In October, the Public Company Accounting Oversight Board (PCAOB) issued for public comment a new auditing standard entitled, "An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements" referred to as the "Internal Control Standard." The Internal Control Standard was a result of Section 404 of the Sarbanes-Oxley Act (the "Act"), which directed the PCAOB to establish professional standards governing the independent auditor's attestation, and reporting on, management's assessment of the effectiveness of internal control. The Internal Control Standard addresses both the work that is required to audit internal control over financial reporting and the audit of the financial statements. The integrated audit results in two audit opinions: one on internal control over financial reporting and one on the financial statements. The Internal Control Standard is broad in scope and addresses many aspects of auditing internal control-from defining internal control over financial reporting, to specific guidance on testing. It is important to note that although this new standard has evolved out of the Act, it will also be applicable in other circumstances, such as reporting on controls for banks in accordance with FDICIA. Below is an overview of the Internal Control Standard.

The Audit of Internal Control Over Financial Reporting

A summary of the key provisions included in the Internal Control Standard is outlined below.

Internal Control Over Financial Reporting. In general, an internal control structure should be designed to establish reasonable assurance regarding the reliability of key processes such as in the areas of financial reporting, operating effectiveness, and compliance with laws and regulations. However, the sec's rules implementing Section 404 of the Act, and the proposed auditing standard, focus on those control objectives related to financial reporting. This subset of internal control is referred to in the standard as "Internal Control over Financial Reporting." Examples of financial reporting controls include company policies and procedures about financial reporting and the process for preparing financial statements in accordance with generally accepted accounting principles. It also includes processes that pertain to the maintenance of accounting records, the authorization of receipts and disbursements, and the safeguarding of assets.

In addition, the Internal Control Standard recognizes that the depth and extent of an internal control environment and related processes vary...