The SEC’s management guidance, rules, and the PCAOB’s new audit standard No. 5, have reformed the internal control reporting system by:
- Focusing the audit on the matters most important to internal control by directing the auditor to test the most important controls
- Adopting a flexible principles-based system reliant on professional judgment
- Eliminating the requirement that the auditor evaluate management’s process
- Scaling the audit for smaller companies
- Aligning SEC regulations with the PCAOB standard
- Eliminating the principal evidence provision to allow more reliance on the work of others
- Redefining material weakness upward
- Requiring audit committee pre-approval of non-audit internal control services
- Placing the main testing focus on entity or company level controls
- Requiring auditors to assess the risk of fraud when planning the audit
- Reducing the number of walkthroughs while preserving quality
- Integrating internal control and financial statement audits
- Requiring risk assessment at each of the decision points in a top-down approach
- Testing controls important to assessing the risk of financial statement misstatement
- Allowing a risk-based approach for auditing multiple corporate locations
- Allowing auditors to use knowledge obtained during past audits
- Refocusing internal controls to prevent material misstatements in financial statements