[Federal Register Volume 69, Number 197 (Wednesday, October 13, 2004)]
[Notices]
[Pages 60913-60924]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E4-2575]


=======================================================================
-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-50495; File No. PCAOB-2004-07]


Public Company Accounting Oversight Board; Notice of Filing of 
Proposed Rules on Conforming Amendments to PCAOB Interim Standards 
Resulting From the Adoption of PCAOB Auditing Standard No. 2, ``An 
Audit of Internal Control Over Financial Reporting Performed in 
Conjunction With an Audit of Financial Statements''

October 5, 2004.
    Pursuant to Section 107(b) of the Sarbanes-Oxley Act of 2002 (the 
``Act''), notice is hereby given that on September 16, 2004, the Public 
Company Accounting Oversight Board (the ``Board'' or the ``PCAOB'') 
filed with the Securities and Exchange Commission (the ``Commission'' 
or the ``SEC'') the proposed rule described in Items I and II below, 
which items have been prepared by the Board and are presented here in 
the form submitted by the Board. The Commission is publishing this 
notice to solicit comments on the proposed rule from interested 
persons.

I. Board's Statement of the Terms of Substance of the Proposed Rule

    On September 15, 2004, the Board adopted Conforming Amendments to 
PCAOB Interim Standards Resulting from the Adoption of PCAOB Auditing 
Standard No. 2, ``An Audit Of Internal Control Over Financial Reporting 
Performed In Conjunction With An Audit of Financial Statements'' (``the 
proposed rules''). The proposed rule text is set out as follows:
    Conforming Amendments to PCAOB Interim Standards Resulting from the 
Adoption of PCAOB Auditing Standard No. 2, ``An Audit Of Internal 
Control Over Financial Reporting Performed In Conjunction With An Audit 
Of Financial Statements''

Auditing Standards

AU Sec. 310, ``Appointment of the Independent Auditor''
    Statement on Auditing Standards (``SAS'') No. 1, ``Codification of 
Auditing Standards and Procedures,'' AU sec. 310, ``Appointment of the 
Independent Auditor,'' as amended by SAS No. 45, ``Omnibus Statement on 
Auditing Standards-1983,'' SAS No. 83, ``Establishing an Understanding 
With the Client,'' and SAS No. 89, ``Audit Adjustments'' (AU sec. 310, 
``Appointment of the Independent Auditor''), is amended as follows:
    a. The first sentence of paragraph .06 is amended to read as 
follows: An understanding with the client generally includes the 
following matters.
    b. The first bullet point of paragraph .06 is amended to read as 
follows: The objective of the audit is:
     Integrated audit of financial statements and internal 
control over financial reporting: The expression of an opinion on both 
management's assessment of internal control over financial reporting 
and on the financial statements.
     Audit of financial statements: The expression of an 
opinion on the financial statements.
    c. The third bullet point of paragraph .06 is amended to read as 
follows: Management is responsible for establishing and maintaining 
effective internal control over financial reporting. In an integrated 
audit of financial statements and internal control over financial 
reporting, an auditor is required to communicate, in writing, to 
management and the audit committee that the audit of internal control 
over financial reporting cannot be satisfactorily completed and that he 
or she is required to disclaim an opinion if management has not:
     Accepted responsibility for the effectiveness of the 
company's internal control over financial reporting.
     Evaluated the effectiveness of the company's internal 
control over financial reporting using suitable control criteria,
     Supported its evaluation with sufficient evidence, 
including documentation, and
     Presented a written assessment of the effectiveness of the 
company's internal control over financial reporting as of the end of 
the company's most recent fiscal year.
    d. The seventh bullet point of paragraph .06 is amended to read as 
follows: The auditor is responsible for conducting the audit in 
accordance with the standards of the Public Company Accounting 
Oversight Board. Those standards require that the auditor:
     Integrated audit of financial statements and internal 
control over financial reporting: Obtain reasonable assurance about 
whether the financial statements are free of material misstatement, 
whether caused by error or fraud, and whether management's assessment 
of the effectiveness of the company's internal control over financial 
reporting is fairly stated in all material respects. Accordingly, there 
is some risk that a material misstatement of the financial statements 
or a material weakness in internal control over financial reporting 
would remain undetected. Although not absolute assurance, reasonable 
assurance is, nevertheless, a high level of assurance. Also, an 
integrated audit is not designed to detect error or fraud that is 
immaterial to the financial statements or deficiencies in internal 
control over financial reporting that, individually or in combination, 
are less severe than a material weakness. If, for any reason, the 
auditor is unable to complete the audit or is unable to form or has not 
formed an opinion, he or she may decline to express an opinion or 
decline to issue a report as a result of the engagement.
     Audit of financial statements: Obtain reasonable assurance 
about whether the financial statements are free of material 
misstatement, whether caused by error or fraud. Accordingly, there is 
some risk that a material misstatement would remain undetected. 
Although not absolute assurance, reasonable assurance is, nevertheless, 
a high level of assurance. Also, a financial statement audit is not 
designed to detect error or fraud that is immaterial to the financial 
statements. If, for any reason, the auditor is unable to complete the 
audit or is unable to form or has not formed an opinion, he or she may 
decline to express an opinion or decline to issue a report as a result 
of the engagement.
    e. The eighth bullet point of paragraph .06 is amended to read as 
follows:
    An audit includes:
     Integrated audit of financial statements and internal 
control over financial reporting: Planning and performing the audit to 
obtain reasonable assurance about whether the company maintained, in 
all material respects, effective internal control over financial 
reporting as of the date

[[Page 60914]]

specified in management's assessment. The auditor is also responsible 
for obtaining an understanding of internal control sufficient to plan 
the financial statement audit and to determine the nature, timing, and 
extent of audit procedures to be performed. The auditor is also 
responsible for communicating in writing:
     To the audit committee--all significant deficiencies and 
material weaknesses identified during the audit.
     To management--all internal control deficiencies 
identified during the audit and not previously communicated in writing 
by the auditor or by others, including internal auditors or others 
inside or outside the company.
     To the board of directors--any specific significant 
deficiency or material weakness identified because the auditor 
concludes that the audit committee's oversight of the company's 
external financial reporting and internal control over financial 
reporting is ineffective.
     Audit of financial statements: Obtaining an understanding 
of internal control sufficient to plan the audit and to determine the 
nature, timing, and extent of audit procedures to be performed. An 
audit is not designed to provide assurance on internal control or to 
identify internal control deficiencies. However, the auditor is 
responsible for communicating in writing:
     To the audit committee--all significant deficiencies and 
material weaknesses identified during the audit.
     To the board of directors--if the auditor becomes aware 
that the oversight of the company's external financial reporting and 
internal control over financial reporting by the company's audit 
committee is ineffective, that specific significant deficiency or 
material weakness.
AU Sec. 311, ``Planning and Supervision''
    SAS No. 22, ``Planning and Supervision,'' as amended by SAS No. 47, 
``Audit Risk and Materiality in Conducting an Audit,'' SAS No. 48, 
``The Effects of Computer Processing on the Audit of Financial 
Statements,'' and SAS No. 77, ``Amendments to Statements on Auditing 
Standards No. 22, `Planning and Supervision,' No. 59, `The Auditor's 
Consideration of an Entity's Ability to Continue as a Going Concern,' 
No. 62, `Special Reports''' (AU sec. 311, ``Planning and 
Supervision''), is amended by adding the following note after paragraph 
1: Note:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraph 39 of PCAOB Auditing Standard No. 2 regarding planning 
considerations in addition to the planning considerations set forth 
in this section.

AU Sec. 312, ``Audit Risk and Materiality in Conducting an Audit''
    SAS No. 47, ``Audit Risk and Materiality in Conducting an Audit,'' 
as amended by SAS No. 82, ``Consideration of Fraud in a Financial 
Statement Audit,'' SAS No. 96, ``Audit Documentation,'' and SAS No. 98, 
``Omnibus Statement on Auditing Standards--2002'' (AU sec. 312, ``Audit 
Risk and Materiality in Conducting an Audit''), is amended as follows:
    a. The following note is added after paragraph 3.

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 22-23 of PCAOB Auditing Standard No. 2 regarding 
materiality considerations.


    b. The following note is added after paragraph 5.

    Note: An integrated audit of financial statements and internal 
control over financial reporting is not designed to detect 
deficiencies in internal control over financial reporting that, 
individually or in the aggregate, are less severe than a material 
weakness.

    c. The following note is added after paragraph 7.

