a report issued on significant deficiencies

A portfolio company of Carlyle & CVC

January 21, 2020 | Industry Insights

CFO’s Guide to Significant Deficiencies and Material Weaknesses

The PCAOB defines a material weakness as, “a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis.”

Companies with material weaknesses are required to report them in their public SEC filings in the period in which they were identified; this may result in both reputational risk and increased costs associated with the following: 

• Investors may lose confidence in the company and its stock, resulting in a decline in stock prices.
• External audit fees may increase to compensate the auditor for any incremental procedures performed to address the material weakness. 
• Legal fees may rise with increased legal advice and support. 
• Financiers may find lending too risky, jeopardizing the company’s chances of getting loans (or getting loans at a reasonable and competitive interest rate).
• Executives and Governing Boards may come under fire for lack of oversight and governance. 

Considering the costs of a material weakness, it is important to implement and manage an effective control environment, including an established approach for assessing and remediating control deficiencies that do arise. Businesses need to be confident in their ability to quickly detect, report and remediate control deficiencies and evaluate each of them for the purpose of classifying them as a “Deficiency”, “Significant Deficiency” or “Material Weakness.”

Understanding the sources and stakes of material weaknesses

Some of the most common causes of material weaknesses include deficiencies in a company’s control environment. These may be related , but not limited, to the following:

• Inadequate segregation of duties: An example is an individual who performs incompatible tasks, such as a controller who approves his or her own purchase requisitions. 
• Ineffective risk assessments: For instance, failing to assess risk on a continuous basis could lead to new and unidentified exposures or risk categories as business practices change (e.g., the company adopts a new ERP or acquires another business).
• Insufficient management review procedures : Inappropriately designed or executed management review controls (controls over subjective, complex areas such as goodwill impairments) can lead to material misstatements; for example, this can manifest as controls that are not designed precisely enough to address all relevant risks or inadequate documentation supporting the execution of the controls.
• Inappropriate reliance on accounting software or third-parties: An example would be using third-party service organizations that do not provide a SOC 1, type II report, or leveraging accounting software that does not have sufficient functionalities like audit logs or the ability to implement change controls.

All of the above can lead to the “reasonable possibility” that a material financial misstatement will not be detected in a timely manner, which is the very definition of a material weakness. 

Material weaknesses must be reported to the public via SEC filings in the period in which they were identified, which makes early and timely detection a top priority. If a previously unidentified material weakness is discovered, the SEC may issue a comment letter questioning whether the material weakness was present (and should have been reported) in a previous period. 

The sooner you detect a potential material weakness, the faster you can remediate it, the better it will reflect on your company. 

Material weakness vs. significant deficiency: How to tell the difference

A significant deficiency is less severe than a material weakness in that it is unlikely to have a material impact on financial statements, but it is, “ important enough to merit attention by those responsible for oversight of the company’s financial reporting ,” according to the PCAOB. 

An example of a significant deficiency, as stated by the SEC , would be if a company’s accounting function reviews significant or unusual modifications to the sales contract terms but does not review changes in the standard shipping terms. Presuming individual sales transactions are not material to the company – and since the accounting function has compensating controls in place to detect more severe modifications – the SEC determined that any effect on revenue recognition would be “more than inconsequential, but less than material.”

Once you identify a control deficiency, you must assess its importance and determine whether it rises to the level of a significant deficiency or material weakness. When assessing the magnitude of a control deficiency, many factors are relevant to this conclusion:

• The presence of compensating controls that mitigate the risk of a potential misstatement. In order to be reliable, compensating controls must be operating effectively. 
• The potential magnitude of the misstatement that could result from the deficiency (e.g., the total monthly transaction amounts exposed to the deficiency). 
• Risk factors such as the nature of the account, susceptibility of the related asset to fraud or loss, relationship of the control in question to other controls and possible future consequences of the deficiency.
• Whether the control deficiency is important enough to merit the attention of whoever is responsible for overseeing the company’s financial reporting. 
• Whether the deficiency would prevent a prudent official from concluding that the transaction would ensure financial statements conform with GAAP. 
• Whether specific indicators of material weakness exist, such as identification of fraud on the part of senior management or ineffective oversight of the company’s external financial reporting and internal control over financial reporting by the audit committee.
• Whether there is a “reasonable possibility” that the controls will fail to prevent a material misstatement of the account balance or disclosure. 

Remember: The SEC has regularly reiterated that the existence of a material weakness does not depend on the actual magnitude of an error or misstatement but rather on the reasonable possibility that a material weakness could occur and not be detected or prevented. Therefore, even immaterial misstatements could lead to a material weakness conclusion.  

For example, in 2018, Costco discovered that an unauthorized party had gained access to its financial reporting systems. Despite finding no evidence of material misstatements on financial reports and immediately launching remediation efforts, the company classified it as a material weakness, and as a result, stock prices dropped by nearly 4% , according to Bloomberg. 

Creating a management framework: Prevention, detection and remediation steps

How to prevent and detect material weaknesses.

Some of the most effective strategies for preventing and, if necessary, detecting material weaknesses include the following:

1. Establish effective monitoring controls  

Validate that controls are present and functioning throughout the year and not just at the end of the year. Conduct testing earlier in the year, leaving management more time to address and remediate any identified control deficiencies.

2. Constantly reinforce the company’s culture and tone at the top

Ensure that executive leadership stresses the importance of internal controls, addresses deviations to company policies in a timely manner and leads by example. Management should communicate the rationale and value of a control environment by highlighting its benefits to the business, beyond regulatory compliance.

3. Perform risk assessments throughout the year 

Prioritize ongoing risk assessments, especially when there are significant changes to people, processes or systems. This helps dictate what controls or processes need to be established to address new or emerging risks. In cases where there are significant changes to people, processes or systems, such as the implementation of a new ERP system, a company may want to consult a third-party well-versed in process improvement and internal controls. 

4. Provide sufficient training to company personnel  

Highlight expectations and reinforce the “why” of the policies, procedures and controls to all process and control owners.   

5. Ensure strong communication and buy-in from all key stakeholders

Ensure that alignment and understanding about internal controls exists across the entire company. Incorporate this into company communications, handbooks and policies.

6. Establish an effective internal audit function

Use the internal audit function to keep a pulse on the company and to identify process improvements and strategic opportunities throughout the year.

7. Implement documented policies

Create, implement and train employees on formal policies to ensure alignment on “ways of doing business” and employee expectations.

8. Consider a third-party diagnostic 

An independent review of the company’s internal controls can be an effective way to optimize the design and efficiency of a control environment, address control deficiencies and provide guidance to management on the most effective and efficient way to remediate any control gaps that are identified. 

How to Remediate a Material Weakness

If a material weakness is detected, it is important to have a plan of action. Management should take most, if not all, of the following steps:

1. Ensure there is consensus on the root cause of the material weakness 

This consensus is crucial for appropriately addressing the issue. Once the root cause is identified and agreed upon, management should create a remediation plan. This entails the following:

• Identifying key stakeholders, tasks and deadlines.
• Monitoring progress against the remediation plan.
• Holding individuals and process owners accountable. 

2. Contemplate the need for additional funding or resources

Depending on the material weakness, remediation efforts may be costly to the company in terms of time, money and resources. Management must contemplate the need for additional funding within the budget for remediation efforts. Sources of remediation costs may include but are not limited to the following:

• Investing in new IT systems.
• Hiring additional in-house or outsourced experts or temporary resources. 

When determining the company’s resource plan, it is important to consider internal capacity, as well as employees’ existing obligations. If individuals within the company devote time to remediation efforts, this will take them away from their day job, potentially jeopardizing deadlines, due dates or critical tasks, like SEC reporting.  

3. Disclose the material weakness in quarterly and annual SEC filings (10Q/10K)

Material weakness disclosures should not be boilerplate but rather should allow investors to understand the root cause of the issue and indicate the pervasiveness of its effects on internal control over financial reporting. Disclosures should also include management’s plan for remediation and an estimated timeline for remediation. These disclosures must be updated on a quarterly basis, demonstrating progress made against remediating the material weakness throughout the year. 

4. Update all key stakeholders throughout the year

Keep all key stakeholders, including the audit committee and external auditors, abreast of progress throughout the year. 

5. Contract with a third party to assist with new implementations

If expertise or resource gaps exist, consider bringing on a third party to assist with implementing new processes, controls or policies, and any associated training. An external partner can also help test the new controls, processes and policies established by management, providing valuable insight and benchmarking to the process.

