Current SEC and PCAOB Developments

CPAs Called On to “Do the Right Thing”

By George I. Victor and Moshe S. Levitin

The AICPA’s annual national conference on current SEC developments held December 10–12, 2003, in Washington, D.C., was attended by over 2,000 participants from accounting firms, private industry, and government. Representatives from the SEC, Public Company Accounting Oversight Board (PCAOB), FASB, International Accounting Standards Board (IASB), and AICPA provided insight on many topics. The speakers’ overriding theme was the expectation and public perception that accounting and auditing professionals have a responsibility to “do the right thing.”

This article highlights the key presentations and discussions during that conference, updated for recent developments from the SEC and PCAOB.

AICPA’s Role in Transition

AICPA Chair S. Scott Voynich emphasized that although the accounting profession is experiencing significant change, CPAs’ commitment to integrity and to constantly improving audit quality should remain the same. Voynich discussed the AICPA’s antifraud initiatives and announced the establishment of the Special Committee on Enhanced Business Reporting.

The AICPA’s SEC Practice Section (SECPS) changed its name to the Center for Public Company Audit Firms, effective January 1, 2004. Except for inspection and disciplinary duties, the AICPA’s focus on serving member firms has not changed. The center will focus on the following:

  • Developing technical and educational information for SEC- and PCAOB-related developments for member firms;
  • Providing a forum for discussion of matters affecting public company audits, including comments on proposed rulemaking;
  • Acting as liaison to the SEC and PCAOB on behalf of member firms; and
  • Administering the peer review program applicable to member firms’ private company audit practices.

Public Company Accounting Oversight Board

The PCAOB is the private-sector nonprofit corporation created by the Sarbanes-Oxley Act to oversee the auditors of public companies, in the interest of investors. The PCAOB is also charged with promulgating auditing and related attestation and ethics standards for audits and reviews of public companies.

CPA firm registration and inspection. CPA firms that audit publicly held companies must register with and be subject to inspection by the PCAOB. Firms with 100 or more public company clients will undergo an annual inspection. All other firms will be subject to inspection once every three years. As part of his remarks about the PCAOB inspection program, PCAOB Chairman William McDonough warned accountants that “we will pry into your records and into your work habits,” while advising them to cooperate with the PCAOB in helping to restore investor confidence.

During the conference, PCAOB Director of Registration and Inspection George Diacont referred to the “Consent to Cooperate” agreement, a document signed by all registered U.S. firms. This document is a powerful tool for the PCAOB to obtain cooperation during the inspection process. Nonconformers are subject to stiff disciplinary action. Diacont emphasized the purpose of the inspection program, which is to determine how firms are complying with SEC and PCAOB requirements. The inspection team is obligated to report any violations to the PCAOB, and violations may also be reported to the SEC and state regulatory bodies.

On March 1, 2004, the AICPA issued a letter to the managing partners and contacts of the Center for Public Company Audit Firms member firms, indicating that the PCAOB had conducted limited procedures in connection with its inspections of the Big Four and had provided information relevant to what can be expected by the PCAOB in conducting its inspections. This letter also pointed out that the PCAOB has publicly acknowledged that significant differences exist among the various public company audit practices.

The inspection procedures highlighted in this letter (which can be found at include:

  • Evaluation of the firm’s “tone at the top”;
  • Partner evaluation, compensation, assignment of responsibilities, and discipline;
  • Independence implications of nonaudit services; business ventures, alliances, and arrangements; commissions and contingent fees;
  • Client acceptance and retention policies;
  • The firm’s internal inspection programs; and
  • Practices for the establishment and communication of audit policies, procedures, and methodologies, including training.

CPA firm ethics and independence. PCAOB Chief Auditor Douglas Carmichael emphasized that a professional has a special duty to society. He pointed out that, as professionals, CPAs must follow the spirit of the standards rather than try to find loopholes.

