Four years ago President Bush passed into law the Sarbanes-Oxley Act of 2002 (SOX) that affected corporate governance, financial disclosure, and the practice of public accounting for auditors of publicly held companies. In December 2005, March 2006, and May 2006, the American Institute of Certified Public Accountants (AICPA), through the Auditing Standards Board, passed 11 new auditing standards for privately held companies.
“A significant amount of rule changes are going to drastically impact how external audits are performed for privately held companies,” says Benedict P. Rybicki, CPA and audit director for Doeren Mayhew. “It’s a re-engineering of the audit process.”
Smart Business talked to Rybicki about the potential impact of the new audit standards.
Why two sets of standards?
The Sarbanes-Oxley Act established the Public Company Accounting Oversight Board (PCAOB), which now issues auditing standards for auditors of public companies and registered public accounting firms that audit public entities.
The (AICPA) issues auditing standards for nonpublic entities and other nonissuers, thus two sets of audit standards. Over the past four years, the AICPA has looked to strengthen the auditing standards for nonpublic entities to improve the quality and effectiveness of those audits.
What will be the impact on privately held entities?
The impact on privately held entities will be far-ranging, from the actual conduct of the audit to the reports the auditors will issue. The new standards parallel many key themes of the Sarbanes-Oxley Act, from internal control-related matters to the company’s management accepting responsibility for preparing all financial information, including the company’s financial statements.
For business owners, bankers, institutional and private equity investors and others who know or have business relationships with individuals in the public arena the time, effort, energy and cost associated with implementation of SOX has been significant. The majority of the new standards will be effective with the entities’ 2007 audits. Business owners and management should begin to discuss the new standards with their auditors this year to get a clear understanding of their potential impact on upcoming audits.
As an example of the new standards, in certain situations, privately held entities may have requested their auditors assist them with more complicated accounting-related items (for example, income tax calculations) and also to help prepare their financial statements during the annual audit. The auditors can still perform those functions. But if the company’s accounting personnel are unable to perform those functions, the auditors will be required to issue material internal control weakness letters to the board of directors and management. Based on their content, material weakness letters may impact lending, bonding, governmental relationships, and other relationships.
Are private company owners upset?
Yes, the closely held business owner and key management personnel may not see any additional value in auditors gaining a more thorough understanding of their internal controls, their operations, business objectives and strategies, and the risks in achieving those objectives; they just assume the audit will be more expensive.
The SOX act and its impact have trickled down to the standards applicable to nonpublic entities. The new audit standards require and demand a higher level of performance and require auditors to perform more extensive procedures than in past years. Nonpublic business owners and management will need to familiarize themselves with the new requirements during their 2006 audit.
What do the new standards cover?
They consist of due professional care; audit evidence; audit risk and materiality; planning and supervision; understanding the entity and its environment and assessing the risk of material misstatement; performing audit procedures in response to assessed risks; audit sampling; and communicating internal control-related matters.
Are there any alternatives to the audit?
Accounting firms provide audit services (highest level of reliance), review engagement services (a moderate level of reliance) and compilation engagement services (no reliance), among others. In dealing with the new audit standards, there may be opportunities for privately held entities to reduce the level of service that their auditors are providing while still complying with their loan, bonding, governmental, or other financial requirements.
When do the new standards take effect?
The effective date for a majority of the new audit standards for entities with a December 31 year-end will be December 31, 2007, giving a company a full year to prepare for the changes.
BENEDICT P. RYBICKI is CPA and audit director for Doeren Mayhew a regional accounting firm in Troy, Michigan. Doeren Mayhew provides a wide range of professional services to middle-market companies. Reach him at firstname.lastname@example.org or (248) 244-3183.