The bottom line: You can’t afford to passively manage controls

A proper control environment starts with the tone from the top and must live within the fabric of an organization. Build a control environment that sets you up for success, and measure and manage that design for operating effectiveness regularly. Expect that deficiencies will arise, and have a plan, ahead of time. Most material weaknesses start out as control deficiencies. Catch them and remediate them before they have a chance to grow. And finally, have an established material weakness action plan so you are equipped to handle any situation that arises.

eBook: The 6 Habits of a Highly Effective SOX Compliance Program

Download the eBook

Subscribe to Our Newsletter

• Material Weaknesses and Significant Deficiencies

By Charles Hall | Auditing

• You are here:

In today’s post, I tell you how to understand and communicate material weaknesses and significant deficiencies.

How do you categorize a control weakness? Is the weakness a material weakness, a significant deficiency or something less? This seems to be the most significant struggle in addressing internal control issues.

And if you’ve been in the business for any time at all, you know that management can take offense regarding control weakness communications . For instance, a CFO may believe that a material weakness reflects poorly upon him. After all, he controls the design of the accounting system. So, communicating control weaknesses can result in disagreements. Therefore, it’s even more important that these communications be correct.

Before telling you how to distinguish material weaknesses from significant deficiencies, let’s review control weakness definitions.

Definitions of Control Weaknesses

A deficiency in internal control is defined as follows: A deficiency in internal control over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A deficiency in design exists when (a) a control necessary to meet the control objective is missing, or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met. A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or competence to perform the control effectively.

Now let’s define (1) material weaknesses, (2) significant deficiencies, and (3) other deficiencies.

• Material weakness . A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
• Significant deficiency . A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance .
• Other deficiencies . For the purposes of this blog post, an  other deficiency is a control weakness that is less than a material weakness or a significant deficiency .

How to Categorize a Control Weaknesses

Now that we have defined material weaknesses and significant deficiencies, we can discuss how to distinguish between the two.

Material Weakness

First, ask these two questions:

• Is there a reasonable possibility that a misstatement could occur?
• Could the misstatement be material ?

If your answer to both questions is yes, then the client has a material weakness . (By the way, if you propose a material audit adjustment, it’s difficult to argue that there is no material weakness. As you write your control letter, examine your proposed audit entries.)

Significant Deficiency

If your answer to either of the questions is no, then ask the following:

Is the weakness important enough to merit the attention of those charged with governance ? In other words, are there board members who would see the weakness as important.

If the answer is yes, then it is a significant deficiency .

If no, then it is not a significant deficiency or a material weakness.

How to Communicate Material Weaknesses and Significant Deficiencies

The following deficiencies must be communicated in writing to management and to those charged with governance:

• Material weaknesses
• Significant deficiencies

The written communication (according to AU-C section 265 ) must include:

• the definition of the term material weakness and, when relevant, the definition of the term significant deficiency
• a description of the significant deficiencies and material weaknesses and an explanation of their potential effects
• sufficient information to enable those charged with governance and management to understand the context of the communication
• the fact that  the audit included consideration of internal control over financial reporting in order to design audit procedures that are appropriate in the circumstances and that the audit was not for the purpose of expressing an opinion on the effectiveness of internal control
• the fact that the auditor is not expressing an opinion on the effectiveness of internal control
• that the auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies, and therefore, material weaknesses or significant deficiencies may exist that were not identified
• an appropriate alert, in accordance with section 905, Alert That Restricts the Use of the Auditor’s Written Communication

Next, I explain how to communicate other deficiencies (those that are less than a material weakness or a significant deficiency).

How to Communicate Other Deficiencies

Other deficiencies can be communicated in writing or orally and need only be communicated to management (and not to those charged with governance). The communication must be documented in the audit file. So if you communicate orally, then follow up with a memo to the file addressing who you spoke with, what you discussed, and the date of the discussion.

Stand-alone management letters are often used to communicate other deficiencies . Since there is no authoritative guidance for management letters, you may word them as you wish. Alternatively, you can, if you like, include other deficiencies in your written communication of significant deficiencies or material weaknesses.

A Key Word of Warning

Always provide a draft of any written communications to management before final issuance.  It is much better to provide a draft and find out (before issuance) that it contains an error or a miscommunication. Then, corrections can be made.

Additional Information

Writing your internal control letter is a part of the wrap-up process for audits. Click here for additional information concerning wrapping up an audit.

About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.

[…] See my related article about capturing and reporting control deficiencies. I define significant deficiencies and material weaknesses in this post.  […]

[…] Previous Post Understand and Communicate Material Weaknesses and Significant Deficiencies Next Post Expense Fraud: An Honest Theft […]

Armando, yes, it is a topic we have all struggled with. Thanks for your encouragement.

I know this subject as I have been auditing for many years. This description is “excellent.”

The right approach to properly categorize a control weakness.

Session expired

Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Supervisory Insights

External Auditors’ Reports: Communication of Internal Control Deficiencies

PDF version of this article

Effective internal control is a foundation for the safe and sound operation of a depository institution. The importance of internal control is recognized in Section 39 of the Federal Deposit Insurance Act, the provisions of which the federal banking agencies have implemented through the issuance of Interagency Guidelines Establishing Standards for Safety and Soundness. 1 These standards direct each institution to develop and implement an internal control system appropriate to its size and the nature, scope, and risk of its activities.

Internal control is a process effected by an entity’s board of directors, management, and other personnel. It is designed to provide reasonable assurance about the achievement of the institution’s objectives with regard to the reliability of financial reporting, the effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The design and formality of an entity’s internal control will vary depending on its size, the industry in which it operates, its culture, and management’s philosophy. 2

Examiners perform an overall assessment of an institution’s system of internal control during each examination. In addition, although the federal banking agencies generally require only institutions with $500 million or more in total assets to have an annual audit of their financial statements, the agencies have long encouraged all institutions to have an external audit. 3 In this regard, the Management component rating in the Uniform Financial Institutions Rating System specifically includes as an evaluation factor the adequacy of audits and internal control. Recent changes in the requirements governing external auditors’ communication of internal control deficiencies have made this information more readily accessible to examiners. As a result, an understanding of these changes will assist examiners in assessing the quality of an institution’s internal control environment and the actions management is taking to remedy any identified deficiencies. This article discusses internal control communication as a part of the audit process, summarizes the development of internal control standards, provides examples of control deficiencies, explains how these deficiencies should be evaluated and communicated by the auditor, and looks ahead to potential changes to authoritative guidance. As a starting point, we describe how this internal-control related information is used in the examination process.

The Role of Internal Control Information in the Examination Process

Subsequent sections of this report describe the evolution of, and recent changes to, professional standards governing an external auditor’s communication of internal control matters. These recent changes, particularly those mandating that communications be in writing, should improve an examiner’s ability to assess the quality of the internal control system at an institution that has undergone a financial statement audit or an internal control audit or attestation, either at the institution level or a consolidated parent company level. For such an institution, its total assets and whether it is a public company or a subsidiary of a public company (and, if so, whether the public company is an accelerated or non-accelerated filer) will dictate the types of written communication about internal control the external auditor should have provided to management and the audit committee. An examiner’s consideration of an institution’s internal control begins during pre-examination planning. Ideally, the examiner should obtain these written communications as part of this process. The examiner’s evaluation of the external auditor’s internal control communications should be an integral part of the planning activities and play a key role in the overall assessment of a bank’s internal control system.

An institution subject to Part 363 of the FDIC’s regulations is required to file copies of audit-related reports received from its external auditor with the appropriate FDIC regional or area office. These reports also must be filed with the district or regional office of its primary federal regulator, if other than the FDIC, and its appropriate state supervisor if it is state chartered. For example, if copies of these reports have not already been furnished to the FDIC examiner’s field office, copies should be obtained from the regional or area office. Depending on an institution’s size and whether it or its parent is a public company, internal control-related reports submitted pursuant to Part 363 would include the auditor’s report on the effectiveness of internal control over financial reporting, either as part of the Part 363 annual report or separately; reports on significant deficiencies and material weaknesses; and reports on other internal control matters, which may be in the form of a management letter. 4 If it appears that any internal control-related reports required to be filed under Part 363 have not been submitted, the examiner should ask management during the pre-examination planning process to provide a copy of the report to the examiner and to submit copies to the FDIC regional or area office and other appropriate federal and state supervisors. An institution’s failure to file an audit-related report with these offices in a timely manner represents an apparent violation of Part 363, which should be cited in the examination report.