SAS 99. In October 2002, the AICPA’s Auditing Standards Board issued SAS 99, Consideration of Fraud in a Financial Statement Audit. SAS 99 is a significant step up from SAS 82, which shared the same title and which it supersedes. Key points of SAS 99 include the following:

  • Description and characteristics of fraud. Three conditions, known as the “fraud triangle,” generally are present when fraud occurs:
  • Incentives and pressures, which provide management or other employees with a reason to commit fraud;
  • Opportunity, which results from circumstances or conditions such as inadequate or ineffective internal controls. Absent these controls, management or other employees have the ability to commit fraud, often undetected; and
  • Attitude and rationalization. Those involved can often rationalize committing a fraudulent act to justify their ultimate purpose, which may be personal or related to management targets.
  • The importance of exercising professional skepticism. SAS 99 indicates that professional skepticism requires ongoing questioning of whether the information and evidence obtained suggests that a material misstatement due to fraud has occurred. When gathering and evaluating evidence, professional skepticism requires that the auditor not be satisfied with less than persuasive evidence.
  • Brainstorming, or discussion about the risks of material misstatement due to fraud. SAS 99 requires a discussion among the audit team members during the planning stage of how and where the entity’s financial statements might be susceptible to fraud.
  • Obtaining the information needed to identify risks of material misstatement due to fraud, by:
  • Inquiring of management and others about the risks of fraud;
  • Considering the results of analytical procedures performed in planning the audit;
  • Considering fraud risk factors; and
  • Considering other information that may be useful in identifying risks of fraud, such as information obtained during the brainstorming session, procedures related to the acceptance and continuation of clients, and reviews of interim financial statements.
  • Assessing the identified risks that may result in a material misstatement due to fraud, after considering an evaluation of the entity’s programs and controls.
  • Responding to the results of the assessment, which includes:
  • The overall effect on how the audit is conducted, such as the assignment and supervision of personnel, management’s selection and application of significant accounting principles, and the predictability of auditing procedures;
  • Identified risks that involve the nature, timing, and extent of auditing procedures to be performed. Examples include performing procedures on a surprise basis and interviewing personnel involved in activities in areas prone to fraud; and
  • The performance of certain procedures to address the risk of fraud involving management override of controls, such as examining journal entries and other adjustments for evidence of possible misstatement due to fraud. Specifically, SAS 99 indicates the auditor should understand the entity’s financial reporting process and controls over journal entries and other adjustments; identify and select journal entries and other adjustments for testing; determine the timing and extent of testing; and inquire about inappropriate or unusual activity relating to the processing of journal entries or other adjustments.
  • Evaluating audit evidence throughout the audit and considering whether the identified misstatements may be indicative of fraud.
  • Communicating about fraud with management, the audit committee, and others.
  • Documenting the consideration of fraud.

New PCAOB auditing standards. The Sarbanes-Oxley Act authorizes the PCAOB to establish auditing and related professional practice standards to be followed by accounting firms when auditing publicly held companies. To date, the PCAOB has finalized three auditing standards. At this writing, the SEC has approved PCAOB Auditing Standards 1 and 2. Standard 3 is expected to be approved shortly.

PCAOB Auditing Standard 1, References in Auditors’ Reports to the Standards of the Public Company Accounting Oversight Board, directs auditors of publicly held companies to state that the audit was conducted in accordance with “the standards of the Public Company Accounting Oversight Board (United States).” This requirement went into effect for audit reports issued on or after May 24, 2004.

PCAOB Auditing Standard 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements, addresses how to audit management’s assessment of the effectiveness of internal control, and requires that the audit of internal control be integrated with the financial statement audit.

The PCAOB identified 13 key provisions in this standard:

  • Evaluating management’s assessment.
  • Obtaining an understanding of internal control over financial reporting, including performing walkthroughs.
  • Identifying significant accounts and relevant assertions.
  • Testing and evaluating the effectiveness of the design of controls.
  • Testing operating effectiveness.
  • Timing of testing.
  • Using the work of others.
  • Evaluating the results of testing.
  • Identifying significant deficiencies.
  • Forming an opinion and reporting.
  • No disclosure of significant deficiencies.
  • Material weaknesses that result in adverse opinion on the financial statements.
  • Testing controls intended to prevent or detect fraud.

