As we blogged about (or perhaps nagged about), in our last post it is never too soon to start planning for year-end. That post suggested some proactive steps to avoiding some commonly occurring problems in the statement of cash flows. In this post we will discuss another frequently problematic issue, the annual management’s assessment and external audit of ICFR. It is likely an understatement to say that in recent years there has been substantial change in how management assesses and auditor’s audit ICFR. Areas such as management review controls, how to use system generated information, what are appropriate scopes for testing and how to evaluate whether a control deficiency is a material weakness are all in play.
In our annual reporting process it makes sense to get out in front of these issues!
Here are two resources that we hope can help in your ICFR evaluation and auditing process.
- In our August 5, 2016 PLI Smartbrief (you can learn more and sign-up to receive the SmartBrief here) we referenced an Accounting Web article about a Protiviti SOX Compliance survey. The findings can help inform your own SOX planning and the evolution of your ICFR. According to the survey SOX related audit costs are generally increasing. Here is a telling quote from the executive summary:
“Sarbanes-Oxley compliance once was thought to be a relatively stable, predictable process that organizations could rely on to be routine and, for the most part, static. Yet market and regulatory changes continue to make this a more dynamic process, with costs and hours continuing to rise for many organizations. The good news is that more organizations are recognizing the benefits of their compliance efforts through improved internal control structures and business processes.”
- The PCAOB has published a helpful resource in planning your SOX ICFR evaluation and audit. In their most recent Staff Inspection Brief they discuss the plan, scope and objectives for the coming cycle of inspections. As expected ICFR is one of the points of focus:
“During the 2016 inspection cycle, Inspections staff will, among other things, consider the sufficiency of auditors’ procedures performed to identify, test and evaluate controls that address the auditors’ assessed risk of material misstatement, and auditors’ testing of controls that contain a review element. “
As always, your thoughts and comments are welcome!