In the case of an FDIC-supervised bank not subject to Part 363 whose financial statements are audited (or are included in its parent company’s audited consolidated financial statements), the FDIC has requested that the bank submit copies of its audit report and any other reports it receives from its external auditor, including any management letter, to the appropriate regional or area office and state supervisor. 5 The reports prepared by the external auditor that an examiner should expect to see vary depending on whether the institution (or its parent company) is a public accelerated or non-accelerated filer or a nonpublic company. If audit-related reports are not available to the examiner at the beginning of the pre-examination planning process, the examiner should request copies of these reports from management.

Given the timely filing requirement for external auditors’ reports that applies to institutions subject to Part 363, existing policy guidance directs FDIC regional and area offices to review these filings after their receipt. In light of the long-standing request for FDIC-supervised banks not subject to Part 363 that undergo audits to submit these types of reports to the appropriate regional or area office, these reports also should be reviewed after receipt as part of an institution’s ongoing oversight and supervision. The purpose of promptly reviewing reports prepared by an institution’s external auditor is the early identification of the need for improvements in the institution’s financial management. If the review of these reports discloses control deficiencies that raise significant or immediate safety and soundness concerns about an institution, field supervisors should advance the examination date for the institution, schedule a visit, or initiate other appropriate follow-up with the institution. Reported control deficiencies of less immediate or significant concern should be flagged for consideration during the pre-examination planning process for the next examination.

An examiner’s preliminary assessment of risk areas during the pre-examination planning process considers the CAMELS (capital, asset quality, management, earnings, liquidity, and sensitivity to market risk) components, as well as such areas as internal control. The examiner determines the perceived risk in each risk area, as this will dictate whether greater-than-normal, normal, or less-than-normal examination resources will be devoted to the area. In general, sources of information include the bank’s previous examination reports and examination workpapers, correspondence files, and financial information and ratios. In the internal control area, the written communications from the external auditor described above and the results of previously conducted reviews of these documents should be evaluated. For institutions with $1 billion or more in total assets and those that are public companies (or subsidiaries of public companies), management’s report on its assessment of the effectiveness of internal control over financial reporting should also be obtained and evaluated. The examiner is also expected to contact the external auditor as part of the pre-examination planning, which enables the examiner to ask follow-up questions about the auditor’s written communications and inquire about and discuss any other recommendations that the auditor may have provided to management. Also relevant to the examiner’s effort to reach a conclusion on the level of perceived internal control risks within the bank is work performed by the internal audit function, as well as management’s responses to the control deficiencies, particularly any material weaknesses, identified by external or internal auditors or by management itself. Depending on the examiner’s conclusion regarding the perceived level of risk, if management and the external auditor have performed assessments of internal control over financial reporting, the examiner may determine that a better understanding of the bank’s internal control structure and procedures would be gained by reviewing the external auditor’s workpapers and the records maintained by management to support its internal control assertion.

During the examination, internal control deficiencies and other matters noted in the external auditor’s communications to management and the audit committee (or board of directors), as well as any deficiencies identified by the institution itself, and corrective actions taken by management should be reviewed and evaluated. The examiner should also consider the reasonableness of any decision by management not to remedy an identified deficiency based on management’s conscious acceptance of specific risk due to factors such as cost or the mitigating effect of compensating controls. If the examiner concludes that management’s actions are not adequate under the circumstances, the examiner should make recommendations for improvement. The deficiencies in internal control and management’s responses should be described in the report of examination on the Risk Management Assessment page or the Examination Conclusions and Comments page, depending on the level of significance of the deficiencies and management’s willingness or unwillingness to implement appropriate corrective actions. Discussion of these matters during any meeting with the institution’s board of directors to discuss the examination findings also may be warranted. The nature and severity of identified internal control deficiencies and management’s action or inaction to address these matters should be considered in the assignment of the Management component rating.

Audits of Financial Statements and Internal Control

An external auditor brings an independent and objective view to an institution’s financial reporting process. This, in turn, contributes directly to the achievement of the institution’s objectives for this process by performing a financial statement audit and, in some cases, an internal control audit or examination. Indirectly, this process provides information useful to management, the board of directors, and its audit committee in carrying out their responsibilities. The objective of an audit of an institution’s financial statements is for the external auditor to express an opinion on the fairness with which the financial statements present, in all material respects, the institution’s financial position, results of operations, and cash flows in conformity with generally accepted accounting principles. 6 The auditor’s opinion is communicated to the institution’s board of directors, audit committee, and management through the auditor’s report. When conducting a financial statement audit, the auditor must obtain a sufficient understanding of the institution’s internal control to plan the audit and determine the nature, timing, and extent of tests to be performed during the audit. Although the auditor may become aware of control deficiencies during the course of a financial statement audit, the auditor is not required to perform procedures for the specific purpose of identifying deficiencies in internal control. Nevertheless, among the responsibilities of the external auditor in connection with a financial statement audit is to communicate to management and the audit committee (or board of directors) matters related to the institution’s internal control over financial reporting that were identified during the audit. An external auditor may also be engaged to audit or examine the effectiveness of an institution’s internal control over financial reporting and express an opinion on it at the end of the fiscal year. In connection with such an engagement, the auditor also has a responsibility to communicate certain information concerning internal control matters to management and the audit committee.

During the financial statement audit and the internal control audit or examination, the auditor may discover deficiencies related to an institution’s internal control over financial reporting that should be reported to management and those charged with governance. Guidelines and professional standards related to the auditor’s communication of internal control deficiencies are continually evolving. Standards are established by the American Institute of Certified Public Accountants (AICPA) for nonpublic company audits and attestation engagements and, since 2003, by the Public Company Accounting Oversight Board (PCAOB) for public company audits.

History of Internal Control Communications by External Auditors

Reporting on internal control matters is not a new development in the auditing profession. Table 1 presents a timeline of certain professional standards and laws and regulations pertinent to an external auditor’s communication of internal control matters.

Standards for Auditors of Nonpublic Companies

All companies not subject to the registration or periodic reporting requirements of the Securities Exchange Act of 1934 are considered nonpublic companies. The AICPA’s standards applicable to the preparation and issuance of audit and attestation reports for nonpublic companies include Statements on Auditing Standards (SASs) and Statements on Standards for Attestation Engagements (SSAEs).

SASs are issued by the Auditing Standards Board (ASB), the senior technical body of the AICPA designated to issue pronouncements on auditing, attestation, and quality control matters applicable to the performance and issuance of audit and attestation reports for nonpublic companies. In 1972, all previous Statements on Auditing Procedures (SAP No. 33 to SAP No. 54) were codified into SAS 1, ushering in the modern era of professional auditing standards. In August 1977, SAS 20, “Required Communication of Material Weaknesses in Internal Accounting Control,” was issued and introduced the concept of a “material weakness.” In April 1988, SAS 20 was superseded by SAS 60, “Communication of Internal Control Structure Related Matters Noted in an Audit,” to introduce the concept of a “reportable condition.”

In May 2006, the ASB issued SAS 112, “Communicating Internal Control Related Matters Identified in an Audit,” superseding SAS 60. SAS 112 applies to audits of nonpublic companies. Although SAS 60 is no longer applicable to audits of nonpublic companies, an amended version issued by the PCAOB remains applicable to audits of public companies, as detailed below. SAS 112 establishes standards and provides guidance on communicating matters related to an institution’s internal control over financial reporting identified in an audit of financial statements. Specifically, SAS 112

• Defines the terms “control deficiency,” “significant deficiency,” and “material weakness”;
• Replaces the term “reportable condition,” which had been included in SAS 60;
• Provides guidance on evaluating the severity of control deficiencies identified in an audit of financial statements;
• Identifies areas in which control deficiencies ordinarily are to be evaluated as at least significant deficiencies in internal control, as well as indicators of control deficiencies that should be regarded as at least a significant deficiency and a strong indicator of a material weakness in internal control; and
• Requires the auditor to communicate, in writing, to management and those charged with governance, significant deficiencies and material weaknesses identified in an audit.

SAS 112 is applicable whenever an auditor expresses an opinion on financial statements (including a disclaimer of opinion) of a nonpublic entity. SAS 112 took effect for audits of financial statements of nonpublic companies for periods ending on or after December 15, 2006. Thus, for institutions with calendar year fiscal years, this auditing standard first applied to year-end 2006 audits. SAS 112 is codified in the AICPA’s Professional Standards as AU Section 325. 7

SSAEs also are issued by the AICPA’s ASB. Attestation standards apply only to attest services other than a financial statement audit rendered by a certified public accountant in the practice of public accounting. Attestation standards do not override the requirements of any existing SAS. At present, the attestation standard specifically addressing communication of internal control matters is Chapter 5, “Reporting on an Entity’s Internal Control Over Financial Reporting,” of SSAE No. 10, “Attestation Standards: Revision and Recodification.” Chapter 5 is codified in the AICPA’s Professional Standards as AT Section 501 (AT 501). AT 501 was effective for internal control attestations on or after June 1, 2001. As its title indicates, SSAE No. 10 superseded the then-existing attestation standards, including the predecessor to Chapter 5, SSAE No. 2, “Reporting on an Entity’s Internal Control Structure Over Financial Reporting,” which was issued in May 1993 largely in response to the enactment of Section 36 of the Federal Deposit Insurance Act as part of the Federal Deposit Insurance Corporation Improvement Act of 1991. As shown in Table 1, SSAE No. 2 superseded an earlier SAS.

