Question

The 2002 SOX Act required integrated audits for all public companies with immediate implementation by larger accelerated-filers.  The 2010 Dodd-Frank Act modified section 404 of the SOX Act to exempt certain smaller companies (non-accelerated-filers) from having external audits of their ICFR.

Given the importance and function of internal controls and known fraudulent activities, do you agree with this modification that eliminated the need for these smaller public companies from having auditor’s express an opinion on their ICFR? Explain your answer.

Though recommended, there is no requirement for private and not-for-profit companies to have external auditors audit their ICFR. Explain whether you feel these organizations should have their ICFR audited by external auditors.

Answer 1

Part A- Yes we should be agreed with this modification that eliminates the need for smaller public companies from having auditor’s express an opinion on their ICFR. Some facts in this favor are-

1. Smaller companies have less complex operations. Factors that might indicate less complex operations include: fewer business lines; less complex business processes and financial reporting systems; more centralized accounting functions; extensive involvement by senior management in the day-to-day activities of the business; and fewer levels of management, each with a wide span of control.

2. The auditor should not use the work of persons who have a low degree of objectivity (which is found in smaller companies), regardless of their level of competence. Likewise, the auditor should not use the work of persons who have a low level of competence regardless of their degree of objectivity. Personnel whose core function is to serve as a testing or compliance authority at the company, such as internal auditors, normally are expected to have greater competence and objectivity in performing the type of work that will be useful to the auditor.

3. For smaller companies, the controls that address the risk of management override might be different from those at a larger company. For example, a smaller company might rely on more detailed oversight by the audit committee that focuses on the risk of management override.

4. Smaller companies or less complex company or business unit with simple business processes and centralized accounting operations might have relatively simple information systems that make greater use of off-the-shelf packaged software without modification. In the areas in which off-the-shelf software is used, the auditor's testing of information technology controls might focus on the application controls built into the pre-packaged software that management relies on to achieve its control objectives and the IT general controls that are important to the effective operation of those application controls.

So on the-basis of above facts we can say that exemption is the need for smaller public companies from having auditor’s express an opinion on their ICFR or from having external audits of their ICFR.

Part B. Should Pvt. Company or non-profit have their ICFR audited by external auditors-

An independent audit is not the same as an IRS audit. Rather, it is an examination of our accounting records and financial statements by an independent auditor—normally, a certified professional accountant (CPA). The auditor is an independent professional hired and paid by our Pvt. Company or non-profit. The auditor will do an independent investigation to test the accuracy of our accounting records and internal controls. At the conclusion of the audit, the auditor issues a report in the form of a letter stating whether, in the auditor’s professional judgment, your accounting records and year-end financial statements fairly represent our Pvt. Company or non-profit’s financial position according to generally accepted accounting principles (GAAP). The auditor’s letter is attached to the front of our financial statements. A clean bill of health from an auditor shows the world that we’re keeping our books in a responsible manner.

Independent audits are mandatory for some non-profits. The IRS does not require nonprofits to obtain audits, but other government agencies do. For example, the federal Office of Management and Budget (OMB) requires any nonprofit that spends $500,000 or more in federal funds in a year (whether directly or by passing the money on to other nonprofits) to obtain what is termed a “single audit” to test for compliance with federal grants management standards. In addition, approximately one-third of all states require nonprofits of a certain annual revenue size to be audited if they solicit funds from their state’s residents. The revenue thresholds vary from state to state. California requires annual audits for nonprofits registered with the state that have gross income of $2 million or more. Other states have lower income thresholds. Finally, some funders, such as foundations, will not provide funding to a nonprofit unless they receive audited financial statements. The same holds true for many banks and other potential lenders.

Getting an audit sounds great in theory, but if it is not absolutely required by the government or an important funding source, it may not be worth the money, especially for nonprofits with smaller incomes. Think about it—if a nonprofit has an annual income of $100,000 or less, paying $5,000 to $10,000 for an audit would take up a substantial portion of its entire annual budget. Moreover, an audit is generally unnecessary for small nonprofits because they engage in a low number of financial transactions each year, and the veracity of their books can be checked in cheaper ways.

There are two cheaper alternatives to a full-blown independent audit. The first is called a review, which is like a mini-audit. A CPA examines our financial records, but much less thoroughly than in a full-blown audit. Unlike an audit, the CPA does not express an opinion as to whether our financial statements are in accordance with GAAP. Instead, the accountant merely states whether he or she is aware of any material modifications that should be made to the financial statements for them to be in conformity with GAAP. A review costs about half as much as an audit. Many funders will accept a review instead of an audit, but a review is not an audit and it may not be referred to as such.

The cheapest alternative to an audit is a compilation. This is where an accountant assembles our financial statements from the information you provide. The accountant does not subject our financial records to any audit or review and thus can express no opinion at all as to whether they comply with GAAP.

Finally we can say that many people are under the impression that their Pvt. Company or non-profit have to be audited but this is not always the case. If you are uncertain whether you need to have your company audited or reviewed or whether you need to comply.

Thanks &all the best..........