In late July, the SEC gave its official stamp of approval to a much-anticipated change in the auditing landscape. Amidst abundant chatter in the accounting world, PCAOB Auditing Standard No. 5, "An Audit of Internal Control over Financial Reporting That Is Integrated with An Audit of Financial Statements," was issued to replace Auditing Standard No. 2, which governed audits of internal controls over financial reporting. The new auditing standard, often referred to by the less cumbersome name "AS 5," is intended to improve the efficiency and effectiveness of internal control audits while also cutting audit costs, especially for smaller public companies.
For readers who have remained out of the Sarbanes-Oxley loop, Section 404 mandates that management must assess and report on the effectiveness of the company's internal controls over financial reporting, and the external auditor must attest to management's internal control assessment. Auditing Standard No. 5 lays out the requirements and provides guidance for auditors who are engaged to perform an audit of management's assessment of the internal controls that's integrated with an audit of the financial statements as required by SOX.
So, what does the new standard do that AS 2 didn't? According to the SEC, AS 5 will improve the internal control auditing process in several key ways.