Date post: | 27-Mar-2015 |
Category: |
Documents |
Upload: | aaliyah-pope |
View: | 216 times |
Download: | 2 times |
1
Implications of the Sarbanes-Oxley Act on the Public Sector
2005 NASACT Annual ConferenceAugust 15, 2005
Gail Flister VallieresU.S. Government Accountability Office
2
Integrity and Trust in Government
• Without integrity and trust, governments, institutions and leaders cannot succeed.
• With trust, governments, institutions and leaders can achieve great things.
• “Getting it right” with regard internal control and accountability will be critical to achieving and maintaining the public’s trust in government.
3
Current Government Environment
• continually increasing demands for government effectiveness and accountability
• fiscal pressures, increasing costs, structural deficit
• financial and performance reporting pressures and incentives
• changing laws and regulations
• changing demographics
• ability to hire and retain skilled staff
• control environment/ risk assessment
4
Sarbanes-Oxley Act of 2002
Instituted sweeping changes for accountability profession and corporate governance in the following areas:
oversight of the auditing profession
auditor independence
corporate responsibility
enhanced financial disclosure requirements (including internal control reporting)
5
Sarbanes-Oxley Act of 2002
Instituted sweeping changes for accountability profession and corporate governance in the following areas:
oversight of the auditing profession
auditor independence
corporate responsibility
enhanced financial disclosure requirements (including internal control reporting)
6
Sarbanes-Oxley Act Audit Profession Oversight
Creation of Public Company Accounting Oversight Board (PCAOB). Principal duties:
establish or adopt standards for public company audits
enforce compliance with standards and the Act
inspect and register public accounting firms
conduct investigations of firms and disciplinary proceedings
impose sanctions
7
Sarbanes-Oxley Act Impact on U.S. Auditing Standards
Three US Auditing Standards-Setting Organizations Public Company Accounting Oversight Board (PCAOB)Audits of publicly traded companies
Auditing Standards Board (ASB) of the AICPA Privately held companies Not-for-profit organizations
U.S. Government Accountability Office Federal, state, local governments Not-for-profit organizations receiving federal funding
8
Sarbanes-Oxley Act: Impact on U.S. Auditing Standards
Comptroller General established the “U.S. Auditing Standards Coordinating Forum”
PCAOB, GAO, ASB
Three principals meet several times a year.
Key staff coordinate regularly to implement agenda.
Rotating chair, based on who is hosting the meeting.
Still defining role for IAASB
9
Sarbanes-Oxley Act Impact on U.S. Auditing Standards
Purpose of U.S. Auditing Standards Coordinating Forum
maximize complementary standards-setting agendas
minimize duplicative or competing efforts
identify any significant gaps not being addressed
develop strategies for overcoming challenges and barriers to modernizing the auditing profession in the U.S.
assure consistency where appropriate for core auditing standards, while seeking to modernize those standards
10
Sarbanes-Oxley Act Auditor Independence
It is now unlawful for a registered accounting firm to provide certain nonaudit services to audit clients,
including:
accounting and bookkeeping services
financial information systems design and implementation
appraisal, valuation, and actuarial services,
internal audit outsourcing services management or human resources functions
All other nonaudit services provided to audit clients require prior audit committee approval
11
Sarbanes Oxley Act Auditor Independence
An accounting firm is not allowed to perform an audit of a registrant whose key financial or management personnel were employed by that accounting firm and participated in the audit within one year of the current audit.
The auditor must report to the audit committee all “critical accounting policies and practices” used in preparing financial statements
The lead audit, concurring and reviewing partners must rotate every 5 years.
12
Auditor Independence Implications for Government
Yellow Book independence standards became effective in 2003
Auditor communications with audit committees.
Audit Partner Rotation– no related government requirement.
Employment restrictions–watch for situations that could result in appearance of independence problems under current Yellow Book independence standards.
13
Sarbanes Oxley Act Corporate Responsibility
New Requirements for Audit Committees
Members must be on the Board of Directors and be “independent”
Responsible for the appointment, compensation, and oversight of the auditor
The auditor must report to the audit committee all “critical accounting policies and practices” used in preparing financial statements
Must be appropriately funded by the company
14
Sarbanes Oxley Act Corporate Responsibility
Other Corporate Responsibility Requirements
The CEO and CFO must certify that financial statements and disclosures are appropriate and fairly present, in all material respects, the operations and financial condition of the company.
Unlawful for officers and directors to “fraudulently influence, coerce, manipulate, or mislead” the auditor
15
Corporate Responsibility Implications for Government Auditors and financial professionals should evaluate
whether implementing an audit committee or similar type of committee would enhance governance
Auditors should encourage good governance practices within the entities they audit.
CFO and CEO Certification of financial results—Does top management understand and care about what is in the financial statements?
Auditors: watch for reporting pressures and improper management on audit or reporting results.
16
Sarbanes-Oxley Act Section 404: Internal Control
Management is required to establish and maintain adequate internal control structure and procedures for financial reporting
Include in the annual report a statement of management’s responsibility for and management’s assessment of the effectiveness of those controls.
The company’s auditors are required to attest to and report on management’s assessment of the effectiveness of internal control over financial reporting.