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 24-26 of PCAOB Auditing Standard No. 2 regarding fraud 
considerations.


    d. The following note is added after paragraph 12.

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 22-23 and 39 of PCAOB Auditing Standard No. 2 regarding 
materiality and planning considerations, respectively.


    e. The following note is added after paragraph 18.

    Note:  When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
Appendix B, ``Additional Performance Requirements and Directions; 
Extent-of-Testing Examples,'' of PCAOB Auditing Standard No. 2 for 
considerations when a company has multiple locations or business 
units.

    f. The following note is added after paragraph 30.

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 147-149 of PCAOB Auditing Standard No. 2 regarding tests 
of controls.

AU Sec. 313, ``Substantive Tests Prior to the Balance-Sheet Date''
    SAS No. 45, ``Omnibus Statement on Auditing Standards--1983'' (AU 
sec. 313, ``Substantive Tests Prior to the Balance-Sheet Date''), is 
amended by adding the following note after paragraph 1:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 98-103 of PCAOB Auditing Standard No. 2 regarding timing 
of tests of controls.

AU Sec. 316, ``Consideration of Fraud in a Financial Statement Audit''
    SAS No. 99, ``Consideration of Fraud in a Financial Statement 
Audit'' (AU sec. 316, ``Consideration of Fraud in a Financial Statement 
Audit''), is amended as follows:
    a. The following note is added after paragraph 1:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 24-26 of PCAOB Auditing Standard No. 2 regarding fraud 
considerations, in addition to the fraud consideration set forth in 
this section.

    b. In paragraph 80, the phrase ``the auditor should consider 
whether these risks represent reportable conditions relating to the 
entity's internal control that should be communicated to senior 
management and the audit committee'' is replaced by ``the auditor 
should consider whether these risks represent significant deficiencies 
that must be communicated to senior management and the audit 
committee'' and the reference to section 325, ``Communication of 
Internal Control Related Matters Noted in an Audit,'' paragraph .04 is 
replaced by the reference to section 325, ``Communications About 
Control Deficiencies in An Audit of Financial Statements,'' paragraph 
4.
AU Sec. 319, ``Consideration of Internal Control in a Financial 
Statement Audit''
    SAS No. 55, ``Consideration of Internal Control in a Financial 
Statement Audit,'' as amended by SAS No. 78, ``Consideration of 
Internal Control in a Financial Statement Audit: An Amendment of 
Statement on Auditing Standards No. 55,'' and SAS No. 94, ``The Effect 
of Information Technology on the Auditor's Consideration of Internal 
Control in a Financial Statement Audit'' (AU sec. 319, ``Consideration 
of Internal Control in a Financial Statement Audit''), is amended as 
follows:

[[Page 60915]]

    a. In paragraph 2, the term ``assertions'' is replaced by the term 
``relevant assertions.''
    b. The following sentence is added at the end of paragraph 2: 
Regardless of the assessed level of control risk, the auditor should 
perform substantive procedures for all relevant assertions related to 
all significant accounts and disclosures in the financial statements.
    c. The following note is added after paragraph 2:

    Note: Refer to paragraphs 68-70 of PCAOB Auditing Standard No. 2 
for discussion of identifying relevant financial statement 
assertions.

    d. The following note is added after paragraph 9:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
Appendix B, ``Additional Performance Requirements and Directions; 
Extent-of-Testing Examples,'' of PCAOB Auditing Standard No. 2 for 
discussion of considerations when a company has multiple locations 
or business units.


    e. The following note is added after paragraph 42:

    Note: For purposes of evaluating the effectiveness of internal 
control over financial reporting, the auditor's understanding of 
control activities encompasses a broader range of accounts and 
disclosures than what is normally obtained in a financial statement 
audit.


    f. The following note is added after paragraph 65:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, if the 
auditor assesses control risk as other than low for certain 
assertions or significant accounts, the auditor should document the 
reasons for that conclusion.


    g. The following note is added after paragraph 83:

    Note: In an integrated audit of financial statements and 
internal control over financial reporting, PCAOB Auditing Standard 
No. 2 states, in part, that ``If, however, the auditor assesses 
control risk as other than low for certain assertions or significant 
accounts, the auditor should document the reasons for that 
conclusion.'' Accordingly, if control risk is assessed at the 
maximum level, the auditor should document the basis for that 
conclusion. Refer to paragraphs 159-161 of PCAOB Auditing Standard 
No. 2 for additional information regarding documentation 
requirements.


    h. The following note is added after paragraph 97:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 104-105 of PCAOB Auditing Standard No. 2 for discussion 
on the extent of tests of controls.

    i. The last sentence of paragraph 107 is replaced with the 
following sentence:
    Consequently, regardless of the assessed level of control risk, the 
auditor should perform substantive procedures for all relevant 
assertions related to all significant accounts and disclosures in the 
financial statements.
AU Sec. 322, ``The Auditor's Consideration of the Internal Audit 
Function in an Audit of Financial Statements''
    SAS No. 65, ``The Auditor's Consideration of the Internal Audit 
Function in an Audit of Financial Statements'' (AU sec. 322, ``The 
Auditor's Consideration of the Internal Audit Function in an Audit of 
Financial Statements''), is amended as follows:
    a. The following note is added after paragraph 1:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 108-126 of PCAOB Auditing Standard No. 2 for discussion 
on using the work of others to alter the nature, timing, and extent 
of the work that otherwise would have been performed to test 
controls.


    b. The second sentence of paragraph 16 is replaced with the 
following sentence:
    The auditor assesses control risk for each of the relevant 
financial statement assertions related to all significant accounts and 
disclosures in the financial statements and performs tests of controls 
to support assessments below the maximum.
    c. The following note is added after paragraph 20:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 112-116 of PCAOB Auditing Standard No. 2 regarding 
evaluating the nature of controls subjected to the work of others.


    d. The following note is added after paragraph 22:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraph 122 of PCAOB Auditing Standard No. 2 regarding assessing 
the interrelationship of the nature of the controls and the 
competence and objectivity of those who performed the work.

AU Sec. 324, ``Service Organizations''
    SAS No. 70, ``Service Organizations,'' as amended by SAS No. 78, 
``Consideration of Internal Control in a Financial Statement Audit: An 
Amendment to Statement on Auditing Standard No. 55,'' SAS No. 88, 
``Service Organizations and Reporting on Consistency,'' and SAS No. 98, 
``Omnibus Statement on Auditing Standards--2002'' (AU sec. 324, 
``Service Organizations''), is amended as follows:
    a. The following note is added after paragraph 1:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs B18-B29 of Appendix B, ``Additional Performance 
Requirements and Directions; Extent-of-Testing Examples,'' in PCAOB 
Auditing Standard No. 2 regarding the use of service organizations.


    b. In paragraph 20, the term ``reportable conditions'' is replaced 
by the term ``significant deficiencies'' and the reference to section 
325, ``Communication of Internal Control Related Matters Noted in an 
Audit,'' is replaced by the reference to section 325, ``Communications 
About Control Deficiencies in An Audit of Financial Statements.''
AU Sec. 325, ``Communication of Internal Control Related Matters Noted 
in an Audit''
    SAS No. 60, ``Communication of Internal Control Related Matters 
Noted in an Audit,'' as amended by SAS No. 78, ``Consideration of 
Internal Control in a Financial Statement Audit: An Amendment to 
Statement on Auditing Standards No. 55,'' and SAS No. 87, ``Restricting 
the Use of an Auditor's Report'' (AU Sec. 325, ``Communication of 
Internal Control Related Matters Noted in an Audit''), is superseded.
     In an integrated audit of financial statements and 
internal control over financial reporting, SAS No. 60, as amended, is 
superseded by paragraphs 207-214 of PCAOB Auditing Standard No. 2.
     In an audit of financial statements only, SAS No. 60, as 
amended, is superseded by the following paragraphs.

Communications About Control Deficiencies in an Audit of Financial 
Statements

    1. In an audit of financial statements, the auditor may identify 
deficiencies in the company's internal control over financial 
reporting. A control deficiency exists when the design or operation of 
a control does not allow management or employees, in the normal course 
of performing their assigned functions, to prevent or detect 
misstatements on a timely basis.
     A deficiency in design exists when (a) a control necessary 
to meet the control objective is missing or (b) an

[[Page 60916]]

existing control is not properly designed so that, even if the control 
operates as designed, the control objective is not always met.
     A deficiency in operation exists when a properly designed 
control does not operate as designed or when the person performing the 
control does not possess the necessary authority or qualifications to 
perform the control effectively.
    2. A significant deficiency is a control deficiency, or combination 
of control deficiencies, that adversely affects the company's ability 
to initiate, authorize, record, process, or report external financial 
data reliably in accordance with generally accepted accounting 
principles such that there is more than a remote likelihood that a 
misstatement of the company's annual or interim financial statements 
that is more than inconsequential will not be prevented or detected.


