April 19, 2006
Ladies and Gentlemen:
By way of background, I offer consulting advise to my clients in the area of Sarbanes compliance and help them develop practical, cost-effective controls to mitigate relevant fraud and financial reporting risks.
Since the roundtable of 2005, large public companies have worked hard to keep compliance costs down by leveraging Sarbanes compliance to mitigate their risk of fraud and material misstatement. The high cost of 404 compliance has been, and continues to be, their number one concern.
To help public companies manage their 404 compliance costs to a reasonable and justifiable level, additional audit guidance is needed to provide specific directives on controls testing and evaluation of control deficiencies. From management's perspective, this is particularly important since compliance cost is driven largely by the nature and scope of the 404 testing dictated by their auditors. The main objective of such audit guidance is to help the auditors develop a balanced audit scope that is not skewed towards process level controls but designed to:
(a) Detect material weaknesses and risks of material misstatments,
(b) Given proper recognition of effective monitoring and compensationg controls, and
(c) Evaluate the integrity of the overall control enviroment.
During year two, some auditors have been effective in adopting a risk-based integrated audit approach while others are still reluctant to scale back their test plan and have continued to spend a disporportionate amount of time evaluating controls (and related exceptions) that are not critical to the prevention or detection of errors or fraud that could result in material misstatements. In certain instances, auditors are more concerned with the formality as opposed to the substance of a control exception (such as a missing signature).
Please use the upcoming roundtable to help:
(1) Develop appropriate guidelines for managment and their auditors to evaluate the right mix of key controls
(2) Evaluate viable measures to keep 404 compliance cost under control
(3) Emphasize the benefits of continuous controls improvement and
(4) Provide a clear path for smaller public companies to implement cost-effective controls.
Thank you for your attention.
Sincerely,
Anthony S. Chan, CPA
Principal, Berdon LLP