As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - PCAOB vs AICPA exposure drafts
Posted: Thu Mar 31, 2005 4:55 pm Post subject: PCAOB vs AICPA exposure drafts
It has come to my attention that the AICPA is still putting out exposure drafts. I thought that they no longer had the power to do this. Are these new drafts still GAAS? Does PCAOB, have to approve them first or is the AICPA turning into a PCAOB lobbiest.
Does any one know were I can find the PCAOB rules on this
But as for generally accepted Auditing standards, the PCAOB is most certainly in the picture. As per p12 of the PCAOB's 2003 annual report (www.pcaobus.org/About_Us/Annual_Reports/2004.pdf):
The [PCAOB's auditing] standard supersedes previous standards that required references to “generally accepted auditing standards,” “U.S. generally accepted auditing standards,” “auditing standards generally accepted in the United States of America,” and “standards established by the AICPA.” The standard was approved by the Securities and Exchange Commission on May 14, 2004, and became effective on May 24, 2004.
As an AICPA outsider I may be way off-beam on this, but I infer that the auditing standards promulgated by the AICPA as best practice in the past are now subordinate to the PCAOB's legally-enforceable standards - the AICPA retaining considerable influence as expert advisers, doubtless, but with no ultimate authority.
Joined: Nov 25, 2004 Posts: 787 Location: London, UK
Posted: Fri Apr 01, 2005 3:29 am Post subject:
From the AICPA site:
How the Sarbanes-Oxley Act of 2002 Impacts the Accounting Profession
On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 2002. The Act-which applies in general to publicly held companies and their audit firms-dramatically affects the accounting profession and impacts not just the largest accounting firms, but any CPA actively working as an auditor of, or for, a publicly traded company. The basic implications of the Act for accountants are summarized below.
Public Company Accounting Oversight Board.Moving to a different private sector regulatory structure, a new Public Company Accounting Oversight Board (the Board) will be appointed and overseen by the SEC. The Board, made up of five full-time members, will oversee and investigate the audits and auditors of public companies, and sanction both firms and individuals for violations of laws, regulations and rules.
Board Composition.Two of the five Board members must be or must have been CPAs. The remaining three must not be and cannot have been CPAs. The Chair may be held by one of the CPA members, but he or she must not have practiced accounting during the five years preceding his/her appointment.
Funding. The Board will be funded by public companies through mandatory fees. Accounting firms that audit public companies must register with the Board ("registered firm"), and pay registration and annual fees.
Standard Setting. The Board will issue standards or adopt standards set by other groups or organizations, for audit firm quality controls for the audits of public companies. These standards include: auditing and related attestation, quality control, ethics, independence and "other standards necessary to protect the public interest." The Board has the authority to set and enforce audit and quality control standards for public company audits.
Investigative and Disciplinary Authority. The Board is empowered to regularly inspect registered accounting firms' operations and will investigate potential violations of securities laws, standards, competency and conduct. Sanctions may be imposed for non-cooperation, violations, or failure to supervise a partner or employee in a registered accounting firm. These include revocation or suspension of an accounting firm's registration, prohibition from auditing public companies, and imposition of civil penalties. During investigations, the Board can require testimony or document production from the registered accounting firm, or request information from relevant persons outside the firm. Investigations can be referred to the SEC, or with the SEC's approval, to the Department of Justice, state attorneys general or state boards of accountancy under certain circumstances.
International Authority. Foreign accounting firms that "prepare or furnish" an audit report involving U.S. registrants will be subject to the authority of the Board. Additionally, if a registered U.S. accounting firm relies on the opinion of a foreign accounting firm, the foreign firm's audit workpapers must be supplied upon request to the Board or the Commission.
New Roles for Audit Committees and Auditors. The relationship between accounting firms and their publicly held audit clients is different under the new law. The basic implications are outlined below.
Auditors Report to Audit Committee. Now, auditors will report to and be overseen by a company's audit committee, not management.
Audit Committees Must Approve All Services. Audit committees must preapprove all services (both audit and non-audit services not specifically prohibited) provided by its auditor.
Auditor Must Report New Information to Audit Committee. This information includes: critical accounting policies and practices to be used, alternative treatments of financial information within GAAP that have been discussed with management, accounting disagreements between the auditor and management, and other relevant communications between the auditor and management.
Offering Specified Non-Audit Services Prohibited. The new law statutorily prohibits auditors from offering certain non-audit services to audit clients. These services include: bookkeeping, information systems design and implementation, appraisals or valuation services, actuarial services, internal audits, management and human resources services, broker/dealer and investment banking services, legal or expert services unrelated to audit services and other services the board determines by rule to be impermissible. Other nonaudit services not banned are allowed if preapproved by the audit committee.
