Skip to Content

Notice

Public Company Accounting Oversight Board; Notice of Filing of Proposed Rules on Conforming Amendments to PCAOB Interim Standards Resulting From the Adoption of PCAOB Auditing Standard No. 2, “An Audit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements”

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble October 5, 2004.

Pursuant to Section 107(b) of the Sarbanes-Oxley Act of 2002 (the “Act”), notice is hereby given that on September 16, 2004, the Public Company Accounting Oversight Board (the “Board” or the “PCAOB”) filed with the Securities and Exchange Commission (the “Commission” or the “SEC”) the proposed rule described in Items I and II below, which items have been prepared by the Board and are presented here in the form submitted by the Board. The Commission is publishing this notice to solicit comments on the proposed rule from interested persons.

I. Board's Statement of the Terms of Substance of the Proposed Rule

On September 15, 2004, the Board adopted Conforming Amendments to PCAOB Interim Standards Resulting from the Adoption of PCAOB Auditing Standard No. 2, “An Audit Of Internal Control Over Financial Reporting Performed In Conjunction With An Audit of Financial Statements” (“the proposed rules”). The proposed rule text is set out as follows:

Conforming Amendments to PCAOB Interim Standards Resulting from the Adoption of PCAOB Auditing Standard No. 2, “An Audit Of Internal Control Over Financial Reporting Performed In Conjunction With An Audit Of Financial Statements”

Auditing Standards

AU Sec. 310, “Appointment of the Independent Auditor”

Statement on Auditing Standards (“SAS”) No. 1, “Codification of Auditing Standards and Procedures,” AU sec. 310, “Appointment of the Independent Auditor,” as amended by SAS No. 45, “Omnibus Statement on Auditing Standards-1983,” SAS No. 83, “Establishing an Understanding With the Client,” and SAS No. 89, “Audit Adjustments” (AU sec. 310, “Appointment of the Independent Auditor”), is amended as follows:

a. The first sentence of paragraph .06 is amended to read as follows: An understanding with the client generally includes the following matters.

b. The first bullet point of paragraph .06 is amended to read as follows: The objective of the audit is:

  • Integrated audit of financial statements and internal control over financial reporting: The expression of an opinion on both management's assessment of internal control over financial reporting and on the financial statements.
  • Audit of financial statements: The expression of an opinion on the financial statements.

c. The third bullet point of paragraph .06 is amended to read as follows: Management is responsible for establishing and maintaining effective internal control over financial reporting. In an integrated audit of financial statements and internal control over financial reporting, an auditor is required to communicate, in writing, to management and the audit committee that the audit of internal control over financial reporting cannot be satisfactorily completed and that he or she is required to disclaim an opinion if management has not:

  • Accepted responsibility for the effectiveness of the company's internal control over financial reporting.
  • Evaluated the effectiveness of the company's internal control over financial reporting using suitable control criteria,
  • Supported its evaluation with sufficient evidence, including documentation, and
  • Presented a written assessment of the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year.

d. The seventh bullet point of paragraph .06 is amended to read as follows: The auditor is responsible for conducting the audit in accordance with the standards of the Public Company Accounting Oversight Board. Those standards require that the auditor:

  • Integrated audit of financial statements and internal control over financial reporting: Obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud, and whether management's assessment of the effectiveness of the company's internal control over financial reporting is fairly stated in all material respects. Accordingly, there is some risk that a material misstatement of the financial statements or a material weakness in internal control over financial reporting would remain undetected. Although not absolute assurance, reasonable assurance is, nevertheless, a high level of assurance. Also, an integrated audit is not designed to detect error or fraud that is immaterial to the financial statements or deficiencies in internal control over financial reporting that, individually or in combination, are less severe than a material weakness. If, for any reason, the auditor is unable to complete the audit or is unable to form or has not formed an opinion, he or she may decline to express an opinion or decline to issue a report as a result of the engagement.
  • Audit of financial statements: Obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Accordingly, there is some risk that a material misstatement would remain undetected. Although not absolute assurance, reasonable assurance is, nevertheless, a high level of assurance. Also, a financial statement audit is not designed to detect error or fraud that is immaterial to the financial statements. If, for any reason, the auditor is unable to complete the audit or is unable to form or has not formed an opinion, he or she may decline to express an opinion or decline to issue a report as a result of the engagement.

e. The eighth bullet point of paragraph .06 is amended to read as follows:

An audit includes:

  • Integrated audit of financial statements and internal control over financial reporting: Planning and performing the audit to obtain reasonable assurance about whether the company maintained, in all material respects, effective internal control over financial reporting as of the date Start Printed Page 60914specified in management's assessment. The auditor is also responsible for obtaining an understanding of internal control sufficient to plan the financial statement audit and to determine the nature, timing, and extent of audit procedures to be performed. The auditor is also responsible for communicating in writing:
  • To the audit committee—all significant deficiencies and material weaknesses identified during the audit.
  • To management—all internal control deficiencies identified during the audit and not previously communicated in writing by the auditor or by others, including internal auditors or others inside or outside the company.
  • To the board of directors—any specific significant deficiency or material weakness identified because the auditor concludes that the audit committee's oversight of the company's external financial reporting and internal control over financial reporting is ineffective.
  • Audit of financial statements: Obtaining an understanding of internal control sufficient to plan the audit and to determine the nature, timing, and extent of audit procedures to be performed. An audit is not designed to provide assurance on internal control or to identify internal control deficiencies. However, the auditor is responsible for communicating in writing:
  • To the audit committee—all significant deficiencies and material weaknesses identified during the audit.
  • To the board of directors—if the auditor becomes aware that the oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee is ineffective, that specific significant deficiency or material weakness.

AU Sec. 311, “Planning and Supervision”

SAS No. 22, “Planning and Supervision,” as amended by SAS No. 47, “Audit Risk and Materiality in Conducting an Audit,” SAS No. 48, “The Effects of Computer Processing on the Audit of Financial Statements,” and SAS No. 77, “Amendments to Statements on Auditing Standards No. 22, ‘Planning and Supervision,’ No. 59, ‘The Auditor's Consideration of an Entity's Ability to Continue as a Going Concern,’ No. 62, ‘Special Reports’” (AU sec. 311, “Planning and Supervision”), is amended by adding the following note after paragraph 1: Note:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraph 39 of PCAOB Auditing Standard No. 2 regarding planning considerations in addition to the planning considerations set forth in this section.

AU Sec. 312, “Audit Risk and Materiality in Conducting an Audit”

SAS No. 47, “Audit Risk and Materiality in Conducting an Audit,” as amended by SAS No. 82, “Consideration of Fraud in a Financial Statement Audit,” SAS No. 96, “Audit Documentation,” and SAS No. 98, “Omnibus Statement on Auditing Standards—2002” (AU sec. 312, “Audit Risk and Materiality in Conducting an Audit”), is amended as follows:

a. The following note is added after paragraph 3.

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 22-23 of PCAOB Auditing Standard No. 2 regarding materiality considerations.

b. The following note is added after paragraph 5.

Note:

An integrated audit of financial statements and internal control over financial reporting is not designed to detect deficiencies in internal control over financial reporting that, individually or in the aggregate, are less severe than a material weakness.

c. The following note is added after paragraph 7.