    Note: The term ``remote likelihood'' as used in the definitions 
of significant deficiency and material weakness (paragraph 3) has 
the same meaning as the term ``remote'' as used in Financial 
Accounting Standards Board Statement No. 5, Accounting for 
Contingencies (``FAS No. 5''). Paragraph 3 of FAS No. 5 states:


    When a loss contingency exists, the likelihood that the future 
event or events will confirm the loss or impairment of an asset or the 
incurrence of a liability can range from probable to remote. This 
Statement uses the terms probable, reasonably possible, and remote to 
identify three areas within that range, as follows:
    a. Probable. The future event or events are likely to occur.
    b. Reasonably possible. The chance of the future event or events 
occurring is more than remote but less than likely.
    c. Remote. The chance of the future events or events occurring is 
slight.
    Therefore, the likelihood of an event is ``more than remote'' when 
it is either reasonably possible or probable.


    Note: A misstatement is inconsequential if a reasonable person 
would conclude, after considering the possibility of further 
undetected misstatements, that the misstatement, either individually 
or when aggregated with other misstatements, would clearly be 
immaterial to the financial statements. If a reasonable person could 
not reach such a conclusion regarding a particular misstatement, 
that misstatement is more than inconsequential.


    3. A material weakness is a significant deficiency, or combination 
of significant deficiencies, that results in more than a remote 
likelihood that a material misstatement of the annual or interim 
financial statements will not be prevented or detected.


    Note: In evaluating whether a control deficiency exists and 
whether control deficiencies, either individually or in combination 
with other control deficiencies, are significant deficiencies or 
material weaknesses, the auditor should consider the definitions in 
paragraphs 1, 2 and 3, and the directions in paragraphs 130 through 
137 of PCAOB Auditing Standard No. 2. As explained in paragraph 23 
of PCAOB Auditing Standard No. 2, the evaluation of the materiality 
of the control deficiency should include both quantitative and 
qualitative considerations. Qualitative factors that might be 
important in this evaluation include the nature of the financial 
statement accounts and assertions involved and the reasonably 
possible future consequences of the deficiency. Furthermore, in 
determining whether a control deficiency, or combination of 
deficiencies, is a significant deficiency or a material weakness, 
the auditor should evaluate the effect of compensating controls and 
whether such compensating controls are effective.



    4. The auditor must communicate in writing to management and the 
audit committee all significant deficiencies and material weaknesses 
identified during the audit. The written communication should be made 
prior to the issuance of the auditor's report on the financial 
statements. The auditor's communication should distinguish clearly 
between those matters considered significant deficiencies and those 
considered material weaknesses, as defined in paragraphs 2 and 3.


    Note: If no such committee exists with respect to the company, 
all references to the audit committee in this standard apply to the 
entire board of directors of the company.\1\ The auditor should be 
aware that companies whose securities are not listed on a national 
securities exchange or an automated inter-dealer quotation system of 
a national securities association (such as the New York Stock 
Exchange, American Stock Exchange, or NASDAQ) may not be required to 
have independent directors for their audit committees. In this case, 
the auditor should not consider the lack of independent directors or 
an audit committee at these companies indicative, by themselves, of 
a control deficiency. Likewise, the independence requirements of 
Securities Exchange Act Rule 10A-3 \2\ are not applicable to the 
listing of non-equity securities of a consolidated or at least 50 
percent beneficially owned subsidiary of a listed issuer that is 
subject to the requirements of Securities Exchange Act Rule 10A-
3(c)(2).\3\ Therefore, the auditor should interpret references to 
the audit committee in this standard, as applied to a subsidiary 
registrant, as being consistent with the provisions of Securities 
Exchange Act Rule 10A-3(c)(2).\4\ Furthermore, for subsidiary 
registrants, communications required by this standard to be directed 
to the audit committee should be made to the same committee or 
equivalent body that pre-approves the retention of the auditor by or 
on behalf of the subsidiary registrant pursuant to Rule 2-01(c)(7) 
of Regulation S-X \5\ (which might be, for example, the audit 
committee of the subsidiary registrant, the full board of the 
subsidiary registrant, or the audit committee of the subsidiary 
registrant's parent). In all cases, the auditor should interpret the 
terms ``board of directors'' and ``audit committee'' in this 
standard as being consistent with provisions for the use of those 
terms as defined in relevant SEC rules.

    \1\ See 15 U.S.C. 78c(a)58 and 15 U.S.C. 7201(a)(3).
    \2\ See 17 CFR 240.10A-3.
    \3\ See 17 CFR 240.10A-3(c)(2).
    \4\ See 17 CFR 240.10A-3(c)(2).
    \5\ See 17 CFR 210.2-01(c)(7).

    5. If oversight of the company's external financial reporting and 
internal control over financial reporting by the company's audit 
committee is ineffective, that circumstance should be regarded as at 
least a significant deficiency and as a strong indicator that a 
material weakness in internal control over financial reporting exists. 
Although there is not an explicit requirement to evaluate the 
effectiveness of the audit committee's oversight in an audit of only 
the financial statements, if the auditor becomes aware that the 
oversight of the company's external financial reporting and internal 
control over financial reporting by the company's audit committee is 
ineffective, the auditor must communicate that specific significant 
deficiency or material weakness in writing to the board of directors.
    6. These written communications should include:
    a. The definitions of significant deficiencies and material 
weaknesses and should clearly distinguish to which category the 
deficiencies being communicated relate.
    b. A statement that the objective of the audit was to report on the 
financial statements and not to provide assurance on internal control.
    c. A statement that the communication is intended solely for the 
information and use of the board of directors, audit committee, 
management, and others within the organization. When there are 
requirements established by governmental authorities to furnish such 
written communications, specific reference to such regulatory 
authorities may be made.
    7. The auditor might identify matters in addition to those required 
to be communicated by this standard. Such matters include control 
deficiencies identified by the auditor that are neither

[[Page 60917]]

significant deficiencies nor material weaknesses and matters the 
company may request the auditor to be alert to that go beyond those 
contemplated by this standard. The auditor may report such matters to 
management, the audit committee, or others, as appropriate.
    8. The auditor should not report in writing that no significant 
deficiencies were discovered during an audit of financial statements 
because of the potential that the limited degree of assurance 
associated with such a report will be misunderstood.
    9. When timely communication is important, the auditor should 
communicate the preceding matters during the course of the audit rather 
than at the end of the engagement. The decision about whether to issue 
an interim communication should be determined based on the relative 
significance of the matters noted and the urgency of corrective follow-
up action required.
    In an audit of financial statements only, auditing interpretation 1 
to AU sec. 325, ``Reporting on the Existence of Material Weaknesses,'' 
continues to apply except that the term ``reportable condition'' means 
``significant deficiency,'' as defined in paragraph 9 of PCAOB Auditing 
Standard No. 2.
AU Sec. 326, ``Evidential Matter''
    SAS No. 31, ``Evidential Matter,'' as amended by SAS No. 48, ``The 
Effects of Computer Processing on the Audit of Financial Statements,'' 
and SAS No. 80, ``Amendment to Statement on Auditing Standards No. 31, 
`Evidential Matter' '' (AU sec. 326, ``Evidential Matter''), is amended 
by adding the following sentences at the end of paragraph 19:
    Additionally, the auditor's substantive procedures must include 
reconciling the financial statements to the accounting records. The 
auditor's substantive procedures also should include examining material 
adjustments made during the course of preparing the financial 
statements.
AU Sec. 329, ``Analytical Procedures''
    SAS No. 56, ``Analytical Procedures,'' as amended by SAS No. 96, 
``Audit Documentation'' (AU sec. 329, ``Analytical Procedures''), is 
amended as follows:
    a. The following sentence is added to the end of paragraph 9: For 
significant risks of material misstatement, it is unlikely that audit 
evidence obtained from substantive analytical procedures alone will be 
sufficient.
    b. The following sentences are added to the end of paragraph 10: 
When designing substantive analytical procedures, the auditor also 
should evaluate the risk of management override of controls. As part of 
this process, the auditor should evaluate whether such an override 
might have allowed adjustments outside of the normal period-end 
financial reporting process to have been made to the financial 
statements. Such adjustments might have resulted in artificial changes 
to the financial statement relationships being analyzed, causing the 
auditor to draw erroneous conclusions. For this reason, substantive 
analytical procedures alone are not well suited to detecting fraud.
    c. The following sentence is added to the beginning of paragraph 
16: Before using the results obtained from substantive analytical 
procedures, the auditor should either test the design and operating 
effectiveness of controls over financial information used in the 
substantive analytical procedures or perform other procedures to 
support the completeness and accuracy of the underlying information.
AU Sec. 332, ``Auditing Derivative Instruments, Hedging Activities, and 
Investments in Securities''
    SAS No. 92, ``Auditing Derivative Instruments, Hedging Activities, 
and Investments in Securities'' (AU sec. 332, ``Auditing Derivative 
Instruments, Hedging Activities, and Investments in Securities''), is 
amended by adding the following note after paragraph 11:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, PCAOB 
Auditing Standard No. 2 states, ``the auditor must obtain sufficient 
competent evidence about the design and operating effectiveness of 
controls over all relevant financial statement assertions related to 
all significant accounts and disclosures in the financial 
statements.'' Therefore, in an integrated audit of financial 
statements and internal control over financial reporting, if a 
company's investment in derivatives and securities represents a 
significant account, the auditor's understanding of controls should 
include controls over derivatives and securities transactions from 
their initiation to their inclusion in the financial statements and 
should encompass controls placed in operation by the entity and 
service organizations whose services are part of the entity's 
information system.

