February 24, 2005
Ladies and Gentlemen:
Please consider the following comments in your discussions relative to the application of SOA at small registered companies. My point of view starts from the perspective that a dollar invested in the securities of a small registered company is subject to the same risk of capital loss as one invested in large companies. Therefore,in my view,the management of smaller companies have the same responsibilities to their investors as the management of larger companies with respect to disclosing complete and accurate information to the public in a timely matter. Clearly, therefore, the control environment of smaller companies must be complete and operating effectively in all respects. This is a matter law and is not negotiable, although many in industry argue that this is not in the best interests of corporate competitiveness.
This being said, I believe that the control environment of all companies should be scaled to their size. Simply stated, as companies grow, their control environments should grow with them. As I have worked with PCAOB Auditing Standard #2, I have found that it has provided ample latitude for practitioners to scale the control environment to their particular companys. Where I find the shortcoming is in the application of PCAOB Auditing Standard #2 by the accounting firms. If one were to review their audit work over the last year my guess is that they would find that the firms are applying a one-size-fits-all approach to SOA compliance. As a result, many companys have been complaining about the onerous requirements of SOA, when in fact the accounting firms have, in many cases, imposed unnecessary control requirements on their public clients.
Before we throw the baby out with the bath water, lets take a look at the application of the new auditing standards, rather then the revising the standards that provide practitioners amble room to exercise professional judgement. Given sufficient time and guidance, I believe the accounting industry will develop scaled audit plans. We all must remember that the accounting industry is still shell-shocked from all the additional requirements. They need time to adjust their resources and methods in the best interests of their clients and the public.
Perhaps a most constuctive approach would be for the PCAOB to work with the accounting industry and jointly develop scaled audit approaches. This task should not be imposed on the auditor alone, however. Industry has the responsibility to offer constuctive suggestions in establishing adequate control environments scaled to all company sizes. I look forward to seeing the draft of COSO for audits of small companies. I think this is the correct body to initially undertake this effort.
James Steffes, CPA