In August 2006, the ASB amended AT 501 to incorporate the new terms, related definitions, and guidance on identifying and evaluating control deficiencies and communicating significant deficiencies and material weaknesses that were introduced by the issuance of SAS 112. Thus, the changes the ASB made to AT 501 were the same as those made in replacing SAS 60 with SAS 112, as discussed above. In addition, the ASB revised the illustrative internal control attestation reports in AT 501 to be consistent with SAS 112. The effective date of these conforming changes to AT 501 corresponds to that of SAS 112, that is, for internal control attestations as of or for a period ending on or after December 15, 2006. 8

Standards for Auditors of Public Companies

A public company is any company that has a class of securities registered with the Securities and Exchange Commission (SEC) or the appropriate banking agency under Section 12 of the Securities Exchange Act of 1934 (the Act) or that is required to file reports with the SEC under Section 15(d) of the Act. The SEC, in Rule 12b-2 of the Act, divides public companies into three categories: large accelerated filers, accelerated filers, and non-accelerated filers. In general, large accelerated filers are public companies whose voting and non-voting common equity held by non-affiliates has an aggregate market value of $700 million or more. Accelerated filers are public companies whose voting and non-voting common equity held by non-affiliates has an aggregate market value of between $75 million and $700 million, and non-accelerated filers are public companies whose voting and non-voting common equity held by non-affiliates has an aggregate market value of less than $75 million.

In July 2002, Congress passed the Sarbanes-Oxley Act (SOX), Section 404 of which established new provisions related to internal control over financial reporting for public companies. Section 404 requires a public company’s management to assess and report on the effectiveness of the company’s internal control over financial reporting and the company’s external auditor to examine the effectiveness of, and attest to management’s assessment of, this internal control structure. SOX also created the PCAOB, a private-sector non-profit corporation, to oversee the external auditors of public companies as a means of protecting the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports. 9 The PCAOB is authorized to establish auditing and related attestation, quality control, ethics, and independence standards and rules to be followed by public company auditors in the preparation and issuance of audit reports. Furthermore, auditors of public entities are required to register with the PCAOB, which conducts an inspection program to assess these auditors’ compliance with federal securities laws and regulations, the PCAOB’s rules, and professional standards in connection with their audits of public companies.

Although the ASB no longer has the authority to establish standards for audits of public companies, on April 16, 2003, the PCAOB adopted the AICPA’s then-existing auditing and attestation standards as its interim standards. Public company auditors must comply with these interim standards to the extent they have not been superseded or amended by the PCAOB. The interim standards originally included SAS 60 and AT 501 in the form in which they existed on April 16, 2003, and had been codified in the AICPA’s professional standards. In March 2004, the PCAOB issued Auditing Standard No. 2 (AS-2), “An Audit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements.” Among the key elements of AS-2 is a requirement that the auditor communicate in writing to a public company’s management and its audit committee all significant deficiencies and material weaknesses identified during the audit. AS-2 superseded the AT 501 interim standard for public companies.

The auditors of all accelerated filers were required to implement the provisions of AS-2 in an integrated audit of financial statements and internal control over financial reporting for fiscal years ending on or after November 15, 2004. However, non-accelerated filers have not yet been required to undergo an audit of internal control over financial reporting when their financial statements are audited. As a consequence, in September 2004, the PCAOB adopted conforming amendments to its interim standards resulting from its adoption of AS-2. These amendments revised SAS 60 in the interim standards to require the auditor of a non-accelerated filer to report to management and the audit committee only those control deficiencies identified in the audit of the financial statements that are either significant deficiencies or material weaknesses, which is similar to the AS-2 communication requirement. 10 The PCAOB‘s conforming amendments to SAS 60 became effective for audits of financial statements for periods ending on or after July 15, 2005.

After its adoption of AS-2, the PCAOB monitored how auditors had implemented the requirements of this auditing standard. The PCAOB determined that audits of internal control over financial reporting provided significant benefits, particularly in terms of corporate governance and quality of financial reporting; however, these benefits had come at a significant cost. The PCAOB observed that the costs were often higher than anticipated and the related effort in some cases has appeared greater than necessary to conduct an effective audit of internal control over financial reporting. 11 In May 2007, after considering public comments received and input from the SEC, the PCAOB decided to replace AS-2 with a revised standard on auditing internal control, Auditing Standard No. 5, “An Audit of Internal Control Over Financial Reporting That Is Integrated With An Audit of Financial Statements” (AS-5). AS-5 is effective for internal control audits of public entities for fiscal years ending on or after November 15, 2007, with earlier adoption permitted after July 25, 2007, the date of the SEC’s approval of AS-5. The PCAOB’s intent in adopting AS-5 was to focus the internal control audit on the areas of greatest risk, eliminate unnecessary procedures, scale the internal control audit to a public company’s size and complexity, and simplify the text of the standard compared with AS-2. 12 AS-5 also revised the definitions of material weakness and significant deficiency (see “Communication of Significant Deficiencies and Material Weaknesses” later in this article). Because of these definitional changes, the PCAOB also adopted additional conforming amendments to the version of SAS 60 in its interim standards (“SAS 60 Conformed”).

Insured Depository Institutions

For insured depository institutions with $500 million or more in total assets, the annual audit and reporting requirements in Part 363 of the FDIC’s regulations include provisions that address the external auditor’s communications about and reporting on the internal control structure and procedures for financial reporting. Since Part 363 was initially adopted by the FDIC in 1993, Section 363.4(c) has required each insured institution to file a copy of any management letter or other audit-related report issued by its external auditors within 15 days after receipt with the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor. Institutions with at least $500 million but less than $1 billion in total assets that are also public companies or subsidiaries of public companies subject to the provisions of Section 404 of SOX for the most recent fiscal year must also file their auditor’s report on the audit of internal control over financial reporting as an “other report.” All institutions with $1 billion or more in total assets, both public and nonpublic, are required to submit the external auditor’s audit or attestation report concerning the institution’s internal control structure and procedures for financial reporting as part of the Part 363 annual report. 13

Definitions

In evaluating an institution’s internal control environment, following the correct standard is critical, as previously discussed. Moreover, each standard defines key terms linked to the standard’s communication requirements. The definitions in these standards have similarities and differences that should be noted to ensure the appropriate level of auditor evaluation and communication.

A material weakness, as defined in the context of SAS 112 and AT 501, adopts the standard of “more than a remote likelihood” that a material misstatement of the financial statements will not be prevented or detected. By contrast, AS-5 and SAS 60 Conformed characterize a material weakness as a deficiency or combination of deficiencies in internal control over financial reporting such that there is a “reasonable possibility” that a material misstatement will not be prevented or detected. Both a “reasonable possibility” and “more than a remote likelihood” of an event, as used in these standards, occur when the likelihood of the event is either “reasonably possible” or “probable,” as those terms are used in Statement of Financial Accounting Standards No. 5, “Accounting for Contingencies” (FAS 5). According to FAS 5, a contingency is an existing condition, situation, or set of circumstances involving uncertainty as to possible gain or loss that will ultimately be resolved when one or more future events occur or fail to occur. When a loss contingency exists, the likelihood that the future event or events will confirm the loss can range from “probable” to “remote.” 19 “Probable” means that the future event or events are likely to occur, and “reasonably possible” means that the chance of the future event or events occurring is more than remote but less than likely. 20 In addition, FAS 5 uses the term “remote” to mean that the chance of the future event or events occurring is slight.

Internal Control Deficiencies Under SAS 112

Evaluating control deficiencies identified as part of a financial statement audit.

In evaluating identified control deficiencies, the auditor should consider the likelihood and magnitude of misstatement of the financial statements as well as the effect of compensating controls. The significance of a control deficiency depends on the potential for a misstatement, not on whether a misstatement actually has occurred. In this regard, the absence of an identified misstatement does not provide evidence that identified control deficiencies are not significant deficiencies or material weaknesses. 22

When multiple control deficiencies affect the same financial statement account balance or disclosure, the combination of these deficiencies may constitute a significant deficiency or material weakness, even though the deficiencies are individually insignificant. Factors affecting the magnitude of a financial statement misstatement resulting from a control deficiency or combination of deficiencies include, but are not limited to, the following:

• The financial statement amounts or total of transactions exposed to the deficiency. (The maximum amount of an overstatement is generally the recorded amount, but not for an understatement because of the potential for unrecorded amounts.)
• The volume of activity in the account balance or class of transactions exposed to the deficiency in the current period or expected in future periods.

