No. 2006-8

(January 2006)

SUBJECT: REPORTING ON A NON-ISSUER'S INTERNAL CONTROL OVER FINANCIAL REPORTING

PRONOUNCEMENT ANALYZED: Proposed AICPA Statement on Standards for Attestation Engagements (SSAE), Reporting on an Entity's Internal Control Over Financial Reporting

EFFECTIVE DATE: N/A (although it is proposed to be effective for engagements on which the subject matter or assertion is as of or for a period ending on or after December 15, 2006)

SUMMARY AND HIGHLIGHTS

THE PROPOSED AICPA STATEMENT ON STANDARDS FOR ATTESTATION ENGAGEMENTS (SSAE), REPORTING ON AN ENTITY'S INTERNAL CONTROL OVER FINANCIAL REPORTING, WOULD ESTABLISH ENHANCED STANDARDS FOR ATTESTATION ENGAGEMENTS TO REPORT ON THE INTERNAL CONTROL OVER FINANCIAL REPORTING OF NON-PUBLIC COMPANIES.

INTRODUCTION

The AICPA has proposed substantial revisions to the guidance in Chapter 5 of Statement on Standards for Attestation Engagements (SSAE) No. 10, Attestation Engagements: Revision and Recodification, as amended, in respect of engagements to report on the internal control over financial reporting of non-public entities (i.e., companies not subject to sec rules). The proposed SSAE, Reporting on an Entity's Internal Control Over Financial Reporting, represents a re-proposal of an exposure draft published in March 2003 (see Bulletin No. 2003-13), which would have established standards for audits of public companies that include both a financial statement audit and an audit of the entity's internal control over financial reporting. In March 2004, the PCAOB issued Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting in Conjunction with an Audit of Financial Statements. Because audits of public companies (referred to as "issuers") are subject to the standards of Auditing Standard No. 2, the previous exposure draft has been withdrawn and replaced by the current proposal that would be applicable only to attestation engagements to report on internal control over financial reporting of privately held entities (i.e., non-issuers). Note, however, that the revised standards would incorporate many of the concepts and guidance contained in Auditing Standard No. 2.

PROPOSED ATTESTATION STANDARDS

Following is a brief discussion of the main elements of the proposed SSAE.

Applicability

* The SSAE would apply only to internal control over an entity's financial reporting. Thus, it would not apply to engagements in respect of internal control over operations or internal control over compliance with laws and regulations (which engagements are coveted...