AS5 Rules and Internal Audit

AS5 Rules and Internal Audit

Shortly after SOx became law in the United States, the PCAOB released its AS2 guidance that called for external auditors to take very conservative and detailed approaches on their audits of financial statements. AS2 mandated a “look-at-everything” detailed audit approach, and enterprise external audit bills became much more expensive in those first SOx years. AS5 is a set of standards for the external auditors who review and certify published financial statements, and these rules are also important for internal auditors as well. AS5 introduces risk-based rules with an emphasis on the effectiveness of internal controls that are more oriented to enterprise facts and circumstances. In addition, AS5 calls for external auditors to consider including reviews of appropriate internal audit reports in their financial statement audit reviews. It allows external auditors to place more emphasis on management’s ability to establish and document key internal controls.

AS5

AS5 has three broad objectives:

1. Focus internal control audits on the most important matters.
2. Eliminate audit procedures that are unnecessary to achieve their intended benefits.
3. Make the financial audit clearly scalable to fit the size and the complexity of any enterprise.

AS5 calls for an assessment of the competence and objectivity of the internal auditors at an enterprise. Competence means the attainment and maintenance of a level of understanding and knowledge that enables persons to perform the tasks assigned to them, and objectivity means the ability to perform those tasks impartially and with intellectual honesty. AS5 calls for an external auditor evaluation of whether factors are present that either inhibit or promote a person’s ability to perform with the necessary degree of objectivity the work the auditor plans to use.

OTHER SOx RULES—TITLE II: AUDITOR INDEPENDENCE

 Internal and external auditors have historically been separate and independent resources. External auditors were responsible for assessing the fairness of an enterprise’s internal control systems and the resultant published financial reports, while internal auditors served management in a wide variety of other areas.

Limitations on External Auditor Services

SOx prohibits public accounting firms from providing other services, including:

• Financial information systems design and implementations.

• Book keeping and financial statement services.

• Management and human resources functions.

• Other prohibited services.

The overall SOx theme here is that external auditors are authorized to audit the financial statements of their client enterprises, and that is about all. SOx allows that beyond the prohibited activities listed, external auditors can engage in other non-audit services only if those services are approved in advance by the audit committee.

Audit Committee Preapproval of Services

 Section 202 of SOx’s Title I specifies that the audit committee must approve all audit and non-audit services in advance. This would relieve the strain of lengthy audit committee business matters, but put even more responsibility on a few audit committee members over and above the many new legal responsibilities mandated by SOx.

External Audit Partner Rotation

External auditors have always communicated regularly with their audit committees in the course of the audit engagement, as well as for any other matters of concern. External auditors are required to report on a timely basis all accounting policies and practices used, alternative treatments of financial information discussed with management, the possible alternative treatments, and the approach preferred by the external auditor. External auditors must report to their audit committee any alternative accounting treatments, the approach preferred by the external auditors, and management’s approach.

Conflicts of Interest and Mandatory Rotations of External Audit Firms

It had once been common for members of the external audit firm team to get job appointments for senior financial positions at their audit clients. This really says that an audit partner cannot leave an audit engagement to begin working as a senior executive of the same firm that was just audited. While staff members and managers can still move from the public accounting firm team to various positions in the auditee enterprise, this prohibition is limited to public accounting partners.