The good news is that regulators at the Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC) are hard at work on revisions to Auditing Standard No. 2 (AS2) and the SEC's own management guidance on how to properly assess internal controls. The bad? A final set of guidelines will not likely go into effect soon enough to help companies through the current calendar year reporting cycle. According to recent Con- gressional testimony by SEC chairman Christopher Cox, a final report is expected sometime in the first half of 2007. But that doesn't mean a lot won't happen between now and then. Speculation has it that the initial versions could be released for public comment as early as the end of October. According to SEC spokesman John Nester, the Commission's goal has been to release "the proposed revisions to simplify AS2 contemporaneous with the management guidance that the SEC intends to promulgate so issuers know what's expected of them."


Speaking at Treasury & Risk's recent Governance and Risk conference Sept. 20, PCAOB Chief Auditor Thomas Ray outlined what he considered the top priorities for reforming AS2. "I do believe we have to push harder to get more improvements and efficiencies into the system [of 404 audits]," Ray told the conference. "It is of national importance that the 404 process should be made more efficient. The changes [to AS2] won't make the process easy, but they should make it more manageable."


According to Ray, one set of changes will likely include incorporating the May 2005 guidance emphasizing a risk-based, top-down approach to each company audit as a way of ensuring that only material controls are audited. It would also encourage auditors to rely on internal audit and management work when there seems no reason to retest. The PCAOB is also considering changing the definitions of "significant deficiency" and "material weakness" with the goal of getting auditors to focus on identifying material weaknesses rather than uncovering all deficiencies. "I want to make clear that the auditor's job is not to approve of whether management's assessment process was adequate," Ray said. "The auditor should form an opinion on whether the company's internal controls are effective and on whether management's conclusions and disclosures are fairly stated."

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including and

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.