(The news featured below is a selection from the news covered in Federal Securities Law Reporter, which is distributed to subscribers of Federal Securities Law Reporter.)

PCAOB Issues Policy Statement on the Implementation of Auditing Standard No. 2

The Public Company Accounting Oversight Board has issued a policy statement on the implementation of Auditing Standard No. 2 to clarify concerns that have been raised about the costs and implementation of the standard. At the same time, the PCAOB published a series of additional questions and answers related to the standard that address misimpressions about the manner in which the standard must be applied. The policy statement, which was unanimously approved by the five board members, notes that a failure to apply the concepts of the policy may reflect poor audit planning and result in unnecessary costs.

The policy statement outlines the board's view that the proper planning and performance of an effective audit under the standard requires an integration of the audits of internal control with the audits of the client's financial statements. The evidence obtained and the tests conducted in either audit will contribute to the completion of both audits. Second, the board emphasized the importance of exercising judgment to plan an audit that fits the client rather than using a checklist that may not sufficiently address high risk areas.

The board advised auditors to use a top-down approach to the audit that begins with company-level controls to identify accounts and processes that are relevant to internal controls over financial reporting. Auditors should apply risk assessment measures to focus on areas more likely to result in material misstatements. The board reminds auditors that the standard provides significant flexibility to rely on the work of others. The policy statement also makes clear that auditors may and should communicate with their clients on accounting and internal control issues before their clients make a decision, implement their internal control processes or finalize their financial reports.

The board acknowledges that the costs of implementing Section 404 have been too high and must be reduced in future years. Some of the costs are attributable to first-year startup costs, but the board is also concerned that auditors are not taking advantage of the standard's flexibility that could reduce costs without sacrificing quality.

Integrated Audits

The policy statement explains that an integrated audit combines the audit of internal control over financial reporting with the audit of the financial statements to achieve the objectives of both audits with a single coordinated process. The examination of internal control is validated by the findings in the audit of the financial statements. In addition, the findings and conclusions reached during the audit of internal control help to plan and conduct the procedures for determining whether the financial statements are fairly presented. The integrated audit is more cost-effective than performing two separate audits, according to the board. The failure to integrate the audits wastes resources and jeopardizes the quality of the overall audit by potentially leading to the failure to detect key issues that could implicate an accounting or reporting problem, in the board's view.

Professional Judgment

The board is disappointed by reports of auditors that have applied a checklist rather than tailoring an audit plan to their client in the first year of Section 404 and audit standard implementation. One-size-fits-all audit plans do not address the unique issues and risks of a particular client's financial reporting processes, the board advised. In addition, standardized checklists may lead auditors to focus on controls in low-risk areas rather than on areas that pose higher risks of misstatement.

Top-Down Approach

The top-down approach focuses the auditor on the company-level controls and significant accounts, which then lead to significant processes and, finally, individual controls at the process, transaction or application levels. This approach also provides a roadmap through the internal control system, the board explained, to ensure that the individual controls that are selected for testing are relevant to internal controls over financial reporting. A risk-based approach to the testing strategy can also reduce costs and increase audit effectiveness, according to the board. An auditor may not rely solely on testing company-level controls, but strong company level controls would enable the auditor to do less work and to rely to a greater extent on the work of others.

Using the Work of Others

Using the work of others is not only appropriate, but is also the most efficient way to perform an audit, the board advised. To redo another's work may unnecessarily increase costs without providing an increase in audit quality. The board is concerned that auditors are not using the flexibility provided by the audit standard because of the standard's requirement that the external auditor must obtain the principal evidence to support the opinion on the effectiveness of internal control. The policy statement makes clear that these provisions are not in conflict and that the principal evidence provision requires the auditor to perform sufficient auditing to reach his or her own independent opinion. The auditor should perform more work in high risk areas and rely on the use of others in lower risk areas. The board believes that by following the risk-based principles regarding the use of the work of others, auditors will obtain the principal evidence needed to support their opinions.

Advice to Audit Clients

The board advised that auditors' unwillingness to provide accounting advice to their audit clients or to encourage their clients to finish their assessments of internal control and their financial statements before the auditor begins audit work, is neither necessary nor advisable. The board said that auditors must use professional judgment and common sense when providing advice. Where management makes its own decisions on the accounting principles to apply, the auditor may discuss the meaning and significance of those principles.

The board added that audit clients may share draft financial statements with their auditors. This form of information sharing is needed, in the board's view. The auditor should be concerned in instances where a company has completed its financial statements without recognizing a potential material misstatement, according to the board.

Auditors also may provide technical advice on the proper application of GAAP, including suggestions for improving the disclosure and financial statement quality of their audit clients. Management may also discuss preliminary drafts of accounting research memos, spreadsheets and other working papers to obtain the auditor's views on the assumptions and methods selected by management. The board suggested timely and open oral communications on these matters.

Management may also seek the auditor's assistance in determining the proper accounting for a transaction. The auditor can explain how the accounting principles apply to the transaction and review management's preliminary conclusions, according to the board.

Board Approach

The PCAOB intends to use the upcoming inspections to evaluate how firms conducted the first round of audits under the audit standard. The inspections should result in improvements in the effectiveness and efficiency of audits of internal control by identifying poor planning and risk assessment. The inspectors will also identify audits that have not applied the approaches described by the policy statement and will ask auditors to justify their decisions and how their audit plan met the objectives of the audit standard. The staff will not require auditors to reduce their costs and will not focus narrowly on technical compliance. The staff will not second-guess good faith audit judgments, according to the board. However, if an audit does not reflect the use of professional judgment to asses the risks of the audit client, the staff will not hesitate to demand changes to the auditor's approach to implementing the standard.

The policy statement will be published in a forthcoming Report.