Audit Partner Rotation. The lead audit partner and audit review partner must be rotated every five years on public company engagements.
Employment Implications. An accounting firm will not be able to provide audit services to a public company if one of that company's top officials (CEO, Controller, CFO, Chief Accounting Officer, etc.) was employed by the firm and worked on the company's audit during the previous year.
Criminal Penalties and Protection for Whistleblowers. The law creates tough penalties for those who destroy records, commit securities fraud and fail to report fraud.
Failure to Maintain Workpapers. It is now a felony with penalties of up to 10 years to willfully fail to maintain "all audit or review workpapers" for at least five years. The SEC will establish a rule covering the retention of audit records and the Board will issue standards that compel auditors to keep other documentation for seven years.
Document Destruction. It is a felony with penalties of up to 20 years to destroy documents in a federal or bankruptcy investigation.
Securities Fraud.Criminal penalties for securities fraud have been increased to 25 years.
Fraud Discovery. The statute of limitations for the discovery of fraud is extended to two years from the date of discovery and five years after the act. It was previously one year from discovery and three from the act.
Other Provisions. Other provisions protect corporate whistleblowers, ban personal loans to executives, and prohibit insider trading during blackout periods.
Financial Reporting and Auditing Process Additions. Issuers of public stock and their auditors must now follow new rules and procedures in connection with the financial reporting and auditing process.
Second Partner Review and Approval of Audit Reports. The new regulatory board will issue or adopt standards requiring auditors to have a thorough second partner review and approval of every public company audit report.
Management Assessment of Internal Controls. Management must now assess and make representations about the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
Audit Reports Must Contain Description of Internal Controls Testing. The new regulatory board will also issue or adopt standards that will require every audit report to attest to the assessment made by management on the company's internal control structures, including a specific notation about any significant defects or material noncompliance found on the basis of such testing.
Areas for CPAs to Watch. The ramifications of some of the provisions in the Sarbanes-Oxley Act will become known only as the SEC and the new Public Company Accounting Oversight Board begin implementing the bill.
Consulting Services. The Act lists eight types of services that are "unlawful" if provided to a publicly held company by its auditor: bookkeeping, information systems design and implementation, appraisals or valuation services, actuarial services, internal audits, management and human resources services, broker/dealer and investment banking services, and legal or expert services related to audit services. It also has one catch-all category authorizing the board to determine by regulation any service it wishes to prohibit. Other non-audit services-including tax services-require pre-approval by the audit committee. Pre-approved non-audit services must be disclosed to investors in periodic reports.
Implications for CPAs with Tax Practices. "Expert" services are not defined in the Act and we do not know how broadly the board or the SEC will define this term. It is conceivable that some tax services we view as traditional may be construed as "expert" services, and not permitted by any firm providing audit services to publicly held audit clients. We will encourage the Board or the SEC to understand the importance of auditors providing tax services for publicly held audit clients. In addition, tax services performed by an auditor for a publicly held company would require pre-approval by the client's audit committee.
Cascade Effect. Of particular concern is the cascade effect that the scope of services restrictions could have on small businesses and accounting firms. Our major concern is that the new legislation by Congress may become the template for parallel federal and state legislative or rule changes that directly affect both non-public companies that are subject to other regulations and the CPAs that provide services to them. The AICPA and the state CPA societies are monitoring this situation closely and will continue to keep you informed.
Additional Burdens for CPAs in Business and Industry. CPAs working in the financial management areas of public companies are directly impacted by the Act. These CPAs need to be aware of the new responsibilities of CEOs and CFOs, who are now required to certify company financial statements. They also have a greater duty to communicate and coordinate with corporate audit committees that are now responsible for hiring, compensating and overseeing the independent auditors. There are new requirements regarding enhanced financial disclosures as well. The AICPA is working to develop additional resources specifically tailored for members in corporate practice as they implement these new requirements.
Posted: Fri Apr 01, 2005 2:33 pm Post subject: PCAOB Rulemaking process
Step 1: PCAOB issues proposed rules – open meetings
Step 2: Period for comments
Step 3: PCAOB adopts rules – open meetings
Step 4: Final rules filled with SEC
Step 5: SEC opens period for comments
Step 6: SEC approves rules or starts proceedings to disapprove
Step 7: Approved rules become effective – printed in federal register _________________ George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.