Cindy Fornelli Executive Director Center for Audit Quality

The Center for Audit Quality (CAQ) has issued a new reference source for public company auditors that provides lessons learned from integrated audits of internal control over financial reporting (ICFR).
 
CAQ Lessons Learned – Performing an Audit of Internal Control in an Integrated Audit identified 21 practical insights for auditors, including:
 
Understand and Use Management’s Assessment and Documentation as a Starting Point
Integrate the Audits
Establish the Right Team
Identify Material Risks to Reliable Financial Reporting
Identify Controls Necessary to Sufficiently Address Identified Risks
Take a Risk-Based Approach to Testing Identified Controls
 
Among its suggestions, the report offers practical pointers about performing an integrated audit, notes the benefits of a top-down, risk-based approach to emphasize areas where material risks are most likely, and also the advantages of maintaining an open line of communication between the auditor, company management and the audit committee.  
 
The CAQ effort supports compliance with the provisions of Section 404 of the Sarbanes-Oxley Act, which require public company management and auditors to evaluate and assess the effectiveness of the internal controls that contribute to public companies’ financial reports.
 
“Sharing experience across the profession enables auditors to serve investors even more effectively by enhancing the quality of internal controls and audits,” CAQ Executive Director Cindy Fornelli said.
 
The CAQ assembled a task force comprised of auditors with extensive experience with integrated audits. Based on their work with both accelerated and non-accelerated filers, task force members addressed filers’ concerns with background on the issues and suggestions for auditors. The 21 lessons learned can help advance the public company auditing profession’s goal of effective and efficient integrated audits that benefit investors and assist smaller auditing firms in the initial implementation of integrated audits.
 
According to Fornelli, the report is intended to help audit firms that have not yet had the opportunity to conduct an integrated audit, as well as more experienced firms that can benefit from the shared knowledge. “Not all firms handle all audit matters in the same way – nor should they – and task force discussions reflected this diversity in practice,” she explained. Fornelli added that SOX’s focus on internal control, and coordinating the internal control audit in conjunction with the existing audit of the financial statements, may present a new environment for auditors of smaller public companies.
 
The information contained in the report represents the views of the members of the task force, has not been approved by any regulatory body or any senior technical committee of the American Institute of Certified Public Accountants, and does not set standards for any purpose.
 
“CAQ Lessons Learned – Performing an Audit of Internal Control in an Integrated Audit” may be accessed online

The Center for Audit Quality (CAQ) is an autonomous public policy organization serving investors, public company auditors and the capital markets. The CAQ’s mission is to foster confidence in the audit process and to aid investors and the markets by advancing constructive suggestions for change rooted in the profession’s core values of integrity, objectivity, honesty and trust. Based in Washington, D.C., the CAQ is affiliated with the American Institute of Certified Public Accountants.