On June 9, 2004, the PCAOB issued Auditing Standard 3, Audit Documentation, to address what documentation auditors need to generate and retain in an audit and review engagement. Generally, workpapers, which must be retained for at least seven years, should include a record of professional judgments made, procedures performed, evidence obtained, and the basis for the conclusions reached in the auditor’s report. Any changes to workpapers must be made within 45 days after the report is released. After that time, no documentation may be deleted or discarded. Standard 3 will become effective for audits for fiscal years ending on or after the later of November 15, 2004, or 30 days after the SEC approves it. For quarterly reviews, the standard is effective beginning with the first quarter after the first year-end audit.

Management Reports on Internal Controls

Compliance dates. Subsequent to the conference, on February 24, 2004, the SEC announced a final rule, 33-8392, which extended the compliance dates for Sarbanes-Oxley section 404. An “accelerated filer” (defined below) must comply with the management report on internal control reporting requirement and the related registered public accounting firm audit and report requirement [Items 308(a) and (b) of Regulations S-K and S-B] for its first fiscal year ending on or after November 15, 2004. A nonaccelerated filer must comply with these requirements for its first fiscal year ending on or after July 15, 2005. A foreign private issuer that files its annual report on Form 20-F or 40-F must comply with the corresponding requirements for its first fiscal year ending on or after July 15, 2005.

Observations made by PCAOB staff. One of the most important components of a company’s internal control environment is its audit committee. Section 404 requires auditors to evaluate certain factors relating to the effectiveness of the audit committee. Contrary to some concerns by auditors, the PCAOB does not believe a conflict of interest exists for auditors in this area. In addition, auditors must perform walkthrough tests for all significant processes and transaction types. This is a significant component of the audit process and must be performed only by the auditor. It cannot be delegated to internal auditors or other client personnel.

Observations made by SEC staff. Management’s documentation and testing of internal controls needs to be more extensive than the independent auditor’s testing; otherwise, management will have difficulty supporting its assessment of the effectiveness of internal controls over financial reporting. Management can consider various alternatives in deciding who can document and perform these tests in addition to its internal accounting staff, such as internal auditors, other departments within the organization, and outside consultants—as long as the consultants are not the independent auditors. Management also must be aware that, irrespective of who does the documentation or testing, the assessment is ultimately management’s responsibility.

Disclosures of changes in controls. Internal control over financial reporting is an integral component of disclosure controls and procedures. Some companies have established disclosure committees to ensure compliance with company policy and applicable accounting pronouncements. The disclosure committee can be a significant aid to officers in certifying to their company’s financial statements, as well as in providing assertions about the effectiveness of internal control.

In going through the assessment and documentation process, companies should thoroughly document the assessment in order to provide a sound basis for the company’s conclusions and assertions. All relevant evidential matter should be retained for reference (and for examination by the independent auditor).

Changes to the originally proposed PCAOB Standard 2 on internal control. Changes in the final PCAOB Standard 2 include providing more flexibility by requiring auditors to test significant controls only. Another change limited the scope of walkthroughs to major categories of transactions that are subject to different controls.

Despite its controversial nature, the requirement that auditors judge the effectiveness of audit committee members remained unchanged in the final rule. The final standard requires that whenever auditors find problems with audit committees, auditors must report them to the board of directors.

Foreign auditing firms. Because the provisions of the Sarbanes-Oxley Act also apply to accounting firms located outside the United States that audit U.S. public companies, those firms are required to register with the PCAOB. The PCAOB, however, gave non-U.S. firms until July 19, 2004, to register. As of this writing, 1,232 accounting firms have registered or have registrations pending with the PCAOB; 392 of these firms are located outside the United States.

In June 2004, the PCAOB stated (Release 2004-005) that in certain situations it may rely on the oversight, inspections, investigations, or sanctions conducted or imposed by a non-U.S. authority on a registered non-U.S. accounting firm. Among other requirements, the non-U.S. firm must submit to the PCAOB a written statement signed by an authorized partner or officer of the firm certifying that the firm seeks such reliance. As with all PCAOB rulemaking, this rule will become effective upon formal SEC approval.

