(The news featured below is a selection from the news covered in Federal Securities Law Reporter, which is distributed to subscribers of Federal Securities Law Reporter.)

PCAOB Issues Guidance for Auditors of Smaller Public Companies

The Public Company Accounting Oversight Board has issued staff guidance to assist auditors of smaller public companies in their audits of internal control over financial reporting. The guidance was developed with the assistance of auditors that have experience in working with smaller public companies with less complex audit environments. The guidance may be relied upon immediately, but the PCAOB is also seeking comments on its preliminary staff views until December 17, 2007.

When the PCAOB adopted Auditing Standard No. 5, one of its objectives was to enable auditors to scale the audits for smaller and less complex companies. Many smaller companies have fewer business lines and less complex financial reporting systems. Senior management is frequently more involved in the company's daily activities and typically there are fewer levels of management.

The extensive involvement of management may increase the risk of management override of internal controls. Smaller companies also may be more reliant on outside professionals to meet their financial reporting requirements. They may provide less formal documentation with respect to their internal controls. The guidance notes that smaller companies can be particularly affected by ineffective entity-level controls.

In considering which controls to test, the PCAOB suggests that auditors consider whether a given control is likely to be effective and any evidence about the operation of the control. Entity level controls have a pervasive effect on a company's internal control, so auditors must assess whether a control is designed and operating effectively enough to prevent or detect material misstatements. The precision of the entity-level controls will help determine the degree to which auditors may reduce their testing.

In order to assess the risk of management override, the PCAOB suggests that auditors discuss fraud risks with the engagement team and obtain the views of management, the audit committee and others. Among the actions a company can take to reduce the risk of management override is to have a code of conduct or an ethics policy and make sure that employees are informed of the company's policies.

An active and independent audit committee can evaluate the risk of management override. The guidance suggests that auditors interview audit committee members to determine their level of involvement and their activities related to the risk of management override. A whistleblower program may also be beneficial, especially if the audit committee reviews any significant matters that are reported.

Since smaller public companies have fewer employees, they may not segregate certain incompatible functions. Those issues should be identified early in the audit process in order to design procedures that are responsive to those risks. The information technology controls may also pose a significant risk of misstatement.

Small company auditors need to assess management's competency in identifying relevant financial reporting issues and ensuring that events and transactions are accounted for properly. The financial reporting personnel do not need to be experts in accounting and financial reporting, but must be sufficiently competent to identify and address the risks of a misstatement.

Smaller companies may be more likely to have pervasive control deficiencies, which poses challenges for auditors. In order to express an unqualified opinion on internal control, a company with material weaknesses must remediate all of them early enough in the year for the auditor to obtain sufficient evidence to support its opinion. The guidance notes that some companies may have pervasive control deficiencies but still have effective controls over some relevant assertions.

Pervasive deficiencies in internal control do not necessarily prevent an auditor from obtaining sufficient audit evidence to express an opinion, according to the guidance. However, in some cases, an auditor may conclude that the lack of evidence constitutes a scope limitation that would prevent him or her from expressing an opinion. The auditor may issue a report disclaiming an opinion on internal control if he or she concludes that a scope limitation will prevent him or her from obtaining the reasonable assurance necessary to express an opinion. In that case, the auditor's report should disclaim an opinion on internal control and disclose the reasons for the disclaimer. The report should include the material weaknesses of which the auditor is aware.