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 24-26 of PCAOB Auditing Standard No. 2 regarding fraud considerations.

d. The following note is added after paragraph 12.

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 22-23 and 39 of PCAOB Auditing Standard No. 2 regarding materiality and planning considerations, respectively.

e. The following note is added after paragraph 18.

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to Appendix B, “Additional Performance Requirements and Directions; Extent-of-Testing Examples,” of PCAOB Auditing Standard No. 2 for considerations when a company has multiple locations or business units.

f. The following note is added after paragraph 30.

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 147-149 of PCAOB Auditing Standard No. 2 regarding tests of controls.

AU Sec. 313, “Substantive Tests Prior to the Balance-Sheet Date”

SAS No. 45, “Omnibus Statement on Auditing Standards—1983” (AU sec. 313, “Substantive Tests Prior to the Balance-Sheet Date”), is amended by adding the following note after paragraph 1:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 98-103 of PCAOB Auditing Standard No. 2 regarding timing of tests of controls.

AU Sec. 316, “Consideration of Fraud in a Financial Statement Audit”

SAS No. 99, “Consideration of Fraud in a Financial Statement Audit” (AU sec. 316, “Consideration of Fraud in a Financial Statement Audit”), is amended as follows:

a. The following note is added after paragraph 1:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 24-26 of PCAOB Auditing Standard No. 2 regarding fraud considerations, in addition to the fraud consideration set forth in this section.

b. In paragraph 80, the phrase “the auditor should consider whether these risks represent reportable conditions relating to the entity's internal control that should be communicated to senior management and the audit committee” is replaced by “the auditor should consider whether these risks represent significant deficiencies that must be communicated to senior management and the audit committee” and the reference to section 325, “Communication of Internal Control Related Matters Noted in an Audit,” paragraph .04 is replaced by the reference to section 325, “Communications About Control Deficiencies in An Audit of Financial Statements,” paragraph 4.

AU Sec. 319, “Consideration of Internal Control in a Financial Statement Audit”

SAS No. 55, “Consideration of Internal Control in a Financial Statement Audit,” as amended by SAS No. 78, “Consideration of Internal Control in a Financial Statement Audit: An Amendment of Statement on Auditing Standards No. 55,” and SAS No. 94, “The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit” (AU sec. 319, “Consideration of Internal Control in a Financial Statement Audit”), is amended as follows: Start Printed Page 60915

a. In paragraph 2, the term “assertions” is replaced by the term “relevant assertions.”

b. The following sentence is added at the end of paragraph 2: Regardless of the assessed level of control risk, the auditor should perform substantive procedures for all relevant assertions related to all significant accounts and disclosures in the financial statements.

c. The following note is added after paragraph 2:

Note:

Refer to paragraphs 68-70 of PCAOB Auditing Standard No. 2 for discussion of identifying relevant financial statement assertions.

d. The following note is added after paragraph 9:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to Appendix B, “Additional Performance Requirements and Directions; Extent-of-Testing Examples,” of PCAOB Auditing Standard No. 2 for discussion of considerations when a company has multiple locations or business units.

e. The following note is added after paragraph 42:

Note:

For purposes of evaluating the effectiveness of internal control over financial reporting, the auditor's understanding of control activities encompasses a broader range of accounts and disclosures than what is normally obtained in a financial statement audit.

f. The following note is added after paragraph 65:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, if the auditor assesses control risk as other than low for certain assertions or significant accounts, the auditor should document the reasons for that conclusion.

g. The following note is added after paragraph 83:

Note:

In an integrated audit of financial statements and internal control over financial reporting, PCAOB Auditing Standard No. 2 states, in part, that “If, however, the auditor assesses control risk as other than low for certain assertions or significant accounts, the auditor should document the reasons for that conclusion.” Accordingly, if control risk is assessed at the maximum level, the auditor should document the basis for that conclusion. Refer to paragraphs 159-161 of PCAOB Auditing Standard No. 2 for additional information regarding documentation requirements.

h. The following note is added after paragraph 97:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 104-105 of PCAOB Auditing Standard No. 2 for discussion on the extent of tests of controls.

i. The last sentence of paragraph 107 is replaced with the following sentence:

Consequently, regardless of the assessed level of control risk, the auditor should perform substantive procedures for all relevant assertions related to all significant accounts and disclosures in the financial statements.

AU Sec. 322, “The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements”

SAS No. 65, “The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements” (AU sec. 322, “The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements”), is amended as follows:

a. The following note is added after paragraph 1:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 108-126 of PCAOB Auditing Standard No. 2 for discussion on using the work of others to alter the nature, timing, and extent of the work that otherwise would have been performed to test controls.

b. The second sentence of paragraph 16 is replaced with the following sentence:

The auditor assesses control risk for each of the relevant financial statement assertions related to all significant accounts and disclosures in the financial statements and performs tests of controls to support assessments below the maximum.

c. The following note is added after paragraph 20:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 112-116 of PCAOB Auditing Standard No. 2 regarding evaluating the nature of controls subjected to the work of others.

d. The following note is added after paragraph 22:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraph 122 of PCAOB Auditing Standard No. 2 regarding assessing the interrelationship of the nature of the controls and the competence and objectivity of those who performed the work.

AU Sec. 324, “Service Organizations”

SAS No. 70, “Service Organizations,” as amended by SAS No. 78, “Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standard No. 55,” SAS No. 88, “Service Organizations and Reporting on Consistency,” and SAS No. 98, “Omnibus Statement on Auditing Standards—2002” (AU sec. 324, “Service Organizations”), is amended as follows:

a. The following note is added after paragraph 1:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs B18-B29 of Appendix B, “Additional Performance Requirements and Directions; Extent-of-Testing Examples,” in PCAOB Auditing Standard No. 2 regarding the use of service organizations.

b. In paragraph 20, the term “reportable conditions” is replaced by the term “significant deficiencies” and the reference to section 325, “Communication of Internal Control Related Matters Noted in an Audit,” is replaced by the reference to section 325, “Communications About Control Deficiencies in An Audit of Financial Statements.”

AU Sec. 325, “Communication of Internal Control Related Matters Noted in an Audit”

SAS No. 60, “Communication of Internal Control Related Matters Noted in an Audit,” as amended by SAS No. 78, “Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55,” and SAS No. 87, “Restricting the Use of an Auditor's Report” (AU Sec. 325, “Communication of Internal Control Related Matters Noted in an Audit”), is superseded.

  • In an integrated audit of financial statements and internal control over financial reporting, SAS No. 60, as amended, is superseded by paragraphs 207-214 of PCAOB Auditing Standard No. 2.
  • In an audit of financial statements only, SAS No. 60, as amended, is superseded by the following paragraphs.

Communications About Control Deficiencies in an Audit of Financial Statements

1. In an audit of financial statements, the auditor may identify deficiencies in the company's internal control over financial reporting. A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.

  • A deficiency in design exists when (a) a control necessary to meet the control objective is missing or (b) an Start Printed Page 60916existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met.
  • A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.

2. A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the company's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the company's annual or interim financial statements that is more than inconsequential will not be prevented or detected.