A compensating control is a control that limits the severity of a deficiency in another control and thereby prevents that other control from becoming a significant deficiency or a material weakness. Therefore, when evaluating whether a control deficiency or a combination of deficiencies is a significant deficiency or a material weakness, an auditor should evaluate the possible mitigating influence of compensating controls found to be effective. However, even if the compensating controls prevent a control deficiency from rising to the level of a significant deficiency or a material weakness, they do not eliminate the control deficiency.

Communication of Significant Deficiencies and Material Weaknesses

When conducting an audit, the auditor follows the appropriate professional standard as described above. When the auditor discovers control deficiencies, the same professional standards provide guidance about the level and form of communication required to be presented to the institution’s board of directors or the audit committee.

Whenever an auditor audits the financial statements of a nonpublic institution and identifies control deficiencies, SAS 112 requires the auditor to communicate significant deficiencies and material weaknesses in writing to management and the board of directors or its audit committee. The standard states that this written communication is best made by the report release date, but must be made no later than 60 days following the report release date. The report release date is the date the auditor grants the institution permission to use the auditor’s audit report (opinion) in connection with the financial statements, which is typically the date the auditor delivers the audit report to the institution. Significant deficiencies and material weaknesses identified during the audit, regardless of any conscious decision by management to accept that degree of risk, must be communicated to management and the board and/or audit committee as a part of each audit. This communication includes any significant deficiencies and material weaknesses communicated in previous audits that remain unremediated. The auditor may communicate in writing concerning unremediated deficiencies and weaknesses by referring to the previously issued written communication and the date of that communication. 26

The auditor’s written communication regarding significant deficiencies and material weaknesses identified during an audit of financial statements should state that the purpose of the audit was to express an opinion on the financial statements, but not to express an opinion on the effectiveness of the institution’s internal control over financial reporting. The auditor should also state that the auditor is not expressing an opinion on internal control effectiveness. The written communication should include the definitions of the terms “significant deficiency” and, where relevant, “material weakness,” and it should identify the matters considered to be significant deficiencies and, if applicable, material weaknesses. 27

If no material weaknesses were identified during an audit of a nonpublic institution’s financial statements, the auditor may, at the institution’s request, issue a written communication advising management and the board of directors or its audit committee of this fact. However, the auditor should add a statement to the written communication disclaiming an opinion on the effectiveness of the institution’s internal control. In contrast, the auditor should not issue a written communication stating that no significant deficiencies were identified during the audit, because of the potential for the limited degree of assurance provided by such a communication to be misinterpreted. If the auditor has performed an examination of internal control over financial reporting under the provisions of AT 501 for the same period or “as of” date as the audit of the financial statements, the auditor should not issue a report indicating that no material weaknesses were identified during the audit of the financial statements. 28

AT 501 is not applicable when an auditor performs only an audit of a nonpublic institution’s financial statements. Rather, SAS 112 applies to such an audit. Under AT 501, an auditor engaged to examine the effectiveness of a nonpublic institution’s internal control over financial reporting reports directly on the effectiveness of the institution’s internal control or on management’s written assertion about the effectiveness of the institution’s internal control. The latter type of auditor’s report is currently required for internal control attestations for nonpublic institutions with $1 billion or more in total assets conducted under AT 501. The auditor also is required to communicate significant deficiencies and material weaknesses in writing to management and the board of directors or the audit committee. Unless a significant deficiency or material weakness is of such significance that an interim communication would be warranted, the auditor’s written communication takes place after the examination is concluded. 29

When an auditor performs an audit of a public institution’s internal control over financial reporting that is integrated with the audit of the financial statements, AS-5 requires the auditor to communicate material weaknesses in writing to management and the audit committee. This should occur prior to the issuance of the auditor’s report on internal control over financial reporting. An “integrated audit” is required for public institutions that are either large accelerated filers or accelerated filers as defined by the SEC. Significant deficiencies must also be communicated in writing to the audit committee; however, AS-5 does not specify when such communication should be made. If there are control deficiencies that, individually or in combination, result in one or more material weaknesses, the auditor must express an adverse opinion on the institution’s internal control over financial reporting, unless there is a restriction on the scope of the engagement. The auditor should also determine the effect that the adverse opinion on internal control has on the auditor’s opinion on the financial statements. In addition, the auditor should disclose whether the auditor’s opinion on the financial statements was affected by the adverse opinion on internal control over financial reporting. 30

SAS 60 Conformed

In an audit of a public institution’s financial statements without an integrated internal control audit, SAS 60 Conformed requires the auditor to communicate in writing to management and the audit committee all significant deficiencies and material weaknesses identified during the audit. Currently, only nonaccelerated filers as defined by the SEC are allowed to undergo financial statement audits without an integrated internal control audit. The auditor’s written internal control communication should be made before the issuance of the auditor’s report on the financial statements. The auditor’s communication should distinguish clearly between those matters considered significant deficiencies and those considered material weaknesses. 31

Other Communication of Internal Control Deficiencies

During the course of an audit, the auditor may discover internal control deficiencies that do not rise to the level of significant deficiencies or material weaknesses. These should be communicated to institution management in compliance with professional standards.

During the course of an audit of a public institution’s internal control over financial reporting that is integrated with the audit of its financial statements, the auditor may identify deficiencies in internal control over financial reporting that are of a lesser magnitude than material weaknesses. The auditor should communicate to management, in writing, all such deficiencies and inform the audit committee when such a communication has been made. (Some of these deficiencies may be significant deficiencies about which the auditor must communicate in writing to the audit committee, as mentioned above.) When making this communication to management, it is not necessary for the auditor to repeat information about such deficiencies in internal control over financial reporting if they have been included in previously issued written communications, whether those communications were made by the auditor, internal auditors, or others within the institution. Furthermore, the auditor is not required to perform audit procedures sufficient to identify all control deficiencies; rather, the auditor should communicate deficiencies in internal control over financial reporting of which the auditor is aware. However, because the audit of internal control over financial reporting does not provide the auditor with assurance that he has identified all deficiencies less severe than a material weakness, the auditor should not issue a report stating that no such deficiencies were noted during the audit. 32

As a separate matter, if the auditor concludes that the oversight of the institution’s external financial reporting and internal control over financial reporting by the institution’s audit committee is ineffective, the auditor must communicate that conclusion in writing to the board of directors. 33

During an audit of the financial statements of a public institution when an audit of internal control over financial reporting is not required to be conducted, the auditor may identify matters in addition to those required to be communicated by SAS 60 Conformed. These matters include control deficiencies that are neither significant deficiencies nor material weaknesses, and are matters the institution may request the auditor be alert to that go beyond those contemplated by SAS 60 Conformed. The auditor may report such matters to management, the audit committee, or others, as appropriate, although the communication is not required to be in writing. However, if the auditor did not identify any significant deficiencies during the audit of the financial statements, the auditor should not report in writing that no such deficiencies were discovered because of the potential for the limited degree of assurance associated with such a report to be misinterpreted. When timely communication of internal control deficiencies is important, the auditor should communicate such deficiencies during the audit rather than at the end of the engagement. The decision about whether to issue an interim communication should be based on the relative significance of the matters noted and the urgency of corrective follow-up action required. 34

SAS 60 Conformed does not explicitly require the auditor to evaluate the effectiveness of the audit committee’s oversight in an audit of only the financial statements. However, if the auditor becomes aware that the audit committee’s oversight of the institution’s external financial reporting and internal control over financial reporting is ineffective, the auditor must communicate that information in writing to the board of directors. Such ineffective oversight should be regarded as an indicator that a material weakness in internal control over financial reporting exists. 35

When an auditor performs a financial statement audit for a nonpublic institution, the auditor may communicate, either orally or in writing, to management and the board of directors or its audit committee, other matters that the auditor believes to be of potential benefit to the institution, such as recommendations for operational or administrative efficiency or for improving internal control. In addition, the auditor should report on any matters requested by the institution, such as control deficiencies that are not significant deficiencies or material weaknesses.

What Does the Future Hold?

