Full text

The Public Company Accounting Oversight Board (PCAOB) recently issued its new internal control standard, Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements. Auditing Standard No. 5 replaces the PCAOB's Auditing Standard No. 2 and affects the manner in which audits of internal control and financial statements are conducted. The adoption of Auditing Standard No. 5 was largely driven by the many comments the PCAOB received related to the implementation of Auditing Standard No. 2 and the associated costs incurred with these implementation efforts. The cost of implementation was of great concern to regulators who felt that the current levels of costs related to Auditing Standard No. 2 efforts "were not sustainable" and would be a burden for most, if not all, non-accelerated filers.1

Auditing Standard No. 5 reinforces the PCAOB's May 2005 guidance as to the need for external auditors to use a topdown, risk-based approach when performing an audit of internal control. Such an approach starts with tests of the control environment and an understanding of the financial statements. Based on the outcomes of these efforts, Auditing Standard No. 5 requires external auditors to identify significant accounts and processes to test based on the perceived risks of material misstatement associated with these accounts or processes.

While a top-down, risk-based approach is central to Auditing Standard No. 5's focus on what constitutes best practices in an audit of internal control, the added changes found in the standard are significant and need to be understood by those charged with overseeing the audit of the company's internal controls and financial statements. Generally, this responsibility falls on the audit committee and the internal audit staff.2

Auditing Standard No. 5 vs. Auditing Standard No. 2

Auditing Standard No. 5 focuses the audit of internal control on matters considered central to the issuance of reliable financial statements. As such, the standard emphasizes risk assessment and the linking of this assessment to the evidence obtained during the audit. Auditing Standard No. 5 also revises the definitions of "significant deficiency" and "material weakness," revises what...