Presentation on theme: "1 Implications of the Sarbanes-Oxley Act on the Public Sector 2005 NASACT Annual Conference August 15, 2005 Gail Flister Vallieres U.S. Government Accountability."— Presentation transcript:
1 Implications of the Sarbanes-Oxley Act on the Public Sector 2005 NASACT Annual Conference August 15, 2005 Gail Flister Vallieres U.S. Government Accountability Office
2 Integrity and Trust in Government Without integrity and trust, governments, institutions and leaders cannot succeed. With trust, governments, institutions and leaders can achieve great things. Getting it right with regard internal control and accountability will be critical to achieving and maintaining the publics trust in government.
3 Current Government Environment continually increasing demands for government effectiveness and accountability fiscal pressures, increasing costs, structural deficit financial and performance reporting pressures and incentives changing laws and regulations changing demographics ability to hire and retain skilled staff control environment/ risk assessment
4 Sarbanes-Oxley Act of 2002 Instituted sweeping changes for accountability profession and corporate governance in the following areas: oversight of the auditing profession auditor independence corporate responsibility enhanced financial disclosure requirements (including internal control reporting)
5 Sarbanes-Oxley Act of 2002 Instituted sweeping changes for accountability profession and corporate governance in the following areas: oversight of the auditing profession auditor independence corporate responsibility enhanced financial disclosure requirements (including internal control reporting)
6 Sarbanes-Oxley Act Audit Profession Oversight Creation of Public Company Accounting Oversight Board (PCAOB). Principal duties: establish or adopt standards for public company audits enforce compliance with standards and the Act inspect and register public accounting firms conduct investigations of firms and disciplinary proceedings impose sanctions
7 Sarbanes-Oxley Act Impact on U.S. Auditing Standards Three US Auditing Standards-Setting Organizations Public Company Accounting Oversight Board (PCAOB) Audits of publicly traded companies Auditing Standards Board (ASB) of the AICPA Privately held companies Not-for-profit organizations U.S. Government Accountability Office Federal, state, local governments Not-for-profit organizations receiving federal funding
8 Sarbanes-Oxley Act: Impact on U.S. Auditing Standards Comptroller General established the U.S. Auditing Standards Coordinating Forum PCAOB, GAO, ASB Three principals meet several times a year. Key staff coordinate regularly to implement agenda. Rotating chair, based on who is hosting the meeting. Still defining role for IAASB
9 Sarbanes-Oxley Act Impact on U.S. Auditing Standards Purpose of U.S. Auditing Standards Coordinating Forum maximize complementary standards-setting agendas minimize duplicative or competing efforts identify any significant gaps not being addressed develop strategies for overcoming challenges and barriers to modernizing the auditing profession in the U.S. assure consistency where appropriate for core auditing standards, while seeking to modernize those standards
10 Sarbanes-Oxley Act Auditor Independence It is now unlawful for a registered accounting firm to provide certain nonaudit services to audit clients, including: accounting and bookkeeping services financial information systems design and implementation appraisal, valuation, and actuarial services, internal audit outsourcing services management or human resources functions All other nonaudit services provided to audit clients require prior audit committee approval
11 Sarbanes Oxley Act Auditor Independence An accounting firm is not allowed to perform an audit of a registrant whose key financial or management personnel were employed by that accounting firm and participated in the audit within one year of the current audit. The auditor must report to the audit committee all critical accounting policies and practices used in preparing financial statements The lead audit, concurring and reviewing partners must rotate every 5 years.
12 Auditor Independence Implications for Government Yellow Book independence standards became effective in 2003 Auditor communications with audit committees. Audit Partner Rotation– no related government requirement. Employment restrictions–watch for situations that could result in appearance of independence problems under current Yellow Book independence standards.
13 Sarbanes Oxley Act Corporate Responsibility New Requirements for Audit Committees Members must be on the Board of Directors and be independent Responsible for the appointment, compensation, and oversight of the auditor The auditor must report to the audit committee all critical accounting policies and practices used in preparing financial statements Must be appropriately funded by the company
14 Sarbanes Oxley Act Corporate Responsibility Other Corporate Responsibility Requirements The CEO and CFO must certify that financial statements and disclosures are appropriate and fairly present, in all material respects, the operations and financial condition of the company. Unlawful for officers and directors to fraudulently influence, coerce, manipulate, or mislead the auditor
15 Corporate Responsibility Implications for Government Auditors and financial professionals should evaluate whether implementing an audit committee or similar type of committee would enhance governance Auditors should encourage good governance practices within the entities they audit. CFO and CEO Certification of financial resultsDoes top management understand and care about what is in the financial statements? Auditors: watch for reporting pressures and improper management on audit or reporting results.
16 Sarbanes-Oxley Act Section 404: Internal Control Management is required to establish and maintain adequate internal control structure and procedures for financial reporting Include in the annual report a statement of managements responsibility for and managements assessment of the effectiveness of those controls. The companys auditors are required to attest to and report on managements assessment of the effectiveness of internal control over financial reporting.