Note:

The term “remote likelihood” as used in the definitions of significant deficiency and material weakness (paragraph 3) has the same meaning as the term “remote” as used in Financial Accounting Standards Board Statement No. 5, Accounting for Contingencies (“FAS No. 5”). Paragraph 3 of FAS No. 5 states:

When a loss contingency exists, the likelihood that the future event or events will confirm the loss or impairment of an asset or the incurrence of a liability can range from probable to remote. This Statement uses the terms probable, reasonably possible, and remote to identify three areas within that range, as follows:

a. Probable. The future event or events are likely to occur.

b. Reasonably possible. The chance of the future event or events occurring is more than remote but less than likely.

c. Remote. The chance of the future events or events occurring is slight.

Therefore, the likelihood of an event is “more than remote” when it is either reasonably possible or probable.

Note:

A misstatement is inconsequential if a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would clearly be immaterial to the financial statements. If a reasonable person could not reach such a conclusion regarding a particular misstatement, that misstatement is more than inconsequential.

3. A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.

Note:

In evaluating whether a control deficiency exists and whether control deficiencies, either individually or in combination with other control deficiencies, are significant deficiencies or material weaknesses, the auditor should consider the definitions in paragraphs 1, 2 and 3, and the directions in paragraphs 130 through 137 of PCAOB Auditing Standard No. 2. As explained in paragraph 23 of PCAOB Auditing Standard No. 2, the evaluation of the materiality of the control deficiency should include both quantitative and qualitative considerations. Qualitative factors that might be important in this evaluation include the nature of the financial statement accounts and assertions involved and the reasonably possible future consequences of the deficiency. Furthermore, in determining whether a control deficiency, or combination of deficiencies, is a significant deficiency or a material weakness, the auditor should evaluate the effect of compensating controls and whether such compensating controls are effective.

4. The auditor must communicate in writing to management and the audit committee all significant deficiencies and material weaknesses identified during the audit. The written communication should be made prior to the issuance of the auditor's report on the financial statements. The auditor's communication should distinguish clearly between those matters considered significant deficiencies and those considered material weaknesses, as defined in paragraphs 2 and 3.

Note:

If no such committee exists with respect to the company, all references to the audit committee in this standard apply to the entire board of directors of the company.[1] The auditor should be aware that companies whose securities are not listed on a national securities exchange or an automated inter-dealer quotation system of a national securities association (such as the New York Stock Exchange, American Stock Exchange, or NASDAQ) may not be required to have independent directors for their audit committees. In this case, the auditor should not consider the lack of independent directors or an audit committee at these companies indicative, by themselves, of a control deficiency. Likewise, the independence requirements of Securities Exchange Act Rule 10A-3 [2] are not applicable to the listing of non-equity securities of a consolidated or at least 50 percent beneficially owned subsidiary of a listed issuer that is subject to the requirements of Securities Exchange Act Rule 10A-3(c)(2).[3] Therefore, the auditor should interpret references to the audit committee in this standard, as applied to a subsidiary registrant, as being consistent with the provisions of Securities Exchange Act Rule 10A-3(c)(2).[4] Furthermore, for subsidiary registrants, communications required by this standard to be directed to the audit committee should be made to the same committee or equivalent body that pre-approves the retention of the auditor by or on behalf of the subsidiary registrant pursuant to Rule 2-01(c)(7) of Regulation S-X [5] (which might be, for example, the audit committee of the subsidiary registrant, the full board of the subsidiary registrant, or the audit committee of the subsidiary registrant's parent). In all cases, the auditor should interpret the terms “board of directors” and “audit committee” in this standard as being consistent with provisions for the use of those terms as defined in relevant SEC rules.

5. If oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee is ineffective, that circumstance should be regarded as at least a significant deficiency and as a strong indicator that a material weakness in internal control over financial reporting exists. Although there is not an explicit requirement to evaluate the effectiveness of the audit committee's oversight in an audit of only the financial statements, if the auditor becomes aware that the oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee is ineffective, the auditor must communicate that specific significant deficiency or material weakness in writing to the board of directors.

6. These written communications should include:

a. The definitions of significant deficiencies and material weaknesses and should clearly distinguish to which category the deficiencies being communicated relate.

b. A statement that the objective of the audit was to report on the financial statements and not to provide assurance on internal control.

c. A statement that the communication is intended solely for the information and use of the board of directors, audit committee, management, and others within the organization. When there are requirements established by governmental authorities to furnish such written communications, specific reference to such regulatory authorities may be made.

7. The auditor might identify matters in addition to those required to be communicated by this standard. Such matters include control deficiencies identified by the auditor that are neither Start Printed Page 60917significant deficiencies nor material weaknesses and matters the company may request the auditor to be alert to that go beyond those contemplated by this standard. The auditor may report such matters to management, the audit committee, or others, as appropriate.

8. The auditor should not report in writing that no significant deficiencies were discovered during an audit of financial statements because of the potential that the limited degree of assurance associated with such a report will be misunderstood.

9. When timely communication is important, the auditor should communicate the preceding matters during the course of the audit rather than at the end of the engagement. The decision about whether to issue an interim communication should be determined based on the relative significance of the matters noted and the urgency of corrective follow-up action required.

In an audit of financial statements only, auditing interpretation 1 to AU sec. 325, “Reporting on the Existence of Material Weaknesses,” continues to apply except that the term “reportable condition” means “significant deficiency,” as defined in paragraph 9 of PCAOB Auditing Standard No. 2.

AU Sec. 326, “Evidential Matter”

SAS No. 31, “Evidential Matter,” as amended by SAS No. 48, “The Effects of Computer Processing on the Audit of Financial Statements,” and SAS No. 80, “Amendment to Statement on Auditing Standards No. 31, ‘Evidential Matter’ ” (AU sec. 326, “Evidential Matter”), is amended by adding the following sentences at the end of paragraph 19:

Additionally, the auditor's substantive procedures must include reconciling the financial statements to the accounting records. The auditor's substantive procedures also should include examining material adjustments made during the course of preparing the financial statements.

AU Sec. 329, “Analytical Procedures”

SAS No. 56, “Analytical Procedures,” as amended by SAS No. 96, “Audit Documentation” (AU sec. 329, “Analytical Procedures”), is amended as follows:

a. The following sentence is added to the end of paragraph 9: For significant risks of material misstatement, it is unlikely that audit evidence obtained from substantive analytical procedures alone will be sufficient.

b. The following sentences are added to the end of paragraph 10: When designing substantive analytical procedures, the auditor also should evaluate the risk of management override of controls. As part of this process, the auditor should evaluate whether such an override might have allowed adjustments outside of the normal period-end financial reporting process to have been made to the financial statements. Such adjustments might have resulted in artificial changes to the financial statement relationships being analyzed, causing the auditor to draw erroneous conclusions. For this reason, substantive analytical procedures alone are not well suited to detecting fraud.

c. The following sentence is added to the beginning of paragraph 16: Before using the results obtained from substantive analytical procedures, the auditor should either test the design and operating effectiveness of controls over financial information used in the substantive analytical procedures or perform other procedures to support the completeness and accuracy of the underlying information.

