Is non-compliance the way forward? 155



  • Why did the auditor cross the road?
    Because he did it last year. :oops:



  • I think that you have a key point Plaire1, when you say that some auditors are demanding too much of a firm to be compliant. Our auditors said that they had no evidence of freview controls, and therefore they couldn’t test them. When replying to Group on this point I asked whether the auditors would like video tape evidence of the Financial Director reviewing information.
    You are also quite correct when you say that documentation is the biggest problem. Someone else suggested that we should examine what we are trying to achieve. We we certainly are not trying to achieve good internal controls, because we already have them. The auditors have examined our internal controls for years and have always been satisfied with them. As I have said before, our intermnal controls have changed little, but it’s the documentation and the formalisation of authorisation processes that are the major burden for us. You must remember that we are a GBP15m turnover subsidiary, so we don’t have an internal audit department, we don’t have layers of supervisors who can sign off other people’s reconciliations. SOX is indeed a reaction to the ‘big boys’ not being honest, but if you are a ‘small boy’ the compliance process, at least as perceived by our auditors, is financially crippling and of very little benefit.
    Denis - I like it :lol:



  • Why did the auditor cross the road?
    Cause he was stuck to the back of the chicken 😄



  • You must remember that we are a GBP15m turnover subsidiary

    Has your parent Company considered the materiality of your operation? If you are not material to the results overall there is an argument that you don’t have to do anything. Or alternatively that you do not need to look at the full range of business processes.
    I have certainly been involved in projects where entire countries were excluded from scope on grounds of materiality.



  • Very true. That is where the argumentation from your management to the external auditors takes place. The auditors can ‘request’ items, management has to take a stand, to reflect efforts in compliance, and reflect the controls are effective.
    Fortunately our external audit team does take into consideration the size of the entity they are auditing adn reflect on the in accepting primary and secondary controls. Some external auditiors will not accept secondary controls.
    PCAOB has a very clear, maybe the only clear reflection on this area of managements ‘efforts’ to comply and if your management can sufficiently document the efforts to comply, the ecternal auditors ‘opinions’ need to reflect it.



  • This is very interesting conversation… I think I have a rather unique insight, just leaving public accounting as one of those ‘external auditors’ and joining an internal audit team for a public company… first, I read a comment about the external auditors looking at a company’s controls every year… the controls we look at for a financial statement audit doesn’t even hit the tip of the iceberg as to what is required under 404. That comparison can’t even be made and it really does show the lack of understanding as to the level of detail really underneath an external audit. All of the complaints about fees are very ironic to me… as one of the biggest complaints from the external audit side ( from some of the lower level employees… the ones that DO the work) is that there is NEVER enough time in the budget…the budget can’t be expanded, because the client will flip out over the increase in fees. I can guarantee you that the ones doing the work earn every penny … there were many nights I worked until 1:00…4:00 in the morning. And yes… if you don’t have it documented that you didn’t perform a control…it wasn’t performed, we didn’t make the rule up…it’s just the way it is. One firm went completely under… a lot of people lost their jobs, their retirement… the people of Enron and the people of Andersen. Believe me, everyone internal and external is tired…



  • Why did the auditor cross the road?
    Because he did it last year. :oops:
    No, because his ‘MasterSOXer’ manager didn’t train him any better and micromanaged him to the point of not being able to use his own judgment.



  • They’re crossing the road because of missing key controls… 😄
    If I look at the fee’s they charged us up to know, they’re getting close to becoming a siginificant item in our balance sheet.



  • I do understand your concerns and issues. But like any other state or government requirement/regualtion. Its the LAW…
    If you don’t believe me, tell your external account firm that you do not wish to participate in Sarbanes Oxley Compliance. LOL
    Jeff Cunningham



  • Allow me to throw a wrench in the works.
    the Act does not require adherence to the PCAOB AS2. There is NO guidance for management. Therefore all these hoops that external auditors want management to jump through (less than a remote liklihood -c’mon.) are silly. The act is reasonable, the PCAOB is psycho.
    Management under 404 need only do two things:

    1. state that management is responsible for an adequate control structure
    2. assess the effectiveness of the control structure
      No mention of COSO, CobiT light, assertions, etc. Management under the act can come up with any reasonable method for assessing the effectiveness of internal controls. The auditors however are held to the standards of a board because they could not be trusted to manage themselves. How we got to the point where management must comply with PCAOB rules, I don’t know… oh wait, our auditors held the ‘if you don’t do it our way we won’t sign’ gun to our heads.
      What is required by the act is ok… the mess that the PCAOB made of interepreting the act… wow, someone’s trying to justify their position 😉
      Just my ‘unbiased’ opinion.
      Chris.


  • Chris you are right - from a certain point of view. However, your auditor does need to follow AS2 and your auditor needs to attest on whether management’s assertion is valid.
    Your approach may result in 404 compliance BUT you’ll get a qualified audit.



  • Our company just certified by the Big4 firm with an unqualified opinion but it’d been a long and hard road to get this result. Both the external and internal auditors as well as the company accountants put in tremendous efforts and endless hours and we are all exhausted. Bottom line is if you can not stand the heat, get out the stock exchange, SOX is law and there is no room for negotiations. BTW, the audit fee in 2004 trebled due to the SOX work.



  • Thank you all for your insights! Pardon me for being late, but I am doing research on SOX compliance, and this conversation raises some very challenging issues.

    On one hand, SOX compliance is there to protect the shareholders, and having controls in place benefits the bottom line. On the other hand, does non-compliance automatically mean there is wrongdoing, or do prohibitive costs create a necessity for essentially ethical people to find an alternative?

    • Are smaller reporting companies, start-ups, etc., subject to the same sophisticated controls as a company as large as Apple?
    • What are the ramifications of non-compliance? Are there penalties involved, or merely the hold up of audit sign-off until in compliance?
    • Is “going private” a means of avoiding the scrutiny and oversight placed upon public companies, or just a means of avoiding the costs? Our audit fees are already exorbitant, and just the thought of increased cost makes my head pound.

    Your feedback is greatly appreciated!


Log in to reply