As discussed in this article, the AICPA modified its attestation standards in AT 501 and replaced its auditing standards in SAS 60 with SAS 112 to conform its professional standards to the terminology and communication requirements of the PCAOB’s AS-2. AT 501 was in the process of a more comprehensive revision in early 2006, but the AICPA delayed this initiative when the PCAOB announced in May 2006 that it would undertake an initiative to amend AS-2. The PCAOB later decided against amending AS-2 and elected instead to replace AS-2 with a new auditing standard, which became AS-5. As a result, the definitions of certain internal control-related terms and auditors’ communication standards currently differ somewhat for audits of public companies and nonpublic companies. Changes to SAS 112 and AT 501 to bring these standards more in line with those of the PCAOB are the purview of the AICPA’s ASB. Although the PCAOB adopted AS-5 in May 2007, the ASB is waiting to see what changes the International Auditing and Assurance Standards Board will make to the International Standards on Auditing on auditor communication as part of its “Clarity” project.

The PCAOB also is continuing to develop for auditors of smaller public companies guidance for applying AS-5 and is continuing to hold Forums on Auditing in the Small Business Environment to better monitor implementation issues related to smaller public companies. 36

In October 2007, the FDIC Board of Directors approved the publication of proposed amendments to Part 363 of the FDIC’s regulations that would, among other things, address communications between an institution’s external auditor and the audit committee. These reporting requirements are intended to strengthen the relationship between the audit committee and the external auditor. The FDIC previously stated that effective communication between the external auditor who audits the institution’s financial statements and the institution’s audit committee assists the committee in carrying out its responsibilities. For this reason, the FDIC has encouraged institutions, regardless of whether they are public companies, to arrange with their external auditor to institute these reporting practices. One of the proposed amendments to Part 363 would establish a uniform minimum requirement for external auditor communications with the audit committees of both public and nonpublic institutions subject to this regulation. As proposed, the external auditor would be required to report on a timely basis to the audit committee about other written communications the auditor has provided to management, such as a management letter or schedule of unadjusted differences. 37

As a result of these changes, the auditing profession and communications of internal control deficiencies identified in an audit are continuing to evolve. Overall, these changes are positive and are making information generated during audits about such deficiencies more readily available to examiners as they plan and conduct examinations.

Gregory B. Duncan Policy Analyst Division of Supervision and Consumer Protection [email protected]

1 Appendix A to Part 364 of the FDIC’s regulations.

2 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraph 3.

3 See the Interagency Policy Statement on External Auditing Programs of Banks and Savings Associations (FIL-96-99, October 25, 1999, http://www.fdic.gov/news/news/financial/1999/fil9996.html ).

4 The Part 363 Annual Report also includes audited comparative financial statements, a statement of management’s responsibilities, an assessment by management of compliance during the year with laws and regulations on insider lending and dividend restrictions, and, for institutions with $1 billion or more in total assets, management’s assessment of the effectiveness of internal control over financial reporting as of year-end.

5 FIL-96-99, October 25, 1999.

6 AICPA Professional Standards, AU Section 110, “Responsibilities and Functions of the Independent Auditor,” November 1972, paragraph 1.

7 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” May 2007, p. 431.

8 AICPA Professional Standards, AT Section 501, “Reporting on an Entity’s Internal Control Over Financial Reporting,” AT 501, May 2007, pp. 2709–2732.

9 PCAOB Mission Statement, http://www.pcaobus.org/index.aspx .

10 PCAOB Conforming Amendments, Release No. 2004-008, September 15, 2004, p. 7.

11 PCAOB Proposed Auditing Standard: An Audit of Internal Control Over Financial Reporting That Is Integrated With An Audit of Financial Statements and Related Other Proposals, PCAOB Release No. 2006-007 (December 19, 2006).

12 PCAOB News Release, “Board Approves New Audit Standard for Internal Control Over Financial Reporting and, Separately, Recommendations on Inspection Frequency Rule,” May 24, 2007.

13 Financial Institution Letters FIL-119-2005, Annual Independent Audits and Reporting Requirements Amendments to Part 363.

14 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraphs 5–8.

15 AICPA Professional Standards, AT Section 501, “Reporting on an Entity’s Internal Control Over Financial Reporting,” paragraphs 36–40.

16 PCAOB Standards, AS-5, August 6, 2007, paragraphs A3, A7, A11.

17 PCAOB Conforming Amendments, August 6, 2007, Release 2007-005A, pp. 482–484.

18 For the SAS 112 definition of significant deficiency, the phrase “more than inconsequential” describes the magnitude of a potential misstatement that could occur as a result of a significant deficiency and is the threshold for evaluating whether a control deficiency or a combination of such deficiencies is a significant deficiency. In making this evaluation, the auditor determines whether a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would clearly be material to the financial statements. The auditor should consider both qualitative and quantitative factors when determining whether a potential misstatement would be more than inconsequential.

19 Financial Accounting Standards Board, Statement of Financial Accounting Standards No. 5, “Accounting for Contingencies,” paragraph 1.

20 Financial Accounting Standards Board, Statement on Financial Accounting Standards No. 5, “Accounting for Contingencies,” paragraph 3.

21 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraph 32.

22 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraphs 9 and 10.

23 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraph 11.

24 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraph 18.

25 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraph 19.

26 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraphs 20 and 21, and AU Section 339, “Audit Documentation,” footnote 6.

27 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraph 25.

28 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraphs 28 and 29.

29 AICPA Professional Standards, AT Section 501, “Reporting on an Entity’s Internal Control Over Financial Reporting,” paragraphs 49 and 50.

30 PCAOB Standards, AS-5, August 6, 2007, paragraphs 78, 80, 90, and 92.

31 AICPA Professional Standards, AU Section 325, “Communicating Internal Control Related Matters Identified in an Audit,” paragraph 4.

32 PCAOB Standards, AS-5, August 6, 2007, paragraphs 81–83.

33 PCAOB Standards, AS-5, August 6, 2007, paragraph 79.

34 PCAOB Conforming Amendments, Release 2004-008, September 15, 2004, pp. A-12–A-16.

35 PCAOB Conforming Amendments, August 6, 2007, Release 2007-005A, p. 483.

36 PCAOB News Release, “Board Approves New Audit Standard for Internal Control Over Financial Reporting and, Separately, Recommendations on Inspection Frequency Rule,” May 24, 2007.

37 Federal Register, Vol. 72, No. 212, Part II, Federal Deposit Insurance Corporation, 12 CFR Parts 308 and 363, “Annual Independent Audits and Reporting Requirements; Proposed Rule,” November 2, 2007, pp. 62310–62335, https://www.fdic.gov/resources/regulations/federal-register-publications/2007/07proposenov2.pdf .

    LOGIN PAY INVOICE

Avoiding Common Reportable Significant Deficiencies In Your Single Audit

An organization may be required to file a single audit known as a single audit when it reaches a specific threshold for receipt or expenditure of federal awards within its fiscal year. Single audits allow the Federal Government to assess an organization’s financial health and ability to manage federal awards. They also provide financial statement users with a comprehensive look at all operations and provide assurance on your program information, compliance, and internal control over compliance. 

When is an organization required to file a single audit?

Non-federal entities, such as nonprofit organizations, institutions of higher education, state and local governments, and Indian tribes, that carry out federal awards as recipients or sub-recipients are required to file a single audit if the organization expends direct or indirect federal awards in excess of $750,000 in their fiscal year. Federal awards include, among other things, grants, contracts, loans, loan guarantees, interest subsidies, property, and endowments. The timing of the expenditure depends on the type of award. For example, property expenditure occurs when it is received, and the expenditure for interest subsidies occurs when the amounts are disbursed.  

Commercial organizations that received $750,000 or more in federal awards in their accounting period (regardless of the timing of expenditure) that do not qualify for a program-specific audit may also be subject to a single audit. This scenario is occurring more and more since federal funds have been provided through certain COVID-19 relief programs. These programs have provided countless businesses and organizations with much-needed financial assistance. But for many of these organizations, that assistance also means the amount of federal awards they received for the year is much higher than they are accustomed to receiving. If you received federal COVID-19 assistance in 2020 or 2021, your awards might trigger a single audit filing requirement. 

How is a single audit performed?

Single audits are performed by a certified third-party auditor and conducted in accordance with both generally accepted accounting standards (GAAS) and generally accepted government accounting standards (GAGAS, which is also referred to as “yellow book”). Although all single audits include yellow book standards, a standalone yellow book audit may be required even if the organization is not required to file a single audit. 

During a single audit, your auditors will perform procedures to obtain sufficient appropriate audit evidence supporting the accuracy and completeness of your internally-prepared Statement of Financial Awards (SEFA). You will work with your auditor to collect the required information to submit a complete single audit package to the Federal Audit Clearinghouse (FAC). 

