Fall 2007 issue of Horizons

knowledge. commitment. value. CERTIFIED PUBLIC ACCOUNTANTS AND BUSINESS CONSULTANTS

• Permitting prior audit knowledge/experience AS2 required that each year’s audit should stand in its own and, therefore, this was interpreted as preventing the auditor from using knowledge obtained in prior years. Under the proposed new auditing standard, the auditor will be required to consider the results of prior years’ compliance testing in determining the risk of material misstatement. The proposed new auditing standard will not permit the rotation of testing. • Considering and Using the Work of Others The proposed new auditing standard eliminates the “principal evidence” provision, which was interpreted as limiting the auditor on using the work of others in performing its compliance work on ICFR. Under the proposed new auditing standard, the auditor will be given more judgment in determining the extent on using the work of others, and the PCAOB will be issuing a separate auditing standard on considering and using the work of others, which will supersede the current auditing standard (AU 322). The SEC proposed guidance is open for public comment for 60 days, and the PCAOB proposed new auditing standard is open for public comment for 70 days.

Information technology controls and application controls should be directly linked to a financial statement risk. IT-related controls that have no impact on financial statement accounts should not be part of management’s compliance effort for 404. PCAOB - AS 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements The PCAOB new proposed auditing standard is principles-based and designed to focus the auditor on the most important matters related to ICFR. The proposed new standard will replace Auditing Standard No. 2. The proposed new auditing standard codifies much of the guidance provided by the PCAOB on May 16, 2005, re- emphasizing the following principles: AS 5 directs the auditor to perform, at an account level, a risk assessment for the possible material misstatement of the financial statements . It also directs the auditor to consider entity-level controls and the likelihood these will be effective in detecting material misstatements. If deemed adequate, reliance can be placed on these higher-level controls without the need to compliance test process-level controls. The auditor will no longer be required to issue an opinion on management’s 404 assessment process. AS2 has been interpreted as requiring management to follow the auditors’ standard in order to obtain a “clean opinion” on management’s process. The auditor will still need to obtain an understanding of management’s process in order to determine the nature, timing and extent of its own procedures; however, the process does not need to comply with the auditors’ standards. • Directing the auditor to the most important controls… importance of risk assessments • Removing the requirement to evaluate management’s process

Questions? Contact Steve Newstead, CPA, FLMI Partner-in-Charge, Internal Audit Services Group 314-290-3325 steve.newstead@rubinbrown.com

Companies should not treat the above statements about proposed and final rules as a substitute for what might be adopted or for any other SEC or PCAOB requirements. Companies should not act on any of the above statements without first referring to the texts of the SEC requirements and consulting with professional advisors.

16 u winter 2007 issue