AU Sec. 333, ``Management Representations''
    SAS No. 85, ``Management Representations,'' as amended by SAS No. 
89, ``Audit Adjustments,'' and SAS No. 99 ``Consideration of Fraud in a 
Financial Statement Audit'' (AU sec. 333, ``Management 
Representations''), is amended by adding the following note after 
paragraph 5:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 142-144 of PCAOB Auditing Standard No. 2 for additional 
required written representations to be obtained from management.

AU Sec. 342, ``Auditing Accounting Estimates''
    SAS No. 57, ``Auditing Accounting Estimates'' (AU sec. 342, 
``Auditing Accounting Estimates''), is amended by adding the following 
note after paragraph 10:

    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, the 
auditor may use any of the three approaches. However, the work that 
the auditor performs as part of the audit of internal control over 
financial reporting should necessarily inform the auditor's 
decisions about the approach he or she takes to auditing an estimate 
because, as part of the audit of internal control over financial 
reporting, the auditor would be required to obtain an understanding 
of the process management used to develop the estimate and to test 
controls over all relevant assertions related to the estimate.

AU Sec. 380, ``Communication with Audit Committees''
    SAS No. 61, ``Communication with Audit Committees'' (AU sec. 380, 
``Communication with Audit Committees''), is amended by replacing the 
title of Section 325 in the first bullet in footnote 1 in paragraph 1 
with ``Communications About Control Deficiencies in An Audit of 
Financial Statements'' and adding the following after the last bullet 
in footnote 1 in paragraph 1:
     PCAOB Auditing Standard No. 2, An Audit of Internal 
Control Over Financial Reporting Performed in Conjunction with an Audit 
of Financial Statements.
AU Sec. 508, ``Reports on Audited Financial Statements''
    SAS No. 58, ``Reports on Audited Financial Statements,'' as amended 
by SAS No. 64, ``Omnibus Statement on Auditing Standards--1990,'' SAS 
No. 79, ``Amendment to Statement on Auditing Standards No. 58, `Reports 
on Audited Financial Statements,' '' SAS No. 85, ``Management 
Representations,'' SAS No. 93, ``Omnibus Statement on Auditing 
Standards--2000,'' and SAS No. 98, ``Omnibus Statement on Auditing 
Standards--2002'' (AU sec. 508, ``Reports on Audited Financial 
Statements''), is amended as follows:
    a. The following note is added after paragraph 1:


    Note: When performing an integrated audit of financial 
statements and internal control

[[Page 60918]]

over financial reporting, the auditor may choose to issue a combined 
report or separate reports on the company's financial statements and 
on internal control over financial reporting. Refer to paragraphs 
162-199 of PCAOB Auditing Standard No. 2 for direction on reporting 
on internal control over financial reporting. In addition, see 
Appendix A, ``Illustrative Reports on Internal Control Over 
Financial Reporting,'' of PCAOB Auditing Standard No. 2 which 
includes an illustrative combined audit report and examples of 
separate reports.


    b. The following subparagraph is added to paragraph 8:
    k. When performing an integrated audit of financial statements and 
internal control over financial reporting, if the auditor issues 
separate reports on the company's financial statements and on internal 
control over financial reporting, the following paragraph should be 
added to the auditor's report on the company's financial statements:
    We also have audited, in accordance with the standards of the 
Public Company Accounting Oversight Board (United States), the 
effectiveness of X Company's internal control over financial reporting 
as of December 31, 20X3, based on [identify control criteria] and our 
report dated [date of report, which should be the same as the date of 
the report on the financial statements] expressed [include nature of 
opinions].
AU Sec. 530, ``Dating of the Independent Auditor's Report''
    SAS No. 1, ``Codification of Auditing Standards and Procedures,'' 
AU sec. 530, ``Dating of the Independent Auditor's Report,'' as amended 
by SAS No. 29, ``Reporting on Information Accompanying the Basic 
Financial Statements in Auditor-Submitted Documents,'' and SAS No. 98, 
``Omnibus Statement on Auditing Standards--2002'' (AU sec. 530, 
``Dating of the Independent Auditor's Report''), is amended by adding 
the following note after paragraph .01:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, the 
auditor's reports on the company's financial statements and on 
internal control over financial reporting should be dated the same 
date. Refer to paragraphs 171-172 of PCAOB Auditing Standard No. 2, 
which provide direction with respect to the report date in an audit 
of internal control over financial reporting.


AU Sec. 532, ``Restricting the Use of an Auditor's Report''
    SAS No. 87, ``Restricting the Use of an Auditor's Report,'' (AU 
sec. 532, ``Restricting the Use of an Auditor's Report''), is amended 
by replacing ``Section 325, Communication of Internal Control Related 
Matters Noted in an Audit'' in the first bullet of paragraph .07 with 
``Section 325, Communications About Control Deficiencies in An Audit of 
Financial Statements.''
AU Sec. 543, ``Part of Audit Performed by Other Independent Auditors''
    SAS No. 1, ``Codification of Auditing Standards and Procedures,'' 
AU sec. 543, ``Part of Audit Performed by Other Independent Auditors,'' 
as amended by SAS No. 64, ``Omnibus Statement on Auditing Standards--
1990'' (AU sec. 543, ``Part of Audit Performed by Other Independent 
Auditors''), is amended by adding the following note after paragraph 
.01:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 182-185 of PCAOB Auditing Standard No. 2, which provide 
direction with respect to opinions based, in part, on the report of 
another auditor in an audit of internal control over financial 
reporting.


AU Sec. 9550, ``Other Information in Documents Containing Audited 
Financial Statements: Auditing Interpretations of Section 550
    AU sec. 9550, ``Other Information in Documents Containing Audited 
Financial Statements: Auditing Interpretations of Section 550,'' is 
amended by replacing the term ``reportable conditions'' with the term 
``significant deficiencies'' in footnote 8 to paragraph 15 and also 
replaces in that footnote the reference to Section 325.17 with the 
reference Section 325.8.
AU Sec. 560, ``Subsequent Events''
    SAS No. 1, ``Codification of Auditing Standards and Procedures,'' 
AU sec. 560, ``Subsequent Events,'' as amended by SAS No. 12, ``Inquiry 
of a Client's Lawyer Concerning Litigation, Claims, and Assessments,'' 
and SAS No. 98, ``Omnibus Statement on Auditing Standards--2002'' (AU 
sec. 560, ``Subsequent Events''), is amended by adding the following 
note after paragraph .01:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 186-189 of PCAOB Auditing Standard No. 2, which provide 
direction with respect to subsequent events in an audit of internal 
control over financial reporting.


