Practices

Attorneys

News

About Us

Careers
Search
Photo from Heller Ehrman's New York office
News & Events News Events Press Room
Newsletter Sign up to receive Heller Ehrman newsletters.
Contact Information:
Karen Dempsey

News & Events

SEC Adopts Section 404 Guidance; PCAOB Adopts New Auditing Standard

06.04.2007

Last December, the SEC proposed interpretive guidance and rule amendments designed to facilitate compliance with Section 404 of the Sarbanes-Oxley Act, which requires companies and their auditors to evaluate a company's internal control over financial reporting. At around the same time, the PCAOB proposed a new auditing standard for internal control evaluations.

On May 23, the SEC adopted the interpretive guidance and rule amendments substantially as proposed. On May 24, the PCAOB adopted the new auditing standard.

Section 404 Compliance Dates

Up until now, full compliance with Section 404 has been delayed for small business issuers, non-accelerated filers, and foreign private issuers with public floats of less than $75 million (collectively, "smaller public companies"). Now that the SEC guidance and new auditing standard have been released, there will be no further delays in the initial compliance date for these smaller public companies.

Initial compliance dates for smaller public companies and new public companies are as follows:

  • Beginning with annual reports filed for fiscal years ending on or after December 15, 2007, smaller public companies will have to include management's evaluation of internal control over financial reporting and the full text-version of the CEO and CFO certifications referencing management's responsibility for internal controls. However, in this first year the company would not have to include the related auditor attestation. Management's evaluation would have to disclose that the annual report did not include such an auditor attestation.
  • Beginning with annual reports filed for fiscal years ending on or after December 15, 2008, these companies would have to include both management's evaluation of internal control and the auditor attestation.
  • Companies undertaking an IPO, or other companies subject to Exchange Act reporting requirements for the first time, will not be required to provide either a management assessment or an auditor attestation of their internal controls until their second annual report.
SEC Guidance and Rule Amendments on Complying with Section 404

The new SEC guidance provides a principles-based and risk-based framework for doing internal control assessments and evaluations. The new framework, which is optional, is principally designed to assist smaller public companies and other companies that will be complying with the rules for the first time this year, although it may be used by any public company.

The principal features of the rule amendments include the following:

  • A safe harbor will provide that a company that conducts an internal control evaluation that follows the framework in the SEC guidance will satisfy the annual evaluation requirement of the rule.
  • Under the prior auditing standard a "material weakness" was deemed to exist if there was a more than remote likelihood that a material misstatement in the financial statements would not be prevented or detected on a timely basis. The new SEC rule and the new Auditing Standard No. 5 discussed below replace the term "more than remote likelihood" with "reasonably possible." The SEC is also proposing a new definition of "significant deficiency" to align with the revised definition in the new Auditing Standard.
  • A rule amendment will clarify that the auditor opinion will speak directly on the internal control over financial reporting, not management's evaluation process.
New Auditing Standard

On May 24, 2007, the PCAOB adopted Auditing Standard No. 5, An Audit of Internal Control That is Integrated with An Audit of Financial Statements. If approved by the SEC (as expected), the new standard will supersede Auditing Standard No. 2, which is currently being used for internal control audits.

The principal changes embodied in the new Auditing Standard include the following:

  • A top-down, risk-based approach intended to focus auditors on those areas that present the greatest risk that a company’s internal control will fail to prevent or detect a material misstatement in the financial statements.
  • Elimination of certain procedures, including the previous standard’s detailed requirements to evaluate management’s own evaluation process. In addition, the new standard allows auditors to take a risk-based approach in auditing multi-location companies, rather that requiring that auditors test a "large portion” of the company’s operations or financial position.
  • The new standard explains how to tailor internal control audits to fit the size and complexity of the company being audited.
  • The new standard includes revised definitions of "material weakness" and "significant deficiency."

The SEC release including the new guidance and the rule amendments has not yet been published. An SEC press release is posted here:
http://www.sec.gov/news/press/2007/2007-101.htm

The PCAOB press release on the approval of the new auditing standard is posted here:
http://www.pcaobus.org/News_and_Events/News/2007/05-24.aspx

   Click here for a printable version

Contact Us | About This Site | Disclaimer & Privacy | Unsubscribe | Employee Login | Attorney Advertising | © Heller Ehrman LLP 2007