PCAOB 監査基準書第5号が承認されましたね。。。
こんにちは、丸山満彦です。PCAOBの監査基準書第2号が廃止され第5号となりますね。監査人は、経営者評価に対する監査は不必要としてしなくてよくなり、内部統制の有効性についてのみ意見表明をすればよいことになります。日本はちょっと選択を間違えたかもしれませんね。。。
【PCAOB】
・2007.05.24 Board Approves New Audit Standard For Internal Control Over Financial Reporting and, Separately, Recommendations on Inspection Frequency Rule
・Adopted Standard - AS5 (Pending SEC approval)
・・PCAOB Release No. 2007-005
・・Rulemaking Docket
・・Briefing Paper
・・News Release
1.リスク指向をより明確にした
2.経営者評価の適正性についての監査はしなくてもよいことにした
3.小規模会社への適用も考慮した
4.わかりやすく、短くした、財務諸表監査基準書でいわれていることは削除した、SECのルールとの用語を統一した
ってところですかね。。。
後、トップダウンアプローチが明確になっていて、モニタリングの有効性が確認されればそのモニタリングの対象となっているプロセスレベルコントロールの評価を軽減できるとしていますね。。。
=====
The New Auditing Standard
The Board’s new standard is designed to achieve four objectives:
1. Focus the Internal Control Audit on the Most Important Matters – The new standard focuses auditors on those areas that present the greatest risk that a company’s internal control will fail to prevent or detect a material misstatement in the financial statements. It does so by incorporating certain best practices designed to focus the scope of the audit on identifying material weaknesses in internal control, before they result in material misstatements of financial statements, such as using a top-down approach to planning the audit. It also emphasizes the importance of auditing higher risk areas, such as the financial statement close process and controls designed to prevent fraud by management. At the same time, it provides auditors a range of alternatives for addressing lower risk areas, such as by more clearly demonstrating how to calibrate the nature, timing and extent of testing based on risk, as well as how to incorporate knowledge accumulated in previous years’ audits into the auditors’ assessment of risk and use the work performed by companies’ own personnel, when appropriate.
2. Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits – The Board examined every area of the internal control audit to determine whether the previous standard encouraged auditors to perform procedures that are not necessary to achieve the intended benefits of the audit. As a result, among other things, the new standard does not include the previous standard’s detailed requirements to evaluate management’s own evaluation process and clarifies that an internal control audit does not require an opinion on the adequacy of management’s process. As another example, the new standard refocuses the multi-location direction on risk rather than coverage by removing the requirement that auditors test a "large portion” of the company’s operations or financial position.
3. Make the Audit Clearly Scalable to Fit the Size and the Complexity of Any Company – In coordination with the Board’s ongoing project to develop guidance for auditors of smaller, less complex companies, the new standard explains how to tailor internal control audits to fit the size and complexity of the company being audited. The new standard does so by including notes throughout the standard on how to apply the principles in the standard to smaller, less complex companies, and by including a discussion of the relevant attributes of smaller, less complex companies as well as less complex units of larger companies. The upcoming guidance for auditors of smaller companies will develop these themes even further.
4. Simplify the Text of the Standard – The Board’s new standard is shorter and easier to read. This is in part because it uses simpler terms to describe procedures and definitions. It is also because the standard has been streamlined and reorganized to begin with the audit itself, to move definitions and other background information to appendices, and to avoid duplication by cross-referencing to existing concepts and requirements that appear elsewhere in the Board’s standards and relevant laws and SEC rules. For example, the new standard eliminates the previous standard’s discussion of materiality, thus clarifying that the auditor’s evaluation of materiality for purposes of an internal control audit is based on the same long-standing principles applicable to financial statement audits. Also, in order to better coordinate the final standard and the SEC’s new rules and management guidance, the new standard conforms certain terms to the SEC’s rules and guidance, such as the definition of “material weakness” and use of the term “entity-level controls” instead of “company-level controls.”
=====
【参考】
・2007.05.24 SEC Approves New Guidance for Compliance with Section 404 of Sarbanes-Oxley
・2007.01.18 日本公認会計士協会 PCAOB2号翻訳
・2006.12.25 SEC Management's Report on Internal Control Over Financial Reporting(公開草案)における2つの原則
・2006.12.21 SEC Management's Report on Internal Control Over Financial Reporting(公開草案)公表
・2006.12.21 PCAOB 監査基準書第2号(公開草案)の改訂ポイント
・2006.12.20 PCAOB 監査基準書第2号(公開草案)公表
・2007.04.21 金融庁 仮訳 「財務報告に係る内部統制の評価及び監査の基準並びに財務報告に係る内部統制の評価及び監査に関する実施基準の設定について(意見書)」
・2007.05.21 米国SOX法の状況 FEI Survey: Management Drives Sarbanes-Oxley Compliance Costs Down, But Auditor Fees Virtually Unchanged
・2007.04.30 学者もわからない?内部統制監査の意見形成論(ダイレクトレポーティングの不採用)
・2007.04.29 SOX法に対する経営者の見解
・2007.04.22 SOX法 3年目は5%の企業に内部統制の欠陥
・2007.04.11 キヤノンの内部統制報告書と監査報告書
・2007.03.28 内部統制の監査意見形成のための論点整理
【過去の今日】
・2006.05.25 今夏の参院選で電子投票も行える?
・ 考えるだけでロボットが動く・・・
・ XX騙る偽メール
・ 本日より・・・第10回コンピュータ犯罪に関する白浜シンポジウム
・2005.05.25 総務省 情報セキュリティ政策2005を策定へ
・ 経済産業省 官民連携ポータル検討会の開催
« IPA 「電子メールのセキュリティ対策」など、最新の情報セキュリティ対策に関する文書を公開 | Main | 財務諸表の信頼性に重要な影響を及ぼす開示事項等に係る外部報告の信頼性を確保するための内部統制の評価 »
Comments
コンピュータ屋です。
いつも情報ありがとうございます。
米国は直接監査のみとなったわけですね。
すっきりしましたね。
我が国は、間接監査のみと言いながら、直接も含んでいますが。
2年目以降の再検討を期待しています。
Posted by: コンピュータ屋 | 2007.05.26 11:18
コンピュータ屋さん、コメントありがとうございます。
監査人が経営者評価の適正性を評価するためには、結局内部統制が有効かどうかも評価しなければならないので、まぁ、ダイレクトレポーティングのみのほうがすっきりしますね。。。
Posted by: 丸山満彦 | 2007.05.26 14:35