AU Sec. 561, ``Subsequent Discovery of Facts Existing at the Date of 
the Auditor's Report''
    SAS No. 1, ``Codification of Auditing Standards and Procedures,'' 
AU sec. 561, ``Subsequent Discovery of Facts Existing at the Date of 
the Auditor's Report,'' as amended by SAS No. 98, ``Omnibus Statement 
on Auditing Standards--2002'' (AU sec. 561, ``Subsequent Discovery of 
Facts Existing at the Date of the Auditor's Report''), is amended by 
adding the following note after paragraph .01:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraph 197 of PCAOB Auditing Standard No. 2, which provides 
direction with respect to the subsequent discovery of information 
existing at the date of the auditor's report on internal control 
over financial reporting.


AU Sec. 634, ``Letters for Underwriters and Certain Other Requesting 
Parties''
    SAS No. 72, ``Letters for Underwriters and Certain Other Requesting 
Parties,'' as amended by SAS No. 76, ``Amendments to Statement on 
Auditing Standards No. 72, Letters for Underwriters and Certain Other 
Requesting Parties,'' and SAS No. 86, ``Amendment to Statement on 
Auditing Standards No. 72, Letters for Underwriters and Certain Other 
Requesting Parties'' (AU sec. 634, ``Letters for Underwriters and 
Certain Other Requesting Parties'') is amended by replacing the 
reference to ``Section 325, Communication of Internal Control Related 
Matters Noted in an Audit'' with ``Section 325, Communications About 
Control Deficiencies in An Audit of Financial Statements.''
AU Sec. 711, ``Filings Under Federal Securities Statutes''
    SAS No. 37, ``Filings Under Federal Securities Statutes'' (AU sec. 
711, ``Filings Under Federal Securities Statutes''), is amended by 
adding the following note after paragraph 2:


    Note: When performing an integrated audit of financial 
statements and internal control over financial reporting, refer to 
paragraphs 198-199 of PCAOB Auditing Standard No. 2, which provide 
direction when an auditor's report on internal control over 
financial reporting is included or incorporated by reference in 
filings under federal securities statutes.


AU Sec. 722, ``Interim Financial Information''
    SAS No. 100, ``Interim Financial Information'' (AU sec. 722, 
``Interim Financial Information''), is amended as follows:

[[Page 60919]]

    a. The following note is added after paragraph 3:


    Note: When an auditor is engaged to perform an integrated audit 
of financial statements and internal control over financial 
reporting, refer to paragraphs 202-206 of PCAOB Auditing Standard 
No. 2, which provide direction regarding the auditor's evaluation 
responsibilities as they relate to management's quarterly 
certifications on internal control over financial reporting.


    a. In paragraph 9, the term ``reportable conditions'' is replaced 
by the term ``significant deficiencies.''
    b. In paragraph 33, the term ``reportable conditions'' is replaced 
by the term ``significant deficiencies.'' Also, the third sentence is 
replaced by the following:
    A significant deficiency is a control deficiency, or combination of 
control deficiencies, that adversely affects the company's ability to 
initiate, authorize, record, process, or report external financial data 
reliably in accordance with generally accepted accounting principles 
such that there is more than a remote likelihood that a misstatement of 
the company's annual or interim financial statements that is more than 
inconsequential will not be prevented or detected.
    c. The reference in footnote 22 to paragraph 33 to ``Section 325, 
Communication of Internal Control Related Matters in an Audit'' is 
replaced with ``Section 325, Communications About Control Deficiencies 
in An Audit of Financial Statements.''

Attestation Standards

AT sec. 501, ``Reporting on an Entity's Internal Control Over Financial 
Reporting''
    Chapter 5, ``Reporting on an Entity's Internal Control Over 
Financial Reporting,'' of Statement on Standards for Attestation 
Engagements No. 10, ``Attestation Standards: Revision and 
Recodification'' (AT sec. 501, ``Reporting on an Entity's Internal 
Control Over Financial Reporting''), and its related interpretation (AT 
sec. 9501, ``Reporting on an Entity's Internal Control Over Financial 
Reporting: Attest Engagements Interpretations of Section 501''), are 
superseded by the conforming amendments and, accordingly, are no longer 
interim standards of the Board.

Independence Standards

ET Sec. 101.05
    Rule 101, ``Independence'' (ET sec. 101.05) is amended by adding 
the following note after the second paragraph of interpretation 101-3, 
``Performance of Other Services:''

    Note:  Paragraph 33 of PCAOB Auditing Standard No. 2 contains an 
additional requirement related to audit committee pre-approval of 
internal control-related services.

II. Board's Statement of the Purpose of, and Statutory Basis for, the 
Proposed Rules

    In its filing with the Commission, the Board included statements 
concerning the purpose of, and basis for, the proposed rules and 
discussed any comments it received on the proposed rules. The text of 
these statements may be examined at the places specified in Item IV 
below. The Board has prepared summaries, set forth in sections A, B, 
and C below, of the most significant aspects of such statements.

A. Board's Statement of the Purpose of, and Statutory Basis for, the 
Proposed Rules

(a) Purpose
    When the Board adopted PCAOB Auditing Standard No. 2, An Audit of 
Internal Control Over Financial Reporting Performed in Conjunction with 
An Audit of Financial Statements (PCAOB Release No. 2004-001, dated 
March 9, 2004) (the ``internal control standard''), the Board 
recognized that the internal control standard superseded the 
professional standards adopted by the Board as its interim standards 
\6\ in some respects, and that express amendments to those standards 
could be helpful to make the interim standards consistent with the 
principles and requirements in the internal control standard. The Board 
also planned to make several amendments to the interim standards that 
would be applicable to situations in which Section 404 of the Sarbanes-
Oxley Act of 2002 is not applicable and only the financial statements 
of a company are required to be audited. Accordingly, the Board issued 
for public comment the proposed conforming amendments, which identified 
conforming changes to the interim standards resulting from the adoption 
of PCAOB Auditing Standard No. 2.
---------------------------------------------------------------------------

    \6\ Effective April 16, 2003, the PCAOB adopted, on an initial, 
transitional basis, five temporary interim standards rules (PCAOB 
Rules 3200T, 3300T, 3400T, 3500T, and 3600T) that refer to pre-
existing professional standards of auditing, attestation, quality 
control, ethics, and independence (the ``interim standards''). These 
rules were approved by the Securities and Exchange Commission on 
April 25, 2003 (See SEC Release No. 33-8222). On December 17, 2003, 
the Board approved technical amendments to the interim standards 
rules indicating that, ``when the Board adopts a new auditing and 
related professional practice standard that addresses a subject 
matter that also is addressed in the interim standards, the affected 
portion of the interim standards will be susperseded or effectively 
amended. Accordingly, the Board approved adding the phrase `to the 
extent not superseded or amended by the Board' to each of the 
interim standards rules.''
---------------------------------------------------------------------------

    The purpose of the conforming amendments is to specifically 
identify changes to the interim standards that result from the adoption 
of PCAOB Auditing Standard No. 2. The Board believes that 
identification of such changes is helpful in enabling auditors to 
comply with the Board's standards, as well as in eliminating potential 
confusion and inconsistencies in interpretation with respect to the 
affected portions of the interim standards. Accordingly, the scope of 
the conforming amendments is relatively narrow and comprises amendments 
to the interim standards resulting only from the adoption of PCAOB 
Auditing Standard No. 2.
(b) Statutory Basis
    The statutory basis for the proposed rules is Title I of the Act.

B. Board's Statement on Burden on Competition

    The Board does not believe that the proposed rules will result in 
any burden on competition that is not necessary or appropriate in 
furtherance of the purposes of the Act. The proposed rules identify 
changes to the interim standards that result from the adoption of PCAOB 
Auditing Standard No. 2.