17 Sarbanes-Oxley Act Section 404: Internal Control PCAOB Auditing Standard No 2: Audit of Internal Control over Financial Reporting in conjunction with Audit of Financial Statements Requires auditor opinions on internal control effectiveness managements assessment of internal control effectiveness Internal control audit must be performed in conjunction with financial statement audit
18 Sarbanes-Oxley Act Section 404: Internal Control PCAOB Auditing Standard No 2 (cont): Requires walkthroughs for each major transaction class Limits on rotation testing of controls Limits on reliance on work of others New, more rigorous definitions of material weakness and significant deficiency (formerly reportable condition)
19 Federal Govt Internal Control Requirements FMFIA/OMB A-123 Federal Financial Managers Financial Integrity Act of 1982 (FMFIA) establishes overall requirements for internal control in federal agencies. The agency head must establish controls that reasonable ensure that Obligations and costs are in compliance with applicable law Funds, property, and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation, and Revenues and expenditures applicable to agency operations are properly recorded and accounted for
20 Federal Govt Internal Control Requirements FMFIA/OMB A-123 Office of Management and Budget (OMB) Circular A-123, Management Accountability and Control Implements FMFIA covers all aspects of an agencies operations (programmatic, financial, and compliance) Over the years, OMB Circular A-123, has broadened these requirements to include controls over all aspects of an agencys operations. Latest update (December 2004) provides updated internal control standards (incorporating the COSO elements) and new specific requirements for conducting managements assessment of the effectiveness of internal control
21 Federal Govt Internal Control Requirements FMFIA/OMB A-123 December 2004, revised OMB Circular A-123 requires annual management assurances on internal control in Performance and Accountability Report. separate assurance on internal control over financial reporting using the COSO elements (for the 24 CFO-Act agencies) identification of material weaknesses, non-conformances, and corrective actions. Revised A-123 does not require audit of internal control over financial reporting GAO supported the revised A-123 in recent testimony before House Government Reform Subcommittee on Government Management. (GAO T, Feb. 16, 2005)
22 Federal Govt Internal Control Requirements FMFIA/OMB A-123 GAO Identified six critical implementation issues 1.Need for supplemental guidance and implementation tools 2.The following objectives covered by the Circular will require special attention– (1) achieving effective and efficient operations, and (2) complying with laws and regulations. 3.Managers throughout an agency need to provide strong support for internal control. 4.Agencies need to strike a balance between costs and benefits, while achieving an appropriate level of internal control. 5.Management testing of controls is essential to determine their soundness, whether they are being adhered to, and whether corrective action is necessary. 6.Personal accountability will be essential, starting with top agency management and cascading throughout the organization.
23 Federal Govt Internal Control Requirements FMFIA/OMB A-123 GAO Views on the next steps– auditor opinions on internal control-- Auditor opinions on internal control over financial reporting is an important component of monitoring risk management and accountability systems. Need to determine if management has assessed internal control and has a firm basis for its assertion over effectiveness before attempting to audit internal control over financial reporting.
24 Internal Control Reporting Getting Started Does management have a credible basis for a conclusion about the effectiveness of internal control over financial reporting? What is the level of maturity of the internal control systems in place for financial reporting? What are the associated risks? What is the targeted level of maturity for internal controls? Small, simple entities vs. large, complex entities What are benefits and cost of an audit of internal control, given where the entity is in the process?
25 Internal Control Reporting Getting Started Level 1: Unreliable Unpredictable environment controls not designed, in place Level 2: Informal controls designed, in place not adequately documented mostly dependent on the individuals doing the function no formal training or communication of results Internal controls maturity framework: Level 3: Standardized controls in place, documented, and communicated to employees deviations may not be detected Level 4: Monitored standardized controls with periodic testing for effective design and operation, reporting to management Level 5: Optimized integrated internal control framework real-time monitoring by management with continuous improvement automation to support controls and make rapid changes to controls if needed Source: Pricewaterhousecoopers, The Sarbanes-Oxley Act of 2002: Strategies for Meeting New Internal Control Reporting Challenges: A White Paper, 2002
26 Sarbanes-Oxley Act Implementation: What We Have Learned and Future Directions The Sarbanes-Oxley Act reforms are sound and necessary Reforms have improved governance and management, including the involvement of the board, audit committees, and top management in financial reporting and internal control issues. Implementing section 404 has been challenging due to: The amount and nature of internal control work performed in the past Extensive audit work being performed due to real and/or perceived lack of flexibility in PCAOB Auditing Standard No. 2 Significant first-year implementation efforts
27 Sarbanes-Oxley Act Implementation: What We Have Learned and Future Directions GAO strongly supports the concepts behind section 404. However, we believe that economies and efficiencies can be gained in the process through : Auditor and management efficiencies and streamlining in the second year and beyond. Better integration of the financial and internal control audit. Additional PCAOB and SEC guidance that provides for a risk- based approach using reasoned risk and experience-based auditor judgments in areas such as rotation of testing and additional flexibility in using the work of others (similar to the approach in GAOs Financial Audit Manual). Ongoing feedback from the PCAOB inspection process
28 GAO Technical Assistance The Yellow Book is available on GAOs website at : For technical assistance, contact us at
29 Contact Information Gail Flister Vallieres Financial Management & Assurance U.S. Government Accountability Office (202)