Corporate Governance

The conference reflected the increased emphasis on auditor communications with the audit committee. Auditors must conduct candid and forthright discussions on critical issues with members of the audit committee. Auditors are also required to report any known or possible issues concerning management to the audit committee.

The audit committee has the responsibility to hire, compensate, and retain the company’s independent auditor. It must pre-approve all audit and nonaudit services to be performed by the auditor. It must oversee the independent auditor’s work, and attempt to resolve any disagreements between the auditor and management over financial reporting. It has the authority to hire its own independent counsel and other advisers, whom the company would be required to compensate. The audit committee also has responsibility for establishing procedures for confidential, anonymous submission by employees of concerns about questionable accounting or auditing practices, commonly called “whistle-blowing.”

SEC Revamps Form 8-K

In response to the Sarbanes-Oxley Act’s call for more timely corporate disclosure, the SEC substantially revised Form 8-K in March 2004 to expand the number of events that are reportable on the form and to shorten the filing deadline for most items. The new form and filing deadlines were effective on August 23, 2004. A company that filed a Form 8-K prior to August 23, 2004, and must file an amended Form 8-K after that date, should use the new item number but should also refer to the old item number. Generally, the revisions are as follows:

  • The deadline has been shortened to within four business days of a triggering event (except for disclosures under Regulation FD, voluntary disclosures, and certain exhibits);
  • The form was reorganized into topical “sections”;
  • The number of reportable events was expanded from 12 to 22; and
  • A limited safe harbor from liability was adopted for failure to file certain of the required Form 8-K reports.

Financial Reporting Issues

Segment reporting. Paragraph 17 of SFAS 131, Disclosures About Segments of an Enterprise and Related Information (and Q&A 131, Segment Information; Guidance on Applying Statement 131, No. 8), requires aggregated segments to meet five specific criteria and to have similar economic characteristics that, considered together, would lead to similar long-term financial performance. The staff emphasized that although gross margin may be considered, it is only one indicator, and it may not always be the best measure of economic similarity. All relevant facts and circumstances about the segments must be evaluated.

Valuation and impairment. SEC staff noted that determining other-than-temporary impairments can be difficult, involving much judgment and subjectivity. The staff noted that a sale in a depressed market does not necessarily equate to a distressed sale. To determine fair value, independent appraisals may be used, but the appraisal method must be used consistently and cannot be changed without justification. If the method is changed, its bearing on future reporting, if material, must be disclosed in Management’s Discussion and Analysis (MD&A).

Accelerated filings. A byproduct of the Sarbanes-Oxley Act, accelerated filing rules are effective this year for calendar year-end registrants. These rules considerably shorten the number of days for a corporation to file its periodic reports with the SEC after the close of the company’s year-end or quarter-end. The reduced filing time is being phased in over a three-year period, and will decrease from 90 to 75 to 60 days for Form 10-K filings, and from 45 to 40 to 35 days for Form 10-Q filings. Filing deadlines in 2004 and 2005 for accelerated filers are shown in the Exhibit.

An accelerated filer is a registrant that meets the following conditions at the end of its fiscal year:

  • Its common equity public float was $75 million or more as of the last business day of its most recently completed second fiscal quarter;
  • It has been subject to the Exchange Act reporting requirements for at least 12 months;
  • It has previously filed at least one annual report; and
  • It is ineligible to use Forms 10-KSB and 10-QSB.

The public float amount is required to be disclosed by each filer (including accelerated filers) on the cover page of Form 10-K. A filer that needs to amend a Form 10-K cover page should file a Form 10-K/A with a new cover page, new signature page, and Sarbanes-Oxley section 302 certifications (Items 1 and 2 only).

A company that becomes an accelerated filer remains one unless it subsequently becomes a small business (SB) issuer. An entity becomes a small business issuer when its public float and revenues fall below $25 million at the end of two consecutive years. Small business issuers are exempt from the accelerated filer rules even if they file on Forms 10-K and 10-Q.