17
Sarbanes-Oxley Act Section 404: Internal Control
PCAOB Auditing Standard No 2: “Audit of Internal Control over Financial Reporting in conjunction with
Audit of Financial Statements”
Requires auditor opinions oninternal control effectiveness management’s assessment of internal control
effectiveness
Internal control audit must be performed in conjunction with financial statement audit
18
Sarbanes-Oxley Act Section 404: Internal Control
PCAOB Auditing Standard No 2 (cont):
Requires walkthroughs for each major transaction class
Limits on rotation testing of controls
Limits on reliance on work of others
New, more rigorous definitions of material weakness and significant deficiency (formerly reportable condition)
19
Federal Gov’t Internal Control Requirements—FMFIA/OMB A-123
• Federal Financial Managers Financial Integrity Act of 1982 (FMFIA) establishes overall requirements for internal control in federal agencies. The agency head must establish controls that reasonable ensure that
• Obligations and costs are in compliance with applicable law
• Funds, property, and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation, and
• Revenues and expenditures applicable to agency operations are properly recorded and accounted for
20
Federal Gov’t Internal Control Requirements—FMFIA/OMB A-123
• Office of Management and Budget (OMB) Circular A-123, “Management Accountability and Control”
• Implements FMFIA• covers all aspects of an agencies operations (programmatic,
financial, and compliance)
• Over the years, OMB Circular A-123, has broadened these requirements to include controls over all aspects of an agency’s operations.
• Latest update (December 2004) provides updated internal control standards (incorporating the COSO elements) and new specific requirements for conducting management’s assessment of the effectiveness of internal control
21
Federal Gov’t Internal Control Requirements—FMFIA/OMB A-123
• December 2004, revised OMB Circular A-123 requires
• annual management assurances on internal control in Performance and Accountability Report.
• separate assurance on internal control over financial reporting using the COSO elements (for the 24 CFO-Act agencies)
• identification of material weaknesses, non-conformances, and corrective actions.
• Revised A-123 does not require audit of internal control over financial reporting
• GAO supported the revised A-123 in recent testimony before House Government Reform Subcommittee on Government Management. (GAO-05-321T, Feb. 16, 2005)
22
Federal Gov’t Internal Control Requirements—FMFIA/OMB A-123
GAO Identified six critical implementation issues
1. Need for supplemental guidance and implementation tools
2. The following objectives covered by the Circular will require special attention– (1) achieving effective and efficient operations, and (2) complying with laws and regulations.
3. Managers throughout an agency need to provide strong support for internal control.
4. Agencies need to strike a balance between costs and benefits, while achieving an appropriate level of internal control.
5. Management testing of controls is essential to determine their soundness, whether they are being adhered to, and whether corrective action is necessary.
6. Personal accountability will be essential, starting with top agency management and cascading throughout the organization.
23
Federal Gov’t Internal Control Requirements—FMFIA/OMB A-123
GAO Views on the next steps– auditor opinions on internal control--
• Auditor opinions on internal control over financial reporting is an important component of monitoring risk management and accountability systems.
• Need to determine if management has assessed internal control and has a firm basis for its assertion over effectiveness before attempting to audit internal control over financial reporting.
24
Internal Control ReportingGetting Started
• Does management have a credible basis for a conclusion about the effectiveness of internal control over financial reporting?
• What is the level of maturity of the internal control systems in place for financial reporting?
• What are the associated risks?
• What is the targeted level of maturity for internal controls?
• Small, simple entities vs. large, complex entities
• What are benefits and cost of an audit of internal control, given where the entity is in the process?
25
Internal Control ReportingGetting Started
Level 1: Unreliable• Unpredictable environment • controls not designed, in
place
Level 2: Informal• controls designed, in place • not adequately documented• mostly dependent on the
individuals doing the function
• no formal training or communication of results
Internal controls maturityframework:
Level 3: Standardized•controls in place, documented, and communicated to employees•deviations may not be detected
Level 4: Monitored•standardized controls with periodic testing for effective design and operation, reporting to management
Level 5: Optimized•integrated internal control framework• real-time monitoring by management with continuous improvement•automation to support controls and make rapid changes to controls if needed
•Source: Pricewaterhousecoopers, The Sarbanes-Oxley Act of 2002: Strategies for Meeting New Internal Control Reporting Challenges: A White Paper, 2002
26
Sarbanes-Oxley Act Implementation:What We Have Learned and Future Directions
• The Sarbanes-Oxley Act reforms are sound and necessary
• Reforms have improved governance and management, including the involvement of the board, audit committees, and top management in financial reporting and internal control issues.
• Implementing section 404 has been challenging due to:
• The amount and nature of internal control work performed in the past
• Extensive audit work being performed due to real and/or perceived lack of flexibility in PCAOB Auditing Standard No. 2
• Significant first-year implementation efforts
27
Sarbanes-Oxley Act Implementation:What We Have Learned and Future Directions
• GAO strongly supports the concepts behind section 404. However, we believe that economies and efficiencies can be gained in the process through:
• Auditor and management efficiencies and streamlining in the second year and beyond.
• Better integration of the financial and internal control audit.
• Additional PCAOB and SEC guidance that provides for a risk-based approach using reasoned risk and experience-based auditor judgments in areas such as rotation of testing and additional flexibility in using the work of others (similar to the approach in GAO’s Financial Audit Manual).
• Ongoing feedback from the PCAOB inspection process
28
GAO Technical Assistance
The Yellow Book is available on GAO’s website at:
www.gao.gov/govaud/ybk01.htm
For technical assistance, contact us at
29
Contact Information
Gail Flister VallieresFinancial Management & AssuranceU.S. Government Accountability Office(202) 512-9370 [email protected]