The upcoming March 2011 meeting of the PCAOB’s Standing Advisory Group will examine the pending revised internal controls framework being developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) with an eye to informing the PCAOB of the SAG's views on any potential implications of COSO's update on the auditor's responsibilities regarding internal control over financial reporting that will impact the Board’s standard on auditing internal controls.
SEC rules require that management's evaluation of a company's internal controls pursuant to Section 404 of Sarbanes-Oxley must be based on a suitable, recognized control framework established by a body that follows notice and comment procedures. The Commission has identified the COSO internal controls framework as such a framework
While PCAOB auditing standards are neutral regarding the internal control framework that auditors use for testing and evaluating controls, Board standards do require auditors to use the same internal control framework that management uses and the overwhelming majority of US public reporting companies use the COSO Framework. Thus, changes to the COSO Framework could have implications for audits conducted in accordance with PCAOB standards. Also, changes to the COSO Framework could lead companies to make changes to their controls, their control documentation, or management's process for assessing the effectiveness of internal controls which, in turn, could affect the auditor's procedures regarding internal controls.
The SAG will discuss potential changes to the auditor's procedures regarding obtaining an understanding of internal controls or testing and evaluating internal controls in the financial statement audit or the audit of internal control over financial reporting resulting from the requirements of the updated COSO Framework. In addition, the advisory group will examine potential auditing challenges resulting from the transition from the existing COSO Framework to the updated framework, such as challenges with testing and evaluating companies' changes in controls; and changes in firm methodology or training of personnel regarding the firm's approach to internal controls. Further, SAG will discuss the possible need for additional PCAOB guidance or updates to PCAOB auditing standards regarding the auditor's responsibilities with respect to internal controls.
According to COSO, the enhancements to the Framework are not intended to alter the core principles of the Framework, but rather facilitate more robust discussion of internal controls. Concepts and guidance in the Framework will be refined to reflect the evolution of the operating environment and the changed expectations of regulators and other stakeholders. In addition, the enhancements are expected to consider more than financial reporting by considering ways to enrich the guidance on operations and compliance objectives.
COSO has engaged PwC to support its update of the Framework. As such, PwC will be working under COSO's direction in developing the updated Framework. COSO will conduct the update pursuant to rigorous due process. In order to ensure a broad representation of perspectives, COSO is forming an Advisory Council comprised of representatives from industry, academia, government agencies, and non profits to provide input as the project progresses. In addition, the updated Framework will be exposed for public comment. The initiative is expected to culminate in an updated internal control framework publication in 2012, the 20th anniversary of the initial Framework.