AU Sec. 332, “Auditing Derivative Instruments, Hedging Activities, and Investments in Securities”

SAS No. 92, “Auditing Derivative Instruments, Hedging Activities, and Investments in Securities” (AU sec. 332, “Auditing Derivative Instruments, Hedging Activities, and Investments in Securities”), is amended by adding the following note after paragraph 11:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, PCAOB Auditing Standard No. 2 states, “the auditor must obtain sufficient competent evidence about the design and operating effectiveness of controls over all relevant financial statement assertions related to all significant accounts and disclosures in the financial statements.” Therefore, in an integrated audit of financial statements and internal control over financial reporting, if a company's investment in derivatives and securities represents a significant account, the auditor's understanding of controls should include controls over derivatives and securities transactions from their initiation to their inclusion in the financial statements and should encompass controls placed in operation by the entity and service organizations whose services are part of the entity's information system.

AU Sec. 333, “Management Representations”

SAS No. 85, “Management Representations,” as amended by SAS No. 89, “Audit Adjustments,” and SAS No. 99 “Consideration of Fraud in a Financial Statement Audit” (AU sec. 333, “Management Representations”), is amended by adding the following note after paragraph 5:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 142-144 of PCAOB Auditing Standard No. 2 for additional required written representations to be obtained from management.

AU Sec. 342, “Auditing Accounting Estimates”

SAS No. 57, “Auditing Accounting Estimates” (AU sec. 342, “Auditing Accounting Estimates”), is amended by adding the following note after paragraph 10:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, the auditor may use any of the three approaches. However, the work that the auditor performs as part of the audit of internal control over financial reporting should necessarily inform the auditor's decisions about the approach he or she takes to auditing an estimate because, as part of the audit of internal control over financial reporting, the auditor would be required to obtain an understanding of the process management used to develop the estimate and to test controls over all relevant assertions related to the estimate.

AU Sec. 380, “Communication with Audit Committees”

SAS No. 61, “Communication with Audit Committees” (AU sec. 380, “Communication with Audit Committees”), is amended by replacing the title of Section 325 in the first bullet in footnote 1 in paragraph 1 with “Communications About Control Deficiencies in An Audit of Financial Statements” and adding the following after the last bullet in footnote 1 in paragraph 1:

  • PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements.

AU Sec. 508, “Reports on Audited Financial Statements”

SAS No. 58, “Reports on Audited Financial Statements,” as amended by SAS No. 64, “Omnibus Statement on Auditing Standards—1990,” SAS No. 79, “Amendment to Statement on Auditing Standards No. 58, ‘Reports on Audited Financial Statements,’ ” SAS No. 85, “Management Representations,” SAS No. 93, “Omnibus Statement on Auditing Standards—2000,” and SAS No. 98, “Omnibus Statement on Auditing Standards—2002” (AU sec. 508, “Reports on Audited Financial Statements”), is amended as follows:

a. The following note is added after paragraph 1:

Note:

When performing an integrated audit of financial statements and internal control Start Printed Page 60918over financial reporting, the auditor may choose to issue a combined report or separate reports on the company's financial statements and on internal control over financial reporting. Refer to paragraphs 162-199 of PCAOB Auditing Standard No. 2 for direction on reporting on internal control over financial reporting. In addition, see Appendix A, “Illustrative Reports on Internal Control Over Financial Reporting,” of PCAOB Auditing Standard No. 2 which includes an illustrative combined audit report and examples of separate reports.

b. The following subparagraph is added to paragraph 8:

k. When performing an integrated audit of financial statements and internal control over financial reporting, if the auditor issues separate reports on the company's financial statements and on internal control over financial reporting, the following paragraph should be added to the auditor's report on the company's financial statements:

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the effectiveness of X Company's internal control over financial reporting as of December 31, 20X3, based on [identify control criteria] and our report dated [date of report, which should be the same as the date of the report on the financial statements] expressed [include nature of opinions].

AU Sec. 530, “Dating of the Independent Auditor's Report”

SAS No. 1, “Codification of Auditing Standards and Procedures,” AU sec. 530, “Dating of the Independent Auditor's Report,” as amended by SAS No. 29, “Reporting on Information Accompanying the Basic Financial Statements in Auditor-Submitted Documents,” and SAS No. 98, “Omnibus Statement on Auditing Standards—2002” (AU sec. 530, “Dating of the Independent Auditor's Report”), is amended by adding the following note after paragraph .01:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, the auditor's reports on the company's financial statements and on internal control over financial reporting should be dated the same date. Refer to paragraphs 171-172 of PCAOB Auditing Standard No. 2, which provide direction with respect to the report date in an audit of internal control over financial reporting.

AU Sec. 532, “Restricting the Use of an Auditor's Report”

SAS No. 87, “Restricting the Use of an Auditor's Report,” (AU sec. 532, “Restricting the Use of an Auditor's Report”), is amended by replacing “Section 325, Communication of Internal Control Related Matters Noted in an Audit” in the first bullet of paragraph .07 with “Section 325, Communications About Control Deficiencies in An Audit of Financial Statements.”

AU Sec. 543, “Part of Audit Performed by Other Independent Auditors”

SAS No. 1, “Codification of Auditing Standards and Procedures,” AU sec. 543, “Part of Audit Performed by Other Independent Auditors,” as amended by SAS No. 64, “Omnibus Statement on Auditing Standards—1990” (AU sec. 543, “Part of Audit Performed by Other Independent Auditors”), is amended by adding the following note after paragraph .01:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 182-185 of PCAOB Auditing Standard No. 2, which provide direction with respect to opinions based, in part, on the report of another auditor in an audit of internal control over financial reporting.

AU Sec. 9550, “Other Information in Documents Containing Audited Financial Statements: Auditing Interpretations of Section 550

AU sec. 9550, “Other Information in Documents Containing Audited Financial Statements: Auditing Interpretations of Section 550,” is amended by replacing the term “reportable conditions” with the term “significant deficiencies” in footnote 8 to paragraph 15 and also replaces in that footnote the reference to Section 325.17 with the reference Section 325.8.

AU Sec. 560, “Subsequent Events”

SAS No. 1, “Codification of Auditing Standards and Procedures,” AU sec. 560, “Subsequent Events,” as amended by SAS No. 12, “Inquiry of a Client's Lawyer Concerning Litigation, Claims, and Assessments,” and SAS No. 98, “Omnibus Statement on Auditing Standards—2002” (AU sec. 560, “Subsequent Events”), is amended by adding the following note after paragraph .01:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 186-189 of PCAOB Auditing Standard No. 2, which provide direction with respect to subsequent events in an audit of internal control over financial reporting.

AU Sec. 561, “Subsequent Discovery of Facts Existing at the Date of the Auditor's Report”

SAS No. 1, “Codification of Auditing Standards and Procedures,” AU sec. 561, “Subsequent Discovery of Facts Existing at the Date of the Auditor's Report,” as amended by SAS No. 98, “Omnibus Statement on Auditing Standards—2002” (AU sec. 561, “Subsequent Discovery of Facts Existing at the Date of the Auditor's Report”), is amended by adding the following note after paragraph .01:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraph 197 of PCAOB Auditing Standard No. 2, which provides direction with respect to the subsequent discovery of information existing at the date of the auditor's report on internal control over financial reporting.