Based on your auditor’s findings, they may be required to report certain findings on deficiencies in internal control over financial reporting in their schedule of findings and questioned costs (SFQC), and that information may be made publicly available. That’s why it’s essential to understand common deficiencies and how to prevent them. 

What makes a deficiency material or significant?

According to GAAS , a deficiency exists “when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.” Auditors are required to report material noncompliance with the provisions of federal statutes, regulations, or the terms and conditions of federal awards related to a major program and significant deficiencies and material weaknesses in internal control over major programs. 

A material weakness occurs when there is a reasonable possibility or probability that the deficiency will result in a material misstatement of the organization’s financial statements. While a significant deficiency is less severe than a material weakness, it is important enough “to merit attention by those charged with governance.” 

How can you avoid common significant deficiencies?

Most common deficiencies auditors find stem from a lack of or improper risk assessments and internal controls. It isn’t uncommon for auditors to find that an organization has inadvertently breached the terms and conditions of one or more of their government contracts. Your organization must have internal controls in place to ensure expenditures are made in compliance with the terms and conditions of the federal award. Correctly identifying sub-recipients, performing sub-recipient monitoring, and ensuring all subawards meet contract requirements are also key.

Ensure your staff working on federal programs are trained in Uniform Guidance administrative requirements and cost principles, such as internal control, procurement, and allowable direct and indirect costs. Appropriate personnel should be familiar with SEFA requirements and the Council on Financial Assistance Reform’s (COFAR) standards on effective dates, applicability, methods of procurement, and indirect costs. Your staff should also review the Office of Management & Budget (OMB) 2021 compliance supplement to understand the interplay between COVID-19 federal assistance and related filing requirements.     

If your organization was subject to a single audit in the prior fiscal year, part of your single audit package for the current fiscal year will include a Summary Schedule of Prior Audit Findings. It’s essential to review any correspondence from your auditors from the prior year to ensure any issues noted for that accounting period have been resolved.   

Specific procedures or actions can trigger increased scrutiny from oversight agencies. For example, in terms of cost transfers, shifting costs at the end of a project or between programs may draw attention. In terms of cash management, it’s best practice to disperse a check as quickly as possible after drawing down federal cash under your letter of credit. 

How should you prepare for your single audit? 

Once your Data Collection Form (DCF) is complete and your single audit reporting package has been prepared, your organization must submit all information to the FAC within 30 calendar days of receiving the auditor’s report(s), or nine months after the end of the audit period, if earlier. Late filings are often precursors that indicate there may be weaknesses in your grant management systems; in turn, by filing late, you may be inviting unwanted, intensified scrutiny from oversight authorities.                      

Document your policies and procedures. When formally documented, they help your organization drive accountability, quality, and compliance. It is also critical to keep clean, accessible records to quickly gather and summarize grant information and determine whether your awards are subject to pre-Uniform Guidance or post-Uniform Guidance standards. 

Make sure your property records are in compliance with all of the required data elements outlined in Subpart E. And take inventory of all equipment you purchased with federal funds so that you can reconcile the inventory count to your property records. 

You are ultimately responsible for preparing your organization’s SEFA, so it’s a good idea to prepare a draft copy to go over with your auditor. Well-kept documentation is an essential part of the drafting process, and it also helps you and your auditor with major program determination. 

Contact LGA

The audit and assurance team at LGA helps businesses and nonprofits navigate the complexities of single audit requirements. I work with owner-managed and privately held companies across several different industries, and I’d like to help you with a plan to meet your organization’s compliance needs. To learn more, contact me today. 

by John Ead, CPA

DEPARTMENT OF PARKS AND RECREATION

Reference Number: 2021-10

For fiscal year 2019–20, we reported that the Department of Parks and Recreation (State Parks) continued to be unable to reconcile its capital asset account balances for buildings and related improvements to a subsidiary inventory ledger and thus could not ensure that it was reporting complete and accurate information in the State’s annual comprehensive financial report (ACFR). During fiscal year 2020–21, State Parks still lacked an accurate and complete subsidiary ledger because it did not have policies and procedures to ensure that it maintains its records for buildings and related improvements in compliance with generally accepted accounting principles (GAAP). For fiscal year 2020–21, State Parks reported the same balances for all of its capital assets as it reported for fiscal year 2017–18. Nevertheless, based on the level of funding historically made available to State Parks, these issues do not currently pose a risk of a material misstatement to the State’s ACFR.

Since September 2021, State Parks has developed and communicated to staff various policies and procedures related to its capital assets. For example, it now has a section in its administrative manual that establishes procedures to ensure accurate and complete records of asset acquisition, control, and disposition. The manual also defines the capitalization criteria that State Parks staff should use when recording assets. Additionally, State Parks has developed and communicated instructions for conducting inventory counts and valuing assets. However, these policies and procedures do not include a methodology for determining the estimated historical cost of its roads and trails.

Although State Parks had made progress as of February 2023 in implementing some of the recommendations we made in prior years, it still had not yet completed a comprehensive inventory or updated its accounting records in the Financial Information System for California (FI$Cal). According to State Parks’ FI$Cal and special projects manager, State Parks began the process of conducting a statewide inventory of its assets in December 2021 by working to compile its asset information. She stated that State Parks provided the compiled asset information to its districts in December 2022 and established a deadline of May 1, 2023, for the districts to review the information and submit any needed corrections. She also said that the accounting and business management services divisions plan to complete a review of the districts’ inventory results by June 2023.

Until State Parks fully addresses these recommendations, it will continue to be unable to ensure the accuracy and completeness of the capital assets it reports for inclusion in the State’s ACFR.

Codification of Governmental Accounting and Financial Reporting Standards section 1400.102 states that capital assets should be reported at historical cost. The cost of a capital asset should include ancillary charges necessary to place the asset into its intended location and condition for use. Ancillary charges include costs that are directly attributable to asset acquisition, such as freight and transportation charges, site preparation costs, and professional fees. Donated capital assets should be reported at their acquisition value plus ancillary charges, if any.

Codification of Governmental Accounting and Financial Reporting Standards section 1400.104 states that capital assets should be depreciated over their estimated useful lives unless they are inexhaustible, are intangible assets with indefinite useful lives, or are infrastructure assets reported using the modified approach.

State Administrative Manual (SAM) section 8650.1 states that to maintain accountability of capital assets, departments are required to maintain a record of all property, whether capitalized or not, in a property accounting or inventory system.

SAM section 8650.2 states when capital assets are acquired, departments will record certain information in their systems, including the date acquired, property description, owner fund, and historical cost or other basis of valuation.

SAM section 7924 directs departments to reconcile acquisitions and dispositions of capitalized assets and property with the amounts they have recorded in their property register. The reconciliation should be done monthly or at least quarterly, depending on the volume of transactions.

SAM section 8652 states that departments are to make a physical count of all property and reconcile the count with their accounting records at least once every three years.

To ensure that it properly reports its capital assets in its year‑end financial statements, State Parks should take the following actions:

• Develop and communicate to staff a sound methodology for identifying and compiling relevant information about roads and trails, including asset values based on historical cost (or acquisition value for donated assets) and asset acquisition dates.
• Conduct a comprehensive inventory of capital assets.
• Update its subsidiary capital asset records in FI$Cal to reflect the results of the inventory and ensure that its year‑end financial reports reflect any necessary restatements.
• In accordance with SAM section 8652, conduct a physical count of all property and reconcile the count with its accounting records at least once every three years.

Department's View and Corrective Actions:

State Parks agrees with the findings and stated it will take the following actions:

• Work with subject matter experts to develop a standard per unit cost for roads and trails.
• Complete a comprehensive inventory, which is currently underway, with all districts and divisions reviewing FI$Cal capital asset records.
• Update its FI$Cal capital asset records to reflect any necessary restatements from its comprehensive inventory.
• Conduct physical property inventories at least once every three years in accordance with SAM Section 8652.

