February 26, 2007
February 26, 2007
Nancy M. Morris
Secretary, Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549-1090
RE: File No. S7-24-06
Dear Ms. Morris,
After reading the proposed rules on "Management's Report on Internal Control over Financial Reporting," there are aspects that I agree with, and one specific part that confuses me. Although it is tough to address how this may affect every single company, I think that the general result will be a positive one. I believe that with these proposed interpretations and rules, management will have more control over the procedure as a whole.
First of all, management can now design controls and perform an evaluation that is prepared to fit its company's individual situations and circumstances. This aspect is great because it is giving flexibility from company to company. It aims at having controls specific for each company that will result in operations running more smoothly. This gets rid of the issue of coming up with a general set of rules that will fit large and small companies. Even if there were a few different sets of rules for the different types of companies, each company is still unique and the idea of giving management the power to fit the controls for their company is a major step in the right direction.
Secondly, this proposal allows management and the auditor to use different testing approaches. This area was the confusing part to me. I understand that if management and the auditor use different testing approaches and get the same general result, there isn't a problem. However, if management and the auditor use different testing approaches and get different results, what happens next? In a simple and general case, if management concludes that their controls are efficient and effective using one approach, and the auditor finds their controls to be inefficient and ineffective using a different approach, how is this information disclosed on the internal control report? What does the SEC expect management to do in this situation?
In conclusion, I believe that the proposed rules and interpretations resulting from SOX are going to yield a positive outcome. I really like how management can now design controls and perform an evaluation that is prepared to fit its company's individual situations and circumstances. However, I believe that there needs to be some work done so that there isn't confusion on the internal control report if management and the auditor use different testing approaches to get different results.
Thank you for your time,
James Slye
2009 candidate for CPA exam
University of Wisconsin-La Crosse
slye.jame@students.uwlax.edu