AU Sec. 634, “Letters for Underwriters and Certain Other Requesting Parties”

SAS No. 72, “Letters for Underwriters and Certain Other Requesting Parties,” as amended by SAS No. 76, “Amendments to Statement on Auditing Standards No. 72, Letters for Underwriters and Certain Other Requesting Parties,” and SAS No. 86, “Amendment to Statement on Auditing Standards No. 72, Letters for Underwriters and Certain Other Requesting Parties” (AU sec. 634, “Letters for Underwriters and Certain Other Requesting Parties”) is amended by replacing the reference to “Section 325, Communication of Internal Control Related Matters Noted in an Audit” with “Section 325, Communications About Control Deficiencies in An Audit of Financial Statements.”

AU Sec. 711, “Filings Under Federal Securities Statutes”

SAS No. 37, “Filings Under Federal Securities Statutes” (AU sec. 711, “Filings Under Federal Securities Statutes”), is amended by adding the following note after paragraph 2:

Note:

When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 198-199 of PCAOB Auditing Standard No. 2, which provide direction when an auditor's report on internal control over financial reporting is included or incorporated by reference in filings under federal securities statutes.

AU Sec. 722, “Interim Financial Information”

SAS No. 100, “Interim Financial Information” (AU sec. 722, “Interim Financial Information”), is amended as follows: Start Printed Page 60919

a. The following note is added after paragraph 3:

Note:

When an auditor is engaged to perform an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 202-206 of PCAOB Auditing Standard No. 2, which provide direction regarding the auditor's evaluation responsibilities as they relate to management's quarterly certifications on internal control over financial reporting.

a. In paragraph 9, the term “reportable conditions” is replaced by the term “significant deficiencies.”

b. In paragraph 33, the term “reportable conditions” is replaced by the term “significant deficiencies.” Also, the third sentence is replaced by the following:

A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the company's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the company's annual or interim financial statements that is more than inconsequential will not be prevented or detected.

c. The reference in footnote 22 to paragraph 33 to “Section 325, Communication of Internal Control Related Matters in an Audit” is replaced with “Section 325, Communications About Control Deficiencies in An Audit of Financial Statements.”

Attestation Standards

AT sec. 501, “Reporting on an Entity's Internal Control Over Financial Reporting”

Chapter 5, “Reporting on an Entity's Internal Control Over Financial Reporting,” of Statement on Standards for Attestation Engagements No. 10, “Attestation Standards: Revision and Recodification” (AT sec. 501, “Reporting on an Entity's Internal Control Over Financial Reporting”), and its related interpretation (AT sec. 9501, “Reporting on an Entity's Internal Control Over Financial Reporting: Attest Engagements Interpretations of Section 501”), are superseded by the conforming amendments and, accordingly, are no longer interim standards of the Board.

Independence Standards

ET Sec. 101.05

Rule 101, “Independence” (ET sec. 101.05) is amended by adding the following note after the second paragraph of interpretation 101-3, “Performance of Other Services:”

Note:

Paragraph 33 of PCAOB Auditing Standard No. 2 contains an additional requirement related to audit committee pre-approval of internal control-related services.

II. Board's Statement of the Purpose of, and Statutory Basis for, the Proposed Rules

In its filing with the Commission, the Board included statements concerning the purpose of, and basis for, the proposed rules and discussed any comments it received on the proposed rules. The text of these statements may be examined at the places specified in Item IV below. The Board has prepared summaries, set forth in sections A, B, and C below, of the most significant aspects of such statements.

A. Board's Statement of the Purpose of, and Statutory Basis for, the Proposed Rules

(a) Purpose

When the Board adopted PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements (PCAOB Release No. 2004-001, dated March 9, 2004) (the “internal control standard”), the Board recognized that the internal control standard superseded the professional standards adopted by the Board as its interim standards [6] in some respects, and that express amendments to those standards could be helpful to make the interim standards consistent with the principles and requirements in the internal control standard. The Board also planned to make several amendments to the interim standards that would be applicable to situations in which Section 404 of the Sarbanes-Oxley Act of 2002 is not applicable and only the financial statements of a company are required to be audited. Accordingly, the Board issued for public comment the proposed conforming amendments, which identified conforming changes to the interim standards resulting from the adoption of PCAOB Auditing Standard No. 2.

The purpose of the conforming amendments is to specifically identify changes to the interim standards that result from the adoption of PCAOB Auditing Standard No. 2. The Board believes that identification of such changes is helpful in enabling auditors to comply with the Board's standards, as well as in eliminating potential confusion and inconsistencies in interpretation with respect to the affected portions of the interim standards. Accordingly, the scope of the conforming amendments is relatively narrow and comprises amendments to the interim standards resulting only from the adoption of PCAOB Auditing Standard No. 2.

(b) Statutory Basis

The statutory basis for the proposed rules is Title I of the Act.

B. Board's Statement on Burden on Competition

The Board does not believe that the proposed rules will result in any burden on competition that is not necessary or appropriate in furtherance of the purposes of the Act. The proposed rules identify changes to the interim standards that result from the adoption of PCAOB Auditing Standard No. 2.

C. Board's Statement on Comments on the Proposed Rules Received From Members, Participants or Others

The Board released the proposed rules for public comment in PCAOB Release No. 2004-002 (March 9, 2004). A copy of PCAOB Release No. 2004-002 and the comment letters received in response to the PCAOB's request for comment are available on the PCAOB's Web site at www.pcaobus.org. The Board received 10 written comments. The Board has modified certain aspects of the proposed rules in response to comments it received, as discussed below:

1. Auditing Standards

The Board's interim auditing standards include the Statements on Auditing Standards promulgated by the American Institute of Certified Public Accountants (“AICPA”) Auditing Standards Board (“ASB”), as in existence on April 16, 2003.[7] The conforming amendments to the Board's interim auditing standards include (a) the addition of references to assist auditors in performing an integrated Start Printed Page 60920audit of financial statements and internal control over financial reporting and (b) amendments to incorporate certain requirements in PCAOB Auditing Standard No. 2 that also apply when an auditor is engaged solely to audit a company's financial statements.

a. Addition of References to the Interim Standards

References have been added to assist auditors in performing an integrated audit of financial statements and internal control over financial reporting. Auditors are cautioned that the references might not be all inclusive. If there is any conflict between the interim auditing standards and PCAOB Auditing Standard No. 2, auditors should follow the provisions of PCAOB Auditing Standard No. 2.

In the release relating to the proposed conforming amendments, commenters were asked whether the proposed references would be useful to auditors performing an integrated audit of financial statements and internal control over financial reporting. The release also asked whether any references considered beneficial were omitted from the proposed standard.

Most commenters found the proposed references to be helpful to auditors performing both integrated audits and audits of financial statements. Several commenters voiced concerns stemming from the lack of a codification of PCAOB auditing standards. The Board believes that auditors will find the listing of conforming amendments in this rulemaking to be a useful tool for reconciling changes to the interim standards. The Board decided that no change is necessary to the conforming amendments in response to these comments regarding a codification because these comments were outside the scope of this rulemaking.