Financial Audit Team for the State of California: Financial Report for the Fiscal Year Ended June 30, 2021 , Report 2021-001, and the State of California: Internal Control and Compliance Audit Report for the Fiscal Year Ended June 30, 2021 , Report 2021-001.1

Staff: Theresa Farmer, CPA, Project Manager Jim Sandberg-Larsen, CPA Conor Bright, CPA Nathan Briley, JD, CPA Angela Dickison, CPA Natalia Lee, CPA, CFE Richard Marsh, CPA Mateo Amaral Paula Anisco Lisa Ayrapetyan, CPA Raj Bhandal Amanda Chan Anil Cherukara Renee Davenport Brian Dunn, CPA Eliana Flores, CPA Matt Gannon Sarah Hartstrom, CPA Kim Johnson Parris Lee Margaret Lumban-Gaol Lisa Mironyuk Vanessa Quintero Luis Rodriguez Mike Shorter, CPA Harjot Singh

Data Analytics: Brandon Clift, CPA R. Wade Fry, MPA Andrew Jun Lee

March 31, 2023

Employment Development Department

Multiple Departments Using FI$Cal

Department of FISCal

State Controller’s Office

California Department of Education

Department of Finance

Franchise Tax Board

California Department of Public Health

Department of Parks and Recreation

Whistleblower Hotline call 1.800.952.5665 or visit auditor.ca.gov/hotline

The Federal Register

The daily journal of the united states government, request access.

Due to aggressive automated scraping of FederalRegister.gov and eCFR.gov, programmatic access to these sites is limited to access to our extensive developer APIs.

If you are human user receiving this message, we can add your IP address to a set of IPs that can access FederalRegister.gov & eCFR.gov; complete the CAPTCHA (bot test) below and click "Request Access". This process will be necessary for each IP address you wish to access the site from, requests are valid for approximately one quarter (three months) after which the process may need to be repeated.

An official website of the United States government.

If you want to request a wider IP range, first request access for your current IP, and then use the "Site Feedback" button found in the lower left-hand side to make the request.

Company Filings | More Search Options

Company Filings More Search Options -->

• Commissioners
• Reports and Publications
• Securities Laws
• Commission Votes
• Corporation Finance
• Enforcement
• Investment Management
• Economic and Risk Analysis
• Trading and Markets
• Office of Administrative Law Judges
• Examinations
• Litigation Releases
• Administrative Proceedings
• Opinions and Adjudicatory Orders
• Accounting and Auditing
• Trading Suspensions
• How Investigations Work
• Receiverships
• Information for Harmed Investors
• Rulemaking Activity
• Proposed Rules
• Final Rules
• Interim Final Temporary Rules
• Other Orders and Notices
• Self-Regulatory Organizations
• Staff Interpretations
• Investor Education
• Small Business Capital Raising
• EDGAR – Search & Access
• EDGAR – Information for Filers
• Company Filing Search
• How to Search EDGAR
• About EDGAR
• Press Releases
• Speeches and Statements
• Securities Topics
• Upcoming Events
• SEC in the News
• Media Gallery
• Divisions & Offices
• Public Statements

Financial Reporting Manual

Dec. 11, 2017

Back to Table of Contents

TOPIC 4 - Independent Accountants' Involvement

4100 qualifications of accountants.

(Last updated: 6/30/2009)

4110 PCAOB Registration

4110.1 PCAOB Rule 2100 requires each firm (domestic or foreign) to register with the PCAOB that:

• prepares or issues any audit report with respect to any issuer; or
• plays a substantial role in the preparation or furnishing of an audit report with respect to any issuer.

4110.2 A public accounting firm not registered with the PCAOB may be able to perform some audit services for an issuer if the firm does not play a substantial role in the preparation or furnishing of the audit report as defined by PCAOB Rule 1001(p)(ii).

4110.3 In accordance with PCAOB Rule 2107(b)(1), a firm that was once registered and then later withdrew may reissue or give consent to the use of a prior report that it issued while registered. However, the firm cannot update or dual-date a previously issued report after the firm is no longer registered, as that involves additional audit work.

4110.4 Issuer financial statements audited by a nonregistered firm are considered to be “not audited,” and any 10-K, proxy statement, or registration statement containing or incorporating by reference such financial statements is deemed substantially deficient. In addition, the 10-K is deemed not timely filed. The 10-K or filing should be amended immediately to remove the nonregistered auditor’s report and label the columns of the financial statements as “not audited.” The issuer would then need to file another amendment to file financial statements audited by a registered firm.

4110.5 The following chart outlines the application of certain PCAOB requirements in various filings with the SEC.

(Last updated: 10/30/2020)

4110.6 For purposes of Item 5 of the table above, a non-issuer entity could also be a bidder in a Schedule TO or an acquirer in a proxy statement.

4110.7 As noted in the table above, subsidiary guarantors are considered issuers whose financial statements filed under S-X 3-10 must be audited by a PCAOB-registered firm using PCAOB standards.  However, relief from these requirements may be available for recently-acquired subsidiary guarantors in certain circumstances.  Registrants should consult with CF-OCA prior to filing any S-X 3-10(g) financial statements that are not audited by a PCAOB- registered firm.  (Last updated: 3/31/2011)

4110.8 The audited balance sheet of a non-issuer general partner that is included in a transactional filing or registration statement of a limited partnership issuer is not required to be audited by a PCAOB registered firm. The audit report also is not required to refer to PCAOB standards.

4115 Involuntary PCAOB Deregistration

(Last updated: 9/30/2009)

4115.1 If the PCAOB revokes the registration of an audit firm, audit reports issued by that firm may no longer be included in a registrant’s filings made on or after the date the firm’s registration is revoked, even if the report was previously issued before the date of revocation. Financial statements previously audited by a firm whose registration has been revoked would generally need to be reaudited by a PCAOB registered firm prior to inclusion in future filings or if included in a registration statement that has not yet been declared effective.

(Last updated: 6/30/2011)

4115.2 In providing the information that Item 304 of Regulation S-K requires regarding a change in accountants for a firm whose registration is revoked by the PCAOB, a company should indicate that the PCAOB has revoked the registration of its prior auditor. If a company previously explained the PCAOB registration revocation in its Item 4.01 Form 8-K, it need not repeat this disclosure in its Form 10-K.

4120 Duly Registered and in Good Standing Under the Laws of the Accountant’s Place of Residence or Principal Office [S-X 2-01]

(Last updated: 9/30/2011)

4120.1 The SEC will not recognize any person as a certified public accountant unless duly registered (licensed to practice) and in good standing under the laws of the place of the accountant’s residence or principal office. [S-X 2-01(a)] However, S-X 2-01(a) does not affect the applicability of any other registration, licensing or qualification requirements that may apply in any State or competent jurisdiction.

4120.2 The staff may question the location from which the audit report was rendered if there does not appear to be a logical relationship between that location and the location of the registrant’s corporate offices, its principal operations, its principal assets, or where the audit work was principally conducted. The staff will consider all relevant factors in questioning the location from which the audit report was rendered.

4120.3 An auditor whose report is included in a domestic registrant’s filings should be an expert in U.S. GAAP and the standards of the PCAOB (U.S. GAAS for non-issuers).

4130 Independence [S-X 2-01(b) and (c), SOX 201]

4130.1 Questions regarding independence should be directed to OCA. Auditor reports on financial statements that refer to PCAOB standards must comply with the independence rules of both the SEC and the PCAOB. The SEC’s independence rules are promulgated in S-X 2-01. The PCAOB has also issued certain independence and ethics rules, which are part of its adopted standards. See https://pcaobus.org/. Compliance with these rules is required to issue a PCAOB opinion.

4130.2 S-X 2-01 is designed to ensure that auditors are qualified and independent both in fact and in appearance. Accordingly, the rule sets forth restrictions, including but not limited to, on financial, employment, and business relationships between an accountant and an audit client and restrictions on an accountant providing certain non-audit services to an audit client. These restrictions are prescribed in paragraphs (c)(1) to (c)(8) of S-X 2-01. The general standard of independence is set forth in S-X 2-01(b). The rule does not purport to, and the SEC could not, consider all the circumstances that raise independence concerns, and these are subject to the general standard in paragraph 2-01(b). In considering this standard, the SEC looks in the first instance to whether a relationship or the provision of a service: (a) creates a mutual or conflicting interest between the accountant and the audit client; (b) places the accountant in the position of auditing his or her own work; (c) results in the accountant acting as management or an employee of the audit client; or (d) places the accountant in a position of being an advocate for the audit client. See also OCA: Application of the Commission’s Rules on Auditor Independence Frequently Asked Questions available here . (Last updated: 10/30/2020)

4130.3 SEC Independence rules also apply to Regulation A, except for Tier 1 offerings where the AICPA independence standards may be applied and Regulation D filings, and when separately audited financial statements of an equity investee is included in a filing under Rule 3-09 of Regulation S-X. [Form 1-A Part F/S and Section O. Other Independence in OCA: Application of the Commission’s Rules on Auditor Independence Frequently Asked Questions .] (Last updated: 10/30/2020)

4140 Principal Auditor [S-X 2-05, PCAOB AS 1205]

4140.1 When an independent auditor uses the work and reports of other independent auditors to audit the financial statements of one or more subsidiaries, divisions, branches, components, or investments