IBD: Could you tell me a little more about section 404 and what that means for companies?
Ryan: Section 404 requires management to do a detailed assessment of the design of the (accounting) controls. Then it requires them to document that design. To the extent that they identify any holes or areas for improvement, it requires them to fix or remediate those holes.
After that's done, they're required to test those controls. Then the (external) auditor is required to test it.
In the first step, for example, when you're looking at the design of the controls, you have great guidance out there (from the Public Accounting Oversight Board), but it is still subjective and there's an element of judgment. You may feel you have the right controls in place, and I may feel differently, but it's not a matter of right or wrong -- it's a judgment.
The standard says there are three levels of control weakness. One is deficiency. With a deficiency, there's no reporting requirement. In other words -- and this isn't an official term -- it's a minor deficiency.
The next level is called a significant deficiency. A significant deficiency is required to go to the audit committee. But there is no external reporting with that.
A material deficiency is one that goes to the audit committee and goes to the outside world. When you look at the complexity of some of the financial services companies or of any company that hires branch sources, it's not likely that everybody is going to be perfect.
IBD: What is the role of internal auditors in this process? Do they bring problems to the company's attention?
Ryan: It depends. Some internal audit departments have been very involved with that initial assessment of the design.
Other companies use their internal audit departments in a testing function in that second step. Companies choose to use internal audit in that role because they're good at it, and when internal audit does the testing, the auditors place more reliance in it because that's an independent function of the testing as opposed to management.
But probably the most important role of internal audit is working with the other parties -- management and the audit committee and the external auditors -- to bring perspective on the magnitude of the control deficiencies. Internal auditors obviously have a very important seat at the table.
IBD: What is the role of the external auditor?
Ryan: I like to think what we bring to the table is a perspective of relative industry practices, an independent perspective when these control deficiencies are being recognized.
IBD: It sounds a labor-intensive process. Have companies had a hard time complying for that reason?
Ryan: It has been a challenge for companies from several perspectives. First, just the amount of time. To do that assessment at the level that Sarbanes-Oxley requires takes a lot of time. Second, most organizations want to be very well controlled. As they have identified deficiencies and worked very diligently to close the gaps, it has placed a lot of strain within the organizations.
So not only has it been time consuming and stressful to get gaps remediated, but there is a knowledge in the back of people's minds that decisions will be second-guessed.
IBD: You issued a report in which you said that 85% of financial managers are expecting more from external auditors these days. Could you tell me a little more about that?
Ryan: In a post-Sarbanes environment, the expectations of the external auditors have significantly increased.
Audit committee increasingly turn to us for independent views on things such as accounting policy and compliance.
Most audit committees are very concerned about reputation risk, areas such as key judgments about valuations. So we find ourselves talking more with our audit committees, and they expect more of us in those areas.
IBD: What are the biggest changes you've seen in the relationship between external auditors and management?
Ryan: I would say our role certainly has changed. We're being asked more questions and being included in decisions upfront. (Generally accepted accounting principles) are very complex, particularly in the financial services space.
Management has been diligent to get our experts involved early on as they approach transactions that are governed by very complicated and often subjective account principals.
posted by Anonymous @ 9:18 AM
 
0 Comments:
<< Home
|
|