In addition, several commenters suggested additional references to include in the final conforming amendments. The Board evaluated each of these suggestions individually and included them in the final conforming amendments where deemed appropriate.

b. Amendments To Incorporate Requirements From PCAOB Auditing Standard No. 2

While PCAOB Auditing Standard No. 2 is directed primarily to an auditor performing an integrated audit of financial statements and internal control over financial reporting, some provisions in that standard are relevant to situations in which an auditor is engaged solely to audit a company's financial statements, such as in an audit of financial statements presented in connection with an initial public offering, in which the company is not subject to the requirements of Section 404 of the Act and the SEC's rules implementing that provision.[8] Therefore, this rulemaking amends certain interim standards directly because those amendments would apply in all cases.

In the release relating to the proposed conforming amendments, commenters were asked (a) whether the proposed amendments clearly describe the new requirements that apply either when the auditor is engaged to audit only the financial statements or when the auditor is engaged to perform an integrated audit of the financial statements and internal control over financial reporting; and (b) whether there were any additional requirements not already identified that also should apply when the auditor is engaged to audit only the financial statements.

Most commenters found the proposed amendments both clear and helpful. A few commenters suggested editorial changes to the proposed amendments, while others suggested additional amendments. The Board reviewed all such comments and, where appropriate, incorporated them into the final conforming amendments.

One commenter believed that a number of new requirements that apply when the auditor is engaged to audit only the financial statements have been obscured behind the label of “conforming changes” and that, as a result, auditors will fail to notice such new requirements. This commenter suggested that the Board appropriately highlight each new requirement for such audits to ensure that auditors are aware of and fully understand the ramifications of each new requirement. The changes described in the conforming amendments were first presented for public comment in connection with the Board's proposal of Auditing Standard No. 2 in October 2003. Because a number of commenters, when commenting on that proposal, suggested that a more detailed explanation of these changes could be helpful to practitioners, the Board decided to more clearly identify the changes in separate conforming amendments. These two notice and comment periods have served to highlight these changes, and the Board believes that the conforming amendments adopted today, together with this release describing those amendments, provide auditors adequate explanation to understand the effects of these changes on the financial statement audit.

Significant areas of amendment to the auditing standards are discussed below, including comments received and the Board's response thereto. For ease of reference, the references herein are to the interim standards as codified in AICPA Professional Standards, rather than to the original pronouncements.

(1) AU Sec. 310, “Appointment of the Independent Auditor”

This standard has been amended to include requirements related to the auditor's understanding with the client when performing an integrated audit of financial statements and internal control over financial reporting. For consistency, certain related amendments also have been made to the auditor's required understanding with the client when performing an audit of financial statements. One commenter suggested that the amendments to this standard indicating that reasonable assurance is “a high level of assurance” were inappropriate and should be subject to further deliberation and discussion. The Board's clarification that reasonable assurance is “a high level of assurance” was clearly included in PCAOB Auditing Standard No. 2. As indicated in the Board's release proposing the conforming amendments, the scope of this rulemaking did not include reconsidering any principles or requirements of PCAOB Auditing Standard No. 2. Accordingly, the Board viewed this comment regarding reasonable assurance as beyond the scope of the proposed conforming amendments rulemaking. No changes have been made based upon this comment.

(2) AU Sec. 319, “Consideration of Internal Control in a Financial Statement Audit”

This interim standard has been amended by adding a requirement that states, “Regardless of the assessed level of control risk, the auditor should perform substantive procedures for all relevant assertions related to all significant accounts and disclosures in the financial statements.” As it relates to this requirement, Auditing Standard No. 2 states, “Regardless of the assessed level of control risk or the assessed risk of material misstatement in connection with the audit of the financial statements, the auditor should perform substantive procedures for all relevant assertions for all significant accounts and disclosures. Performing procedures Start Printed Page 60921to express an opinion on internal control over financial reporting does not diminish this requirement.” A similar conforming amendment has been made to AU sec. 322, “The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements.”

(3) AU Sec. 325, “Communication of Internal Control Related Matters Noted in an Audit.”

This standard has been superseded in the context of an integrated audit of financial statements and internal control over financial reporting by paragraphs 207 through 214 of PCAOB Auditing Standard No. 2. By this rulemaking, the Board is also amending this interim standard, as applied to an audit only of financial statements, by substituting the paragraphs included in the appendix accompanying this release (See AU sec. 325, subparagraphs 1-9 in the appendix).

Communication of the Ineffectiveness of the Audit Committee. The proposed amendment stated that, in an audit only of financial statements, an auditor does not have a requirement to evaluate the effectiveness of the audit committee's oversight of the company's internal control over financial reporting. The proposed amendment would also have required an auditor to communicate, in writing, to the board of directors if a significant deficiency or material weakness exists, however, because the oversight of the company's external financial reporting and internal control over financial reporting is ineffective.

While commenters unanimously agreed with this provision, several commenters asked for clarification of the auditor's responsibility. In response, the Board has amended subparagraph 5 of the conforming amendments to AU sec. 325 to read as follows, proposed new language is in italics, proposed deletions are in [brackets].

If oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee is ineffective, that circumstance should be regarded as at least a significant deficiency and as a strong indicator that a material weakness in internal control over financial reporting exists.

Although there is not an explicit requirement to evaluate the effectiveness of the audit committee's oversight in an audit of only the financial statements, [of the external financial reporting process and the internal control over financial reporting,] if the auditor becomes aware that [a significant deficiency or material weakness exists because] the oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee is ineffective, the auditor must communicate that specific significant deficiency or material weakness in writing to the board of directors.

This change is intended to clarify that, while an auditor does not have an explicit requirement to perform a separate and distinct evaluation of the effectiveness of the audit committee in a financial statement audit, the auditor does have a communication responsibility when he or she becomes aware of a significant deficiency or material weakness caused by the audit committee's ineffectiveness.

Illustrative Internal Control Reports. Several commenters requested that the Board revise and include in the conforming amendments illustrative reports to management about deficiencies in internal control similar to those previously contained in AU sec. 325 and its related interpretation. The Board noted that presenting such reports in a rulemaking of the Board might lead firms to use boilerplate language in such communications to management and others. In addition, the Board believes that any new illustrative reports it issues as part of the Board's standards must not only reflect conforming changes but also incorporate best practices at the time of issuance. This type of revision of illustrative reports is beyond the scope of the conforming amendments. Additionally, the Board expects that auditors will be able to clearly and appropriately communicate these matters without relying on illustrative reports. For these reasons, illustrative reports have not been included in the conforming amendments.

(4) AU Sec. 326, “Evidential Matter”

This standard has been amended to add a requirement stating that, “the auditor's substantive procedures must include reconciling the financial statements to the accounting records. The auditor's substantive procedures should include examining material adjustments made during the course of preparing the financial statements.” PCAOB Auditing Standard No. 2 is clear on the applicability of these procedures in an integrated audit of financial statements and internal control over financial reporting. The Board believes that it is logical and appropriate that these procedures also be performed in an audit of the financial statements. No commenters objected to this amendment.

(5) AU Sec. 329, “Analytical Procedures”

This standard is amended to add the following directions:

  • For significant risks of material misstatement, it is unlikely that audit evidence obtained from substantive analytical procedures alone will be sufficient.
  • When designing substantive analytical procedures, the auditor also should evaluate the risk of management override of controls. As part of this process, the auditor should evaluate whether such an override might have allowed adjustments outside of the normal period-end financial reporting process to have been made to the financial statements. Such adjustments might have resulted in artificial changes to the financial statement relationships being analyzed, causing the auditor to draw erroneous conclusions. For this reason, substantive analytical procedures alone are not well suited to detecting fraud.
  • Before using the results obtained from substantive analytical procedures, the auditor should either test the design and operating effectiveness of controls over financial information used in the substantive analytical procedures or perform other procedures to support the completeness and accuracy of the underlying information.