C. Board's Statement on Comments on the Proposed Rules Received From 
Members, Participants or Others

    The Board released the proposed rules for public comment in PCAOB 
Release No. 2004-002 (March 9, 2004). A copy of PCAOB Release No. 2004-
002 and the comment letters received in response to the PCAOB's request 
for comment are available on the PCAOB's Web site at www.pcaobus.org. 
The Board received 10 written comments. The Board has modified certain 
aspects of the proposed rules in response to comments it received, as 
discussed below:
1. Auditing Standards
    The Board's interim auditing standards include the Statements on 
Auditing Standards promulgated by the American Institute of Certified 
Public Accountants (``AICPA'') Auditing Standards Board (``ASB''), as 
in existence on April 16, 2003.\7\ The conforming amendments to the 
Board's interim auditing standards include (a) the addition of 
references to assist auditors in performing an integrated

[[Page 60920]]

audit of financial statements and internal control over financial 
reporting and (b) amendments to incorporate certain requirements in 
PCAOB Auditing Standard No. 2 that also apply when an auditor is 
engaged solely to audit a company's financial statements.
---------------------------------------------------------------------------

    \7\ The Statements on Auditing Standards (``AU'') are codified 
into the AICPA Professional Standards, vol. 1, as AU sections 100 
through 901.
---------------------------------------------------------------------------

a. Addition of References to the Interim Standards
    References have been added to assist auditors in performing an 
integrated audit of financial statements and internal control over 
financial reporting. Auditors are cautioned that the references might 
not be all inclusive. If there is any conflict between the interim 
auditing standards and PCAOB Auditing Standard No. 2, auditors should 
follow the provisions of PCAOB Auditing Standard No. 2.
    In the release relating to the proposed conforming amendments, 
commenters were asked whether the proposed references would be useful 
to auditors performing an integrated audit of financial statements and 
internal control over financial reporting. The release also asked 
whether any references considered beneficial were omitted from the 
proposed standard.
    Most commenters found the proposed references to be helpful to 
auditors performing both integrated audits and audits of financial 
statements. Several commenters voiced concerns stemming from the lack 
of a codification of PCAOB auditing standards. The Board believes that 
auditors will find the listing of conforming amendments in this 
rulemaking to be a useful tool for reconciling changes to the interim 
standards. The Board decided that no change is necessary to the 
conforming amendments in response to these comments regarding a 
codification because these comments were outside the scope of this 
rulemaking.
    In addition, several commenters suggested additional references to 
include in the final conforming amendments. The Board evaluated each of 
these suggestions individually and included them in the final 
conforming amendments where deemed appropriate.
b. Amendments To Incorporate Requirements From PCAOB Auditing Standard 
No. 2
    While PCAOB Auditing Standard No. 2 is directed primarily to an 
auditor performing an integrated audit of financial statements and 
internal control over financial reporting, some provisions in that 
standard are relevant to situations in which an auditor is engaged 
solely to audit a company's financial statements, such as in an audit 
of financial statements presented in connection with an initial public 
offering, in which the company is not subject to the requirements of 
Section 404 of the Act and the SEC's rules implementing that 
provision.\8\ Therefore, this rulemaking amends certain interim 
standards directly because those amendments would apply in all cases.
---------------------------------------------------------------------------

    \8\ See Final Rule: Management's Reports on Internal Control 
Over Financial Reporting and Certification of Disclosure in Exchange 
Act Periodic Reports. Securities and Exchange Commission Release No. 
33-8238 (June 5, 2003) [68 FR 36636].
---------------------------------------------------------------------------

    In the release relating to the proposed conforming amendments, 
commenters were asked (a) whether the proposed amendments clearly 
describe the new requirements that apply either when the auditor is 
engaged to audit only the financial statements or when the auditor is 
engaged to perform an integrated audit of the financial statements and 
internal control over financial reporting; and (b) whether there were 
any additional requirements not already identified that also should 
apply when the auditor is engaged to audit only the financial 
statements.
    Most commenters found the proposed amendments both clear and 
helpful. A few commenters suggested editorial changes to the proposed 
amendments, while others suggested additional amendments. The Board 
reviewed all such comments and, where appropriate, incorporated them 
into the final conforming amendments.
    One commenter believed that a number of new requirements that apply 
when the auditor is engaged to audit only the financial statements have 
been obscured behind the label of ``conforming changes'' and that, as a 
result, auditors will fail to notice such new requirements. This 
commenter suggested that the Board appropriately highlight each new 
requirement for such audits to ensure that auditors are aware of and 
fully understand the ramifications of each new requirement. The changes 
described in the conforming amendments were first presented for public 
comment in connection with the Board's proposal of Auditing Standard 
No. 2 in October 2003. Because a number of commenters, when commenting 
on that proposal, suggested that a more detailed explanation of these 
changes could be helpful to practitioners, the Board decided to more 
clearly identify the changes in separate conforming amendments. These 
two notice and comment periods have served to highlight these changes, 
and the Board believes that the conforming amendments adopted today, 
together with this release describing those amendments, provide 
auditors adequate explanation to understand the effects of these 
changes on the financial statement audit.
    Significant areas of amendment to the auditing standards are 
discussed below, including comments received and the Board's response 
thereto. For ease of reference, the references herein are to the 
interim standards as codified in AICPA Professional Standards, rather 
than to the original pronouncements.
(1) AU Sec. 310, ``Appointment of the Independent Auditor''
    This standard has been amended to include requirements related to 
the auditor's understanding with the client when performing an 
integrated audit of financial statements and internal control over 
financial reporting. For consistency, certain related amendments also 
have been made to the auditor's required understanding with the client 
when performing an audit of financial statements. One commenter 
suggested that the amendments to this standard indicating that 
reasonable assurance is ``a high level of assurance'' were 
inappropriate and should be subject to further deliberation and 
discussion. The Board's clarification that reasonable assurance is ``a 
high level of assurance'' was clearly included in PCAOB Auditing 
Standard No. 2. As indicated in the Board's release proposing the 
conforming amendments, the scope of this rulemaking did not include 
reconsidering any principles or requirements of PCAOB Auditing Standard 
No. 2. Accordingly, the Board viewed this comment regarding reasonable 
assurance as beyond the scope of the proposed conforming amendments 
rulemaking. No changes have been made based upon this comment.
(2) AU Sec. 319, ``Consideration of Internal Control in a Financial 
Statement Audit''
    This interim standard has been amended by adding a requirement that 
states, ``Regardless of the assessed level of control risk, the auditor 
should perform substantive procedures for all relevant assertions 
related to all significant accounts and disclosures in the financial 
statements.'' As it relates to this requirement, Auditing Standard No. 
2 states, ``Regardless of the assessed level of control risk or the 
assessed risk of material misstatement in connection with the audit of 
the financial statements, the auditor should perform substantive 
procedures for all relevant assertions for all significant accounts and 
disclosures. Performing procedures

[[Page 60921]]