Financial statements of an accelerated filer that files a registration statement under the 1933 Securities Act would be considered “stale” and must be updated within 130 days. Financial statements of a nonaccelerated filer would not be considered stale until 135 days. The same rules apply to acquired companies included in a registration statement.

Management’s Discussion and Analysis

MD&A is required in virtually all periodic filings. MD&A is not covered by the independent auditor’s report; however, an independent auditor is responsible for reading the MD&A and should be satisfied that the information therein is clear and complete. MD&A discusses trends and uncertainties related to a company’s cash flow, capital resources, and results of operations. Unusual and infrequent events and transactions that can have a material favorable or unfavorable impact on the company must also be discussed.

The SEC has been dissatisfied with MD&As in filed reports and wants better disclosures. The staff seeks to improve the quality of MD&A disclosures by strictly enforcing current MD&A rules and issuing new rules in the form of interpretive releases. (The SEC’s latest interpretative release on MD&A was released on December 17, 2003.) The SEC staff believes that MD&As should provide the following:

  • Transparency. Investors should be able to see the company through the eyes of management, and have enough information to ascertain whether or not past performance is indicative of the future.
  • Proper format. Immaterial information should be eliminated, and important information should be presented first.
  • Known trends, unusual or infrequent events, demands or commitments, and known uncertainties.
  • A senior management perspective on what really concerns them about the business.
  • An understanding of what makes this company tick, from the perspective of management.

Disposals and Combinations

Discontinued operations. The SEC staff wants registrants to consider disclosing in MD&A the circumstances leading to discontinued operations, as well as the related effects on continuing business. Disclosures should include the following:

  • Revenues, costs, margins from continuing operations, and trends;
  • Contingencies, commitments, or any continuing involvement with discontinued operations;
  • Forward-looking information, such as the expected impact on business and financial condition; and
  • The likely effect on continuing business.

Business combinations. The SEC staff stated that all intangible assets must be identified in the purchase price allocation for business combination disclosures. Goodwill is equal to the excess of purchase price over net amounts assigned to assets acquired and liabilities assumed. The staff noted that it would be inappropriate to separately value certain elements of goodwill and allocate any residual to identifiable intangible assets. Any reclassification or adjustment would be a correction of an error retroactive to the date that SFAS 141, Business Combinations, and SFAS 142, Goodwill and Other Intangible Assets, were adopted.

The SEC staff said that, in the past, intangibles such as FCC licenses have generally been amortized over a 15-to-20-year period, and ordinarily do not have indefinite lives.

Variable interest entities. The SEC staff discussed whether a Form 8-K would be required for variable interest entities (VIE) that are consolidated upon the initial adoption of SFAS 46, Consolidation of Variable Interest Entities. The staff indicated that a Form 8-K would not be required in such situations.

Non-GAAP Financial Measures

The SEC staff urged registrants to explain why a non-GAAP financial measure is useful information, especially if the non-GAAP financial measure excludes a recurring item. If a recurring item is eliminated in the non-GAAP measure, the following items should be disclosed:

  • The manner in which management uses the non-GAAP measure to conduct or evaluate its business;
  • The economic substance behind management’s decision to use such measures;
  • The reasons why management believes the non-GAAP measure is useful information; and
  • Any material limitations associated with the measure, and how management compensates for those limitations.

For example, if a registrant presents a non-GAAP measure such as EBITDA (earnings before income taxes, depreciation, and amortization), it must discuss the limitations of that measure and how management compensates for excluding depreciation and amortization.

George I. Victor, CPA, is director of quality control at Reminick Aarons & Company LLP, in New York City; he is also chair of the NYSSCPA’s SEC Practice Committee and a member of its Auditing Standards and Procedures Committee.
Moshe S. Levitin, CPA, is director of the SEC practice group at Lazar Levine & Felix LLP, in New York City and New Jersey, and a member of the NYSSCPA’s SEC Practice and Litigation Services committees.