PCAOB Auditing Standard No. 2 is clear on the applicability of these procedures in an integrated audit of financial statements and internal control over financial reporting. The Board also believes that it is logical and appropriate to perform these procedures in an audit of the financial statements. The Board did not receive any comments on these amendments other than comments that re-challenged their inclusion in PCAOB Auditing Standard No. 2. As indicated in the Board's proposing release, these types of comments were considered to be beyond the scope of the proposed conforming amendments; therefore, no changes have been made based upon these comments.

(6) AU Sec. 339, “Audit Documentation”

The proposed conforming amendments would have added a subparagraph to Appendix A of this standard (“SAS No. 96”). Subsequent to the conforming amendments being issued for public comment, the Board adopted, and the Securities and Exchange Commission approved, PCAOB Auditing Standard No. 3, Audit Documentation. PCAOB Auditing Standard No. 3 superseded SAS No. 96 Start Printed Page 60922in its entirety, including Appendix A. Therefore, this proposed conforming amendment is not included in the final conforming amendments because the Board's interim standards no longer contain Appendix A of AU sec. 339.

(7) AU Sec. 380, “Communication With Audit Committees”

Footnote one to this standard includes a list of other standards that also require audit committee communications. Because PCAOB Auditing Standard No. 2 also includes required audit committee communications, this standard is amended by including a reference to PCAOB Auditing Standard No. 2 in footnote one. The Board added this conforming amendment based on a suggestion from a commenter.

2. Attestation Standards

The Board's interim attestation standards include the Statements on Standards for Attestation Engagements promulgated by the ASB, as in existence on April 16, 2003.[9] Auditors performing an integrated audit of financial statements and internal control over financial reporting to comply with Section 404 of the Act must follow PCAOB Auditing Standard No. 2 when reporting on an entity's internal control over financial reporting. Therefore, in the context of an audit of a company that is subject to Section 404 of the Act, AT sec. 501 has been superseded by the internal control standard. Because AT 501, even as applied to an engagement other than an engagement under Section 404, is outdated, the proposed conforming amendments recommended that AT sec. 501 be superseded in its entirety and removed from the Board's standards.

The release to the proposed conforming amendments asked commenters whether AT sec. 501 should be amended rather than superseded in its entirety. Furthermore, it asked commenters to provide information on (a) whether there are any circumstances in which an issuer would want or need to file an AT sec. 501 report with the SEC and (b) whether there is a need for an auditor's report on internal control in addition to the auditor's report on the integrated audit of financial statements and internal control over financial reporting for purposes of complying with Section 404 of the Act. Commenters who believed such a need exists were requested to indicate in their responses the type of information that should be included in the report, the circumstances in which such a report might be issued, and the intended users of such a report.

Most commenters agreed with the deletion of AT sec. 501 from the Board's interim standards. Those commenters believed that AT sec. 501 is inferior to PCAOB Auditing Standard No. 2. In addition, those commenters were unaware of any circumstances in which an issuer would be required to file an AT sec. 501 report with the SEC, or of any instances in which issuers might need an auditor's report on internal control other than the one embodied in PCAOB Auditing Standard No. 2.

Other commenters, however, expressed concerns about superseding AT sec. 501 in its entirety for a number of reasons. A couple of commenters pointed out that the auditors of some asset-backed securities (“ABS”) issuers issue AT sec. 501 reports in order for those ABS issuers to comply with the SEC's annual filing requirements. ABS issuers are not required to comply with Section 404 of the Act, however. No ABS issuer is required to file an auditor's report performed pursuant to AT sec. 501; rather, ABS issuers may comply with the SEC's annual filing requirements by filing an auditor's report performed pursuant to AT sec. 601, Compliance Attestation. Further, under a recent SEC proposal (Proposed Rule: Asset-Backed Securities, Release Nos. 33-8419 and 34-49644, May 3, 2004), the SEC would require an ABS issuer to include in its annual filing one consistent form of auditor's report. In lieu of audited financial statements and compliance with Section 404 of the Act, the SEC proposal would require that management of certain ABS issuers assess the issuer's compliance with servicing criteria and that the auditor attest to, and report on, management's assertion as to whether it complied with the servicing standards through the performance of a compliance attestation. According to the proposal, the attestation standard under which the auditor should perform such engagement would be “Compliance Attestation,” AT sec. 601 or another standard for compliance auditing established by the PCAOB. Therefore, if the SEC proposal is adopted, the SEC would no longer accept AT sec. 501 reports for this purpose.

Other commenters expressed less specific concerns over superseding AT sec. 501 in its entirety. These commenters expressed a belief that, at some point, both issuers and nonissuers might need (or want) other reports on internal control presently not provided for under PCAOB Auditing Standard No. 2. For example, these commenters suggested that issuers might need an interim report on internal control, especially when a material weakness that existed at year end is subsequently corrected. Another commenter suggested that an issuer might want an audit report on some other aspect of internal control. None of these commenters, however, provided the detailed discussion requested in the release about the type of information that should be included in such a report, the circumstances in which it might be issued, and the intended users of such a report.

The Board continues to believe that AT sec. 501 lacks the necessary specificity provided in PCAOB Auditing Standard No. 2. At a minimum, if AT sec. 501 were to be retained in the Board's standards, the reporting directions in AT sec. 501 would require immediate revision to clearly distinguish for report users the difference between a report issued under AT sec. 501 and PCAOB Auditing Standard No. 2. Further, it would be necessary to make extensive revisions to AT sec. 501 to conform it to the principles and requirements embodied in PCAOB Auditing Standard No. 2. Because commenters were unable to describe a specific need that is currently unmet by reports issued under PCAOB Auditing Standard No. 2 or other professional standards, there appears to be no compelling reason at this time for the Board either to amend AT sec. 501 or to propose a new standard to replace AT sec. 501. Accordingly, the conforming amendments supersede AT sec. 501 altogether and remove it from the Board's standards effective immediately upon approval by the SEC.

Because AT sec. 501 is no longer a part of the Board's interim standards, it is not appropriate for auditors of issuers following the PCAOB's standards to use AT sec. 501 when reporting on the internal control over financial reporting of an issuer.

3. Independence Standards

The Board's interim independence standards include the AICPA Code of Professional Conduct Rule 101, and interpretations and rulings thereunder, promulgated by the AICPA Professional Ethics Executive Committee, as in existence on April 16, 2003.[10] As indicated in PCAOB Auditing Standard No. 2, a registered public accounting firm and its associated persons must not accept an engagement to provide Start Printed Page 60923internal control-related services to an issuer for which the registered public accounting firm also audits the financial statements unless that engagement has been specifically pre-approved by the audit committee. Because this requirement adds to current independence requirements, a reference to this requirement has been added to interpretation 101-3, “Performance of Other Services,” to Rule 101, “Independence” (ET sec. 101.05). The Board did not receive any comments objecting to this amendment.

