Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

SEC Ponders Management Failures on Internal Control

Tammy Whitehouse | December 10, 2013

While it's auditors who have taken heat the past few years over internal control over financial reporting, the Securities and Exchange Commission is exploring whether management's evaluation of control is lacking as well.

At a national accounting conference, Brian Croteau, deputy chief accountant at the SEC, said he's convinced the increase in audit inspection findings related to internal controls the past few years likely indicates management is not always properly evaluating internal control. That suggests material weaknesses are not being identified, he said. He's heard suggestions that the Public Company Accounting Oversight Board and auditors are more concerned about internal control than management when considering entity level controls or the severity of control problems. Guidance for auditors and management was developed in tandem to assure they were properly aligned, he said, and management might be wise to review the guidance in light of significant audit findings.

“I continue to question whether all material weaknesses are being properly identified,” Croteau said. “It is surprisingly rare to see management identify a material weakness in the absence of a material misstatement." He surmises that could be because the deficiencies are not being identified or the severity of deficiencies is not being evaluated appropriately. The SEC will be working with the PCAOB to address control concerns in 2014, he said. “It may be useful for management to dust off the SEC's 2007 interpretive guidance and compare management's ICFR evaluation process to the SEC guidance to see if improvements are in order,” Croteau said.

The PCAOB issued a report recently summarizing a long list of problems with internal control audits it has noted through audit inspections over the past few years in particular. The PCAOB has told auditors to take more care in their risk assessment and audit of internal control, selecting controls to test, testing management review controls, and using the work of others. The PCAOB also has told auditors to take a closer look at information that comes from system-generated reports, and the roll forward of controls tested at interim dates.