PCAOB warning on AS5 might lead to big changes

Just a few years ago, Section 404 of Sarbanes-Oxley was once a front-burner issue, as companies large and small struggled to get their internal processes right--to the liking of their auditors anyway.

When AS5 replaced AS2 back in 2007, it was generally seen over time as an improvement, as AS2 was considered onerous and misguided. But now the Public Company Accounting Oversight Board (PCAOB) has warned that eight big audit companies have fallen short when it comes to AS5, reviving 404 as a big issue.

The report found that roughly 15 percent of the 309 audits examined by the board "failed to obtain sufficient audit evidence to support their ICFR audit opinions."

The report concentrated on audits that were reported in 2010. For 2011 audits, the board says the early indications are that the percentage will climb to about 22 per cent. More than 80 percent of the 2010 internal control audits that failed to gather enough evidence also failed to sufficiently support financial statement audit opinions.

The common deficiencies include "failures by the auditors to identify and sufficiently test controls that address the risk of material misstatement; sufficiently test the design and operating effectiveness of management review controls; obtain sufficient evidence to test controls from an interim date to the company's year-end (the roll-forward period); sufficiently test system-generated data and reports that support important controls; sufficiently perform procedures regarding the use of the work of others; and sufficiently evaluate identified control deficiencies and consider their effect on both the financial statement audit and on the audit of internal control," notes Accounting Today.

Audit companies and their clients alike will have to address this going forward. It may be that the zeal and anxiety generated by Section 404 abated to the point where auditors and clients went a bit lax, got a bit too comfortable.

Some review and enhancements are now in order. The last thing you want is for this to expand as a compliance issue. The inspections included audits by BDO Seidman, Crowe Horwath, Deloitte, E&Y, Grant Thornton, KPMG, McGladrey and PwC. -Jim