to express an opinion on internal control over financial reporting does 
not diminish this requirement.'' A similar conforming amendment has 
been made to AU sec. 322, ``The Auditor's Consideration of the Internal 
Audit Function in an Audit of Financial Statements.''
(3) AU Sec. 325, ``Communication of Internal Control Related Matters 
Noted in an Audit.''
    This standard has been superseded in the context of an integrated 
audit of financial statements and internal control over financial 
reporting by paragraphs 207 through 214 of PCAOB Auditing Standard No. 
2. By this rulemaking, the Board is also amending this interim 
standard, as applied to an audit only of financial statements, by 
substituting the paragraphs included in the appendix accompanying this 
release (See AU sec. 325, subparagraphs 1-9 in the appendix).
    Communication of the Ineffectiveness of the Audit Committee. The 
proposed amendment stated that, in an audit only of financial 
statements, an auditor does not have a requirement to evaluate the 
effectiveness of the audit committee's oversight of the company's 
internal control over financial reporting. The proposed amendment would 
also have required an auditor to communicate, in writing, to the board 
of directors if a significant deficiency or material weakness exists, 
however, because the oversight of the company's external financial 
reporting and internal control over financial reporting is ineffective.
    While commenters unanimously agreed with this provision, several 
commenters asked for clarification of the auditor's responsibility. In 
response, the Board has amended subparagraph 5 of the conforming 
amendments to AU sec. 325 to read as follows, proposed new language is 
in italics, proposed deletions are in [brackets].
    If oversight of the company's external financial reporting and 
internal control over financial reporting by the company's audit 
committee is ineffective, that circumstance should be regarded as at 
least a significant deficiency and as a strong indicator that a 
material weakness in internal control over financial reporting exists.
Although there is not an explicit requirement to evaluate the 
effectiveness of the audit committee's oversight in an audit of only 
the financial statements, [of the external financial reporting process 
and the internal control over financial reporting,] if the auditor 
becomes aware that [a significant deficiency or material weakness 
exists because] the oversight of the company's external financial 
reporting and internal control over financial reporting by the 
company's audit committee is ineffective, the auditor must communicate 
that specific significant deficiency or material weakness in writing to 
the board of directors.
    This change is intended to clarify that, while an auditor does not 
have an explicit requirement to perform a separate and distinct 
evaluation of the effectiveness of the audit committee in a financial 
statement audit, the auditor does have a communication responsibility 
when he or she becomes aware of a significant deficiency or material 
weakness caused by the audit committee's ineffectiveness.
    Illustrative Internal Control Reports. Several commenters requested 
that the Board revise and include in the conforming amendments 
illustrative reports to management about deficiencies in internal 
control similar to those previously contained in AU sec. 325 and its 
related interpretation. The Board noted that presenting such reports in 
a rulemaking of the Board might lead firms to use boilerplate language 
in such communications to management and others. In addition, the Board 
believes that any new illustrative reports it issues as part of the 
Board's standards must not only reflect conforming changes but also 
incorporate best practices at the time of issuance. This type of 
revision of illustrative reports is beyond the scope of the conforming 
amendments. Additionally, the Board expects that auditors will be able 
to clearly and appropriately communicate these matters without relying 
on illustrative reports. For these reasons, illustrative reports have 
not been included in the conforming amendments.
(4) AU Sec. 326, ``Evidential Matter''
    This standard has been amended to add a requirement stating that, 
``the auditor's substantive procedures must include reconciling the 
financial statements to the accounting records. The auditor's 
substantive procedures should include examining material adjustments 
made during the course of preparing the financial statements.'' PCAOB 
Auditing Standard No. 2 is clear on the applicability of these 
procedures in an integrated audit of financial statements and internal 
control over financial reporting. The Board believes that it is logical 
and appropriate that these procedures also be performed in an audit of 
the financial statements. No commenters objected to this amendment.
(5) AU Sec. 329, ``Analytical Procedures''
    This standard is amended to add the following directions:
     For significant risks of material misstatement, it is 
unlikely that audit evidence obtained from substantive analytical 
procedures alone will be sufficient.
     When designing substantive analytical procedures, the 
auditor also should evaluate the risk of management override of 
controls. As part of this process, the auditor should evaluate whether 
such an override might have allowed adjustments outside of the normal 
period-end financial reporting process to have been made to the 
financial statements. Such adjustments might have resulted in 
artificial changes to the financial statement relationships being 
analyzed, causing the auditor to draw erroneous conclusions. For this 
reason, substantive analytical procedures alone are not well suited to 
detecting fraud.
     Before using the results obtained from substantive 
analytical procedures, the auditor should either test the design and 
operating effectiveness of controls over financial information used in 
the substantive analytical procedures or perform other procedures to 
support the completeness and accuracy of the underlying information.
    PCAOB Auditing Standard No. 2 is clear on the applicability of 
these procedures in an integrated audit of financial statements and 
internal control over financial reporting. The Board also believes that 
it is logical and appropriate to perform these procedures in an audit 
of the financial statements. The Board did not receive any comments on 
these amendments other than comments that re-challenged their inclusion 
in PCAOB Auditing Standard No. 2. As indicated in the Board's proposing 
release, these types of comments were considered to be beyond the scope 
of the proposed conforming amendments; therefore, no changes have been 
made based upon these comments.
(6) AU Sec. 339, ``Audit Documentation''
    The proposed conforming amendments would have added a subparagraph 
to Appendix A of this standard (``SAS No. 96''). Subsequent to the 
conforming amendments being issued for public comment, the Board 
adopted, and the Securities and Exchange Commission approved, PCAOB 
Auditing Standard No. 3, Audit Documentation. PCAOB Auditing Standard 
No. 3 superseded SAS No. 96

[[Page 60922]]

in its entirety, including Appendix A. Therefore, this proposed 
conforming amendment is not included in the final conforming amendments 
because the Board's interim standards no longer contain Appendix A of 
AU sec. 339.
(7) AU Sec. 380, ``Communication With Audit Committees''
    Footnote one to this standard includes a list of other standards 
that also require audit committee communications. Because PCAOB 
Auditing Standard No. 2 also includes required audit committee 
communications, this standard is amended by including a reference to 
PCAOB Auditing Standard No. 2 in footnote one. The Board added this 
conforming amendment based on a suggestion from a commenter.
2. Attestation Standards
    The Board's interim attestation standards include the Statements on 
Standards for Attestation Engagements promulgated by the ASB, as in 
existence on April 16, 2003.\9\ Auditors performing an integrated audit 
of financial statements and internal control over financial reporting 
to comply with Section 404 of the Act must follow PCAOB Auditing 
Standard No. 2 when reporting on an entity's internal control over 
financial reporting. Therefore, in the context of an audit of a company 
that is subject to Section 404 of the Act, AT sec. 501 has been 
superseded by the internal control standard. Because AT 501, even as 
applied to an engagement other than an engagement under Section 404, is 
outdated, the proposed conforming amendments recommended that AT sec. 
501 be superseded in its entirety and removed from the Board's 
standards.
---------------------------------------------------------------------------

    \9\ The Statements on Standards for Attestation Engagements 
(``AT'') are codified into the AICPA Professional Standards, vol. 1, 
as AT sections 101 through 701.
---------------------------------------------------------------------------

    The release to the proposed conforming amendments asked commenters 
whether AT sec. 501 should be amended rather than superseded in its 
entirety. Furthermore, it asked commenters to provide information on 
(a) whether there are any circumstances in which an issuer would want 
or need to file an AT sec. 501 report with the SEC and (b) whether 
there is a need for an auditor's report on internal control in addition 
to the auditor's report on the integrated audit of financial statements 
and internal control over financial reporting for purposes of complying 
with Section 404 of the Act. Commenters who believed such a need exists 
were requested to indicate in their responses the type of information 
that should be included in the report, the circumstances in which such 
a report might be issued, and the intended users of such a report.
    Most commenters agreed with the deletion of AT sec. 501 from the 
Board's interim standards. Those commenters believed that AT sec. 501 
is inferior to PCAOB Auditing Standard No. 2. In addition, those 
commenters were unaware of any circumstances in which an issuer would 
be required to file an AT sec. 501 report with the SEC, or of any 
instances in which issuers might need an auditor's report on internal 
control other than the one embodied in PCAOB Auditing Standard No. 2.
    Other commenters, however, expressed concerns about superseding AT 
sec. 501 in its entirety for a number of reasons. A couple of 
commenters pointed out that the auditors of some asset-backed 
securities (``ABS'') issuers issue AT sec. 501 reports in order for 
those ABS issuers to comply with the SEC's annual filing requirements. 
ABS issuers are not required to comply with Section 404 of the Act, 
however. No ABS issuer is required to file an auditor's report 
performed pursuant to AT sec. 501; rather, ABS issuers may comply with 
the SEC's annual filing requirements by filing an auditor's report 
performed pursuant to AT sec. 601, Compliance Attestation. Further, 
under a recent SEC proposal (Proposed Rule: Asset-Backed Securities, 
Release Nos. 33-8419 and 34-49644, May 3, 2004), the SEC would require 
an ABS issuer to include in its annual filing one consistent form of 
auditor's report. In lieu of audited financial statements and 
compliance with Section 404 of the Act, the SEC proposal would require 
that management of certain ABS issuers assess the issuer's compliance 
with servicing criteria and that the auditor attest to, and report on, 
management's assertion as to whether it complied with the servicing 
standards through the performance of a compliance attestation. 
According to the proposal, the attestation standard under which the 
auditor should perform such engagement would be ``Compliance 
Attestation,'' AT sec. 601 or another standard for compliance auditing 
established by the PCAOB. Therefore, if the SEC proposal is adopted, 
the SEC would no longer accept AT sec. 501 reports for this purpose.
    Other commenters expressed less specific concerns over superseding 
AT sec. 501 in its entirety. These commenters expressed a belief that, 
at some point, both issuers and nonissuers might need (or want) other 
reports on internal control presently not provided for under PCAOB 
Auditing Standard No. 2. For example, these commenters suggested that 
issuers might need an interim report on internal control, especially 
when a material weakness that existed at year end is subsequently 
corrected. Another commenter suggested that an issuer might want an 
audit report on some other aspect of internal control. None of these 
commenters, however, provided the detailed discussion requested in the 
release about the type of information that should be included in such a 
report, the circumstances in which it might be issued, and the intended 
users of such a report.
    The Board continues to believe that AT sec. 501 lacks the necessary 
specificity provided in PCAOB Auditing Standard No. 2. At a minimum, if 
AT sec. 501 were to be retained in the Board's standards, the reporting 
directions in AT sec. 501 would require immediate revision to clearly 
distinguish for report users the difference between a report issued 
under AT sec. 501 and PCAOB Auditing Standard No. 2. Further, it would 
be necessary to make extensive revisions to AT sec. 501 to conform it 
to the principles and requirements embodied in PCAOB Auditing Standard 
No. 2. Because commenters were unable to describe a specific need that 
is currently unmet by reports issued under PCAOB Auditing Standard No. 
2 or other professional standards, there appears to be no compelling 
reason at this time for the Board either to amend AT sec. 501 or to 
propose a new standard to replace AT sec. 501. Accordingly, the 
conforming amendments supersede AT sec. 501 altogether and remove it 
from the Board's standards effective immediately upon approval by the 
SEC.
    Because AT sec. 501 is no longer a part of the Board's interim 
standards, it is not appropriate for auditors of issuers following the 
PCAOB's standards to use AT sec. 501 when reporting on the internal 
control over financial reporting of an issuer.
3. Independence Standards
    The Board's interim independence standards include the AICPA Code 
of Professional Conduct Rule 101, and interpretations and rulings 
thereunder, promulgated by the AICPA Professional Ethics Executive 
Committee, as in existence on April 16, 2003.\10\ As indicated in PCAOB 
Auditing Standard No. 2, a registered public accounting firm and its 
associated persons must not accept an engagement to provide