Please note that a table, “Cross-References to Conforming Amendments to PCAOB Interim Standards,” which identifies all of the amendments that the conforming amendments describe, can be found in PCAOB Release 2004-008, dated September 15, 2004, which is available on the PCAOB's Web site at http://www.pcaobus.org.

4. Lack of “Background and Basis for Conclusions”

In auditing standards issued by the Board, a discussion of the comments received and other factors deemed significant by the Board in reaching the conclusions embodied in the final standard is contained in an appendix to the standard titled “Background and Basis for Conclusions.” Because this rulemaking is not an auditing standard, it does not include such an appendix. The Board, however, believes this type of discussion is helpful to this rulemaking. Accordingly, in addition to describing the nature and extent of amendments made to the interim standards, the foregoing also contains, when appropriate, a discussion of the significant factors considered by the Board in developing the final conclusions reflected in the conforming amendments.

5. Effective Date

As to the effective date of the amendments, PCAOB Rule 3200T requires auditors to comply with the Board's interim auditing standards “to the extent not superseded or amended by the Board.” Similarly, the Board's interim attestation and independence standards rules require registered firms and their associated persons to comply with certain existing attestation and independence standards “to the extent not superseded or amended by the Board.” [11]

PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements, was approved by the Commission on June 17, 2004 as the standard for audits of internal control over financial reporting required by Section 404(b) of the Sarbanes-Oxley Act of 2002. PCAOB Auditing Standard No. 2 supersedes the Board's interim standards in a number of respects and auditors must comply with all applicable provisions of Auditing Standard No. 2 once it is effective, including those provisions that supersede the Board's interim standards.

As discussed above, the proposed rules describe and expressly state the changes to the interim standards caused by the adoption of PCAOB Auditing Standard No. 2. Accordingly, pending SEC approval and subject to the two exceptions noted below, the Board intends for the conforming amendments to become effective for integrated audits of financial statements and internal control over financial reporting at the same time PCAOB Auditing Standard No. 2 becomes effective. Companies considered accelerated filers under Securities Exchange Act Rule 12b-2 [12] are required to comply with the internal control reporting and disclosure requirements of Section 404 of the Act for fiscal years ending on or after November 15, 2004. Other companies have until fiscal years ending on or after July 15, 2005, to comply with the internal control reporting and disclosure requirements and the conforming amendments. Early implementation of the conforming amendments is permitted.

There are two exceptions to this general statement. First, certain parts of the conforming amendments apply to an audit of financial statements of an issuer regardless of whether the issuer is required to comply with the internal control requirements of Section 404 of the Act. In order to provide for an orderly transition for issuers not required to comply with Section 404 of the Act, the Board has determined that these parts of the conforming amendments should be effective for audits of financial statements for periods ending on or after July 15, 2005, pending approval of the conforming amendments by the SEC. This means that auditors of non-accelerated filers are not required to comply with the conforming amendments in conducting audits of financial statements until performing audits of financial statements for fiscal years ending on or after July 15, 2005. The effect of these parts of the conforming amendments is discussed further below.

Second, the Board intends for the part of the conforming amendments that supersedes AT sec. 501, “Reporting on an Entity's Internal Control Over Financial Reporting,” to be effective immediately upon approval of the conforming amendments by the SEC. As discussed in greater detail above, in light of the adoption of PCAOB Auditing Standard No. 2, the Board does not see a compelling reason for the Board to retain AT sec. 501 in its interim standards.

6. Effect of Auditing Standard No. 2 on Audits of Financial Statements Only

The conforming amendments are effective, pending SEC approval, for audits of financial statements only for periods ending on or after July 15, 2005. For the most part, however, the Board believes the amendments represent clarifications of concepts already included in the Board's interim standards, rather than wholly new concepts or requirements. Accordingly, the Board encourages auditors to carefully consider their obligations under the Board's interim standards and not to draw a negative inference from the inclusion of a specific provision in the conforming amendments that equivalent procedures are not currently required to comply with the Board's interim standards.

III. Date of Effectiveness of the Proposed Rule and Timing for Commission Action

Within 35 days of the date of publication of this notice in the Federal Register or within such longer period (i) as the Commission may designate up to 90 days of such date if it finds such longer period to be appropriate and publishes its reasons for so finding or (ii) as to which the Board consents the Commission will:

(a) By order approve such proposed rule; or

(b) Institute proceedings to determine whether the proposed rule should be disapproved.

IV. Solicitation of Comments

Interested persons are invited to submit written data, views and arguments concerning the foregoing, including whether the proposed rule is consistent with Title I of the Act. Comments may be submitted by any of the following methods:

Electronic Comments

Paper Comments

  • Send paper comments in triplicate to Jonathan G. Katz, Secretary, Securities and Exchange Commission, 450 Fifth Street, NW., Washington, DC 20549-0609.

All submissions should refer to File No. PCAOB-2004-07; this file number should be included on the subject line if e-mail is used. To help us process and review your comments efficiently, please use only one method. The Commission will post all comments on the Commission's Internet Web site (http://www.sec.gov/​rules/​PCAOB.shtml). Comments are also available for public inspection and copying in the Commission's Public Reference Room, 450 Fifth Street, NW., Washington, DC 20549. All comments received will be posted without change; we do not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly. All comments should be submitted on or before November 3, 2004.

Start Signature

By the Commission.

Jill M. Peterson,

Assistant Secretary.

End Signature End Preamble

Footnotes

3.  See 17 CFR 240.10A-3(c)(2).

Back to Citation

4.  See 17 CFR 240.10A-3(c)(2).

Back to Citation

5.  See 17 CFR 210.2-01(c)(7).

Back to Citation

6.  Effective April 16, 2003, the PCAOB adopted, on an initial, transitional basis, five temporary interim standards rules (PCAOB Rules 3200T, 3300T, 3400T, 3500T, and 3600T) that refer to pre-existing professional standards of auditing, attestation, quality control, ethics, and independence (the “interim standards”). These rules were approved by the Securities and Exchange Commission on April 25, 2003 (See SEC Release No. 33-8222). On December 17, 2003, the Board approved technical amendments to the interim standards rules indicating that, “when the Board adopts a new auditing and related professional practice standard that addresses a subject matter that also is addressed in the interim standards, the affected portion of the interim standards will be susperseded or effectively amended. Accordingly, the Board approved adding the phrase ‘to the extent not superseded or amended by the Board' to each of the interim standards rules.”

Back to Citation

7.  The Statements on Auditing Standards (“AU”) are codified into the AICPA Professional Standards, vol. 1, as AU sections 100 through 901.

Back to Citation

8.  See Final Rule: Management's Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports. Securities and Exchange Commission Release No. 33-8238 (June 5, 2003) [68 FR 36636].

Back to Citation

9.  The Statements on Standards for Attestation Engagements (“AT”) are codified into the AICPA Professional Standards, vol. 1, as AT sections 101 through 701.

Back to Citation

10.  The AICPA's Code of Professional Conduct (“ET”) Rule 101, and interpretations and rulings thereunder, are codified into the AICPA Professional Standards, vol. 2, as ET sections 101 and 191.

Back to Citation

11.  PCAOB Rules 3300T, 3600T.

Back to Citation

[FR Doc. E4-2575 Filed 10-12-04; 8:45 am]

BILLING CODE 8010—01—P