For 2007 annual reports, smaller public companies need to assess their internal control over financial reporting. Show
It doesn't have to be a chore. Beginning Your EvaluationStep 3 — Reporting Your Conclusions on Overall Effectiveness, and DeficienciesYour company's 2007 annual report will include your assessment of the overall effectiveness of your internal controls. In making your determination of whether the company's internal controls are effective, you should begin by assessing any control deficiencies. Is any of them — alone or in combination — serious enough to be a material weakness? If so, you can't conclude that the company's controls are effective. This puts a significant premium on knowing what constitutes a material weakness. Simply put, a material weakness is one or more control deficiencies that create a reasonable possibility of a material misstatement in your company's annual or interim financial statements. This does not necessarily mean that a material misstatement has occurred, but only that the controls might not be good enough to detect or prevent a material misstatement on a timely basis. The SEC's new guidance highlights the factors that you should consider in deciding whether a control deficiency is a material weakness. For example:
If you identify any material weaknesses, you must describe them in your assessment of the internal controls that appears in your annual report. You should also consider including the following in your assessment:
Finally, you should describe these material weaknesses to the audit committee and your external auditor, along with any control deficiencies you've found that didn't rise to the level of a material weakness, but which you think are important enough to merit their attention. Control deficiencies of this kind are defined as "significant deficiencies" in the SEC's rules. I am pleased to introduce Thomas Ray, member of the accounting faculty at Baruch College and former Chief Auditor at the PCAOB, who will be guest blogging for us this week. In his remarks at the AICPA Conference on Current SEC and PCAOB Developments last month, Brian T. Croteau, SEC Deputy Chief Accountant, noted some encouraging signs related to public companies' evaluations of their internal control. For the second year in a row, the number of material weaknesses reported by companies in circumstances in which they had not also identified a material misstatement had increased, which suggests that companies are performing a more rigorous analysis of the effectiveness of their controls. How to Optimize Your Internal Control Management Process The encouragement came with a caution, however, as Croteau noted the frequency with which internal control issues are identified in SEC staff consultations. He then discussed the importance of properly identifying, understanding, and describing control deficiencies. In my experience, identifying and evaluating the severity of internal control deficiencies is often difficult and has been a challenge for both companies and their auditors. Croteau's comments in this area are therefore both helpful and timely. Here are four tips for evaluating internal control deficiencies, based on Croteau's remarks and relevant guidance included in the PCAOB's Auditing Standard No. 5 and elsewhere.
What factors should auditors consider when evaluating the severity of a deficiency in a control that directly addresses a risk of material misstatement?There are two components that must be evaluated to assess the severity of a control deficiency: the likelihood that the deficient control will not prevent or timely detect a misstatement, and the magnitude of the potential misstatement resulting from the deficiency.
How do you determine significant deficiency vs material weakness?A significant deficiency is less severe than a material weakness in that it is unlikely to have a material impact on financial statements, but it is, “important enough to merit attention by those responsible for oversight of the company's financial reporting,” according to the PCAOB.
How auditors identify significant deficiencies in internal control systems?How Do You Evaluate Internal Controls Deficiencies?. Assess the Control Environment. ... . Evaluate Risk Assessment. ... . Investigate Control Activities. ... . Examine Information and Communication Systems. ... . Analyze Monitoring Activities. ... . Index Existing Controls. ... . Understand which Controls Are Relevant to the Audit.. What factors should an auditor consider when evaluating the control environment?Control environment factors include the following:. Integrity and ethical values.. Commitment to competence.. Board of directors or audit committee participation.. Management's philosophy and operating style.. Organizational structure.. Assignment of authority and responsibility.. Human resource policies and practices.. |