[[Page 60923]]

internal control-related services to an issuer for which the registered 
public accounting firm also audits the financial statements unless that 
engagement has been specifically pre-approved by the audit committee. 
Because this requirement adds to current independence requirements, a 
reference to this requirement has been added to interpretation 101-3, 
``Performance of Other Services,'' to Rule 101, ``Independence'' (ET 
sec. 101.05). The Board did not receive any comments objecting to this 
amendment.
---------------------------------------------------------------------------

    \10\ The AICPA's Code of Professional Conduct (``ET'') Rule 101, 
and interpretations and rulings thereunder, are codified into the 
AICPA Professional Standards, vol. 2, as ET sections 101 and 191.
---------------------------------------------------------------------------

    Please note that a table, ``Cross-References to Conforming 
Amendments to PCAOB Interim Standards,'' which identifies all of the 
amendments that the conforming amendments describe, can be found in 
PCAOB Release 2004-008, dated September 15, 2004, which is available on 
the PCAOB's Web site at http://www.pcaobus.org.
4. Lack of ``Background and Basis for Conclusions''
    In auditing standards issued by the Board, a discussion of the 
comments received and other factors deemed significant by the Board in 
reaching the conclusions embodied in the final standard is contained in 
an appendix to the standard titled ``Background and Basis for 
Conclusions.'' Because this rulemaking is not an auditing standard, it 
does not include such an appendix. The Board, however, believes this 
type of discussion is helpful to this rulemaking. Accordingly, in 
addition to describing the nature and extent of amendments made to the 
interim standards, the foregoing also contains, when appropriate, a 
discussion of the significant factors considered by the Board in 
developing the final conclusions reflected in the conforming 
amendments.
5. Effective Date
    As to the effective date of the amendments, PCAOB Rule 3200T 
requires auditors to comply with the Board's interim auditing standards 
``to the extent not superseded or amended by the Board.'' Similarly, 
the Board's interim attestation and independence standards rules 
require registered firms and their associated persons to comply with 
certain existing attestation and independence standards ``to the extent 
not superseded or amended by the Board.'' \11\
---------------------------------------------------------------------------

    \11\ PCAOB Rules 3300T, 3600T.
---------------------------------------------------------------------------

    PCAOB Auditing Standard No. 2, An Audit of Internal Control Over 
Financial Reporting Performed in Conjunction with An Audit of Financial 
Statements, was approved by the Commission on June 17, 2004 as the 
standard for audits of internal control over financial reporting 
required by Section 404(b) of the Sarbanes-Oxley Act of 2002. PCAOB 
Auditing Standard No. 2 supersedes the Board's interim standards in a 
number of respects and auditors must comply with all applicable 
provisions of Auditing Standard No. 2 once it is effective, including 
those provisions that supersede the Board's interim standards.
    As discussed above, the proposed rules describe and expressly state 
the changes to the interim standards caused by the adoption of PCAOB 
Auditing Standard No. 2. Accordingly, pending SEC approval and subject 
to the two exceptions noted below, the Board intends for the conforming 
amendments to become effective for integrated audits of financial 
statements and internal control over financial reporting at the same 
time PCAOB Auditing Standard No. 2 becomes effective. Companies 
considered accelerated filers under Securities Exchange Act Rule 12b-2 
\12\ are required to comply with the internal control reporting and 
disclosure requirements of Section 404 of the Act for fiscal years 
ending on or after November 15, 2004. Other companies have until fiscal 
years ending on or after July 15, 2005, to comply with the internal 
control reporting and disclosure requirements and the conforming 
amendments. Early implementation of the conforming amendments is 
permitted.
---------------------------------------------------------------------------

    \12\ See 17 CFR 240.12b-2.
---------------------------------------------------------------------------

    There are two exceptions to this general statement. First, certain 
parts of the conforming amendments apply to an audit of financial 
statements of an issuer regardless of whether the issuer is required to 
comply with the internal control requirements of Section 404 of the 
Act. In order to provide for an orderly transition for issuers not 
required to comply with Section 404 of the Act, the Board has 
determined that these parts of the conforming amendments should be 
effective for audits of financial statements for periods ending on or 
after July 15, 2005, pending approval of the conforming amendments by 
the SEC. This means that auditors of non-accelerated filers are not 
required to comply with the conforming amendments in conducting audits 
of financial statements until performing audits of financial statements 
for fiscal years ending on or after July 15, 2005. The effect of these 
parts of the conforming amendments is discussed further below.
    Second, the Board intends for the part of the conforming amendments 
that supersedes AT sec. 501, ``Reporting on an Entity's Internal 
Control Over Financial Reporting,'' to be effective immediately upon 
approval of the conforming amendments by the SEC. As discussed in 
greater detail above, in light of the adoption of PCAOB Auditing 
Standard No. 2, the Board does not see a compelling reason for the 
Board to retain AT sec. 501 in its interim standards.
6. Effect of Auditing Standard No. 2 on Audits of Financial Statements 
Only
    The conforming amendments are effective, pending SEC approval, for 
audits of financial statements only for periods ending on or after July 
15, 2005. For the most part, however, the Board believes the amendments 
represent clarifications of concepts already included in the Board's 
interim standards, rather than wholly new concepts or requirements. 
Accordingly, the Board encourages auditors to carefully consider their 
obligations under the Board's interim standards and not to draw a 
negative inference from the inclusion of a specific provision in the 
conforming amendments that equivalent procedures are not currently 
required to comply with the Board's interim standards.

III. Date of Effectiveness of the Proposed Rule and Timing for 
Commission Action

    Within 35 days of the date of publication of this notice in the 
Federal Register or within such longer period (i) as the Commission may 
designate up to 90 days of such date if it finds such longer period to 
be appropriate and publishes its reasons for so finding or (ii) as to 
which the Board consents the Commission will:
    (a) By order approve such proposed rule; or
    (b) Institute proceedings to determine whether the proposed rule 
should be disapproved.

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views and 
arguments concerning the foregoing, including whether the proposed rule 
is consistent with Title I of the Act. Comments may be submitted by any 
of the following methods:

Electronic Comments

     Use the Commission's Internet comment form (http://www.sec.gov/rules/pcaob.shtml); or
     Send an e-mail to [email protected]. Please include 
File No. PCAOB-2004-07 on the subject line.

[[Page 60924]]

Paper Comments

     Send paper comments in triplicate to Jonathan G. Katz, 
Secretary, Securities and Exchange Commission, 450 Fifth Street, NW., 
Washington, DC 20549-0609.
    All submissions should refer to File No. PCAOB-2004-07; this file 
number should be included on the subject line if e-mail is used. To 
help us process and review your comments efficiently, please use only 
one method. The Commission will post all comments on the Commission's 
Internet Web site (http://www.sec.gov/rules/PCAOB.shtml). Comments are 
also available for public inspection and copying in the Commission's 
Public Reference Room, 450 Fifth Street, NW., Washington, DC 20549. All 
comments received will be posted without change; we do not edit 
personal identifying information from submissions. You should submit 
only information that you wish to make available publicly. All comments 
should be submitted on or before November 3, 2004.

    By the Commission.
Jill M. Peterson,
Assistant Secretary.
 [FR Doc. E4-2575 Filed 10-12-04; 8:45 am]
BILLING CODE 8010--01--P