Is non-compliance the way forward? 155



  • Very, Very interesting discussion in here.
    Every Company really should have been in compliance in the beginning, even if they were just utilizing ‘best practices’. Documentation would have been the biggest hoop. Non-Compliance is not an option. All the ‘kids’ just couldn’t seem to be able to play together, so mom and dad set new rules. Shareholders want and will get assurances that there is not any fraud within the company they hold ‘stock’ in and management will assert that the controls are adequate. This came about because the ‘big guys’ lied and said ‘we are making money’ when they were not. The executives are not the ones that suffer, with large retirement and severance packages, the shareholders and public suffer the lie.
    Your costs will increase only because you have not come into compliance this year or do not understand what ‘your auditors’ internal or ecxternal are doing. In my this current project, I strongly suggested the previous consulting firm be backcharged for all our fees. This consulting firm had led this company down a path that almost create a failed external audit. I came on board with a new team and we straightened it all out in a very short amount of time. If the company had any understanding of the process at all they would have know what was wrong.
    It is up to management to understand the process, requirements and costs to enable any company to comply and not go broke doing it. After this year your companies should be maintaining not increasing costs.
    Your biggest costs were getting into compliance. How could the cost double or triple if you have become compliant and should be on a maintain level. Every company should re-org the internal audit organization to include an IT side, this will keep costs down dramatically.
    Management pushing back on external auditing firms will help keep costs down, some of them demand to much of a firm to be compliant and it is up to management to make the argument against it. They are playing it conservative as they too have to attest to the controls within the firm and will be held accountable. They also are going through a peer review of the process they use.
    From a Business Continuity book:
    ‘An auditor is the person who comes in after the war is over and bayonets the wounded.’



  • Why did the auditor cross the road?
    Because he did it last year. :oops:



  • I think that you have a key point Plaire1, when you say that some auditors are demanding too much of a firm to be compliant. Our auditors said that they had no evidence of freview controls, and therefore they couldn’t test them. When replying to Group on this point I asked whether the auditors would like video tape evidence of the Financial Director reviewing information.
    You are also quite correct when you say that documentation is the biggest problem. Someone else suggested that we should examine what we are trying to achieve. We we certainly are not trying to achieve good internal controls, because we already have them. The auditors have examined our internal controls for years and have always been satisfied with them. As I have said before, our intermnal controls have changed little, but it’s the documentation and the formalisation of authorisation processes that are the major burden for us. You must remember that we are a GBP15m turnover subsidiary, so we don’t have an internal audit department, we don’t have layers of supervisors who can sign off other people’s reconciliations. SOX is indeed a reaction to the ‘big boys’ not being honest, but if you are a ‘small boy’ the compliance process, at least as perceived by our auditors, is financially crippling and of very little benefit.
    Denis - I like it :lol:



  • Why did the auditor cross the road?
    Cause he was stuck to the back of the chicken 😄



  • You must remember that we are a GBP15m turnover subsidiary

    Has your parent Company considered the materiality of your operation? If you are not material to the results overall there is an argument that you don’t have to do anything. Or alternatively that you do not need to look at the full range of business processes.
    I have certainly been involved in projects where entire countries were excluded from scope on grounds of materiality.



  • Very true. That is where the argumentation from your management to the external auditors takes place. The auditors can ‘request’ items, management has to take a stand, to reflect efforts in compliance, and reflect the controls are effective.
    Fortunately our external audit team does take into consideration the size of the entity they are auditing adn reflect on the in accepting primary and secondary controls. Some external auditiors will not accept secondary controls.
    PCAOB has a very clear, maybe the only clear reflection on this area of managements ‘efforts’ to comply and if your management can sufficiently document the efforts to comply, the ecternal auditors ‘opinions’ need to reflect it.



  • This is very interesting conversation… I think I have a rather unique insight, just leaving public accounting as one of those ‘external auditors’ and joining an internal audit team for a public company… first, I read a comment about the external auditors looking at a company’s controls every year… the controls we look at for a financial statement audit doesn’t even hit the tip of the iceberg as to what is required under 404. That comparison can’t even be made and it really does show the lack of understanding as to the level of detail really underneath an external audit. All of the complaints about fees are very ironic to me… as one of the biggest complaints from the external audit side ( from some of the lower level employees… the ones that DO the work) is that there is NEVER enough time in the budget…the budget can’t be expanded, because the client will flip out over the increase in fees. I can guarantee you that the ones doing the work earn every penny … there were many nights I worked until 1:00…4:00 in the morning. And yes… if you don’t have it documented that you didn’t perform a control…it wasn’t performed, we didn’t make the rule up…it’s just the way it is. One firm went completely under… a lot of people lost their jobs, their retirement… the people of Enron and the people of Andersen. Believe me, everyone internal and external is tired…



  • Why did the auditor cross the road?
    Because he did it last year. :oops:
    No, because his ‘MasterSOXer’ manager didn’t train him any better and micromanaged him to the point of not being able to use his own judgment.



  • They’re crossing the road because of missing key controls… 😄
    If I look at the fee’s they charged us up to know, they’re getting close to becoming a siginificant item in our balance sheet.



  • I do understand your concerns and issues. But like any other state or government requirement/regualtion. Its the LAW…
    If you don’t believe me, tell your external account firm that you do not wish to participate in Sarbanes Oxley Compliance. LOL
    Jeff Cunningham



  • Allow me to throw a wrench in the works.
    the Act does not require adherence to the PCAOB AS2. There is NO guidance for management. Therefore all these hoops that external auditors want management to jump through (less than a remote liklihood -c’mon.) are silly. The act is reasonable, the PCAOB is psycho.
    Management under 404 need only do two things:

    1. state that management is responsible for an adequate control structure
    2. assess the effectiveness of the control structure
      No mention of COSO, CobiT light, assertions, etc. Management under the act can come up with any reasonable method for assessing the effectiveness of internal controls. The auditors however are held to the standards of a board because they could not be trusted to manage themselves. How we got to the point where management must comply with PCAOB rules, I don’t know… oh wait, our auditors held the ‘if you don’t do it our way we won’t sign’ gun to our heads.
      What is required by the act is ok… the mess that the PCAOB made of interepreting the act… wow, someone’s trying to justify their position 😉
      Just my ‘unbiased’ opinion.
      Chris.


  • Chris you are right - from a certain point of view. However, your auditor does need to follow AS2 and your auditor needs to attest on whether management’s assertion is valid.
    Your approach may result in 404 compliance BUT you’ll get a qualified audit.



  • Our company just certified by the Big4 firm with an unqualified opinion but it’d been a long and hard road to get this result. Both the external and internal auditors as well as the company accountants put in tremendous efforts and endless hours and we are all exhausted. Bottom line is if you can not stand the heat, get out the stock exchange, SOX is law and there is no room for negotiations. BTW, the audit fee in 2004 trebled due to the SOX work.


Log in to reply