Canada: U.S. Securities and Accounting Regulators Give New Guidance on Internal Controls Audits

In April, the U.S. Securities and Exchange Commission hosted a roundtable on issues that arose during the implementation of new requirements for auditor review of internal controls over financial reporting. On May 16, 2005, in response to concerns raised at the roundtable, the SEC and the Public Company Accounting Oversight Board (PCAOB) issued additional guidance and clarification on issues affecting compliance costs and recommendations for improvements to the audit process, including:

• Management and external auditors should bring reasoned judgment to the process and use a top-down approach in designing internal controls, tailoring the controls to the risks of the company’s business, identifying only those accounts and processes that are, in fact, relevant to financial reporting internal controls, and eliminating from further consideration those accounts that have only a remote likelihood of contributing to a material misstatement. Management and auditors should strive for a standard of reasonable assurance.

• Auditors should integrate their audits of internal controls with their traditional financial statement audit, so that evidence gathered and tests conducted in the context of either audit contribute to completion of both audits. Auditors should not use standardized "checklists" as they will not identify company specific issues that should be the focus of the audit.

• Management, auditors and audit committees should engage in frequent and frank dialogue to improve internal controls. Discussing internal control issues with the auditor will not, by itself, result in the auditor concluding that there is a deficiency in the internal controls. However, management should not allow the auditor to determine the accounting treatment to be used, nor rely on the auditor to design or implement the controls, as that would compromise the auditor's independence.

Finally, the SEC and the PCAOB said they will continue to monitor the implementation of the internal control audit requirements for small U.S. companies and foreign private issuers, and may provide further guidance for these companies. The full text of the guidance provided by the SEC is available at http://www.sec.gov/info/accountants/stafficreporting.htm. The full text of the guidance provided by the PCAOB and the related policy statement on Auditing Standard No. 2 are available at www.pcaob.org.

Rob Lando is the managing partner of Osler, Hoskin & Harcourt LLP's New York office, where he practises Ontario and New York law. With practice experience as both a Canadian and U.S. securities lawyer, he advises clients on cross-border corporate finance and M&A transactions, as well as on compliance with various U.S. and Canadian corporate governance requirements. Sue Krembs is a partner in the Business Law Department of the firm's New York office, with a practice devoted to U.S. legal matters. Her transaction experience covers a wide spectrum of M&A deals and public and private financings, both U.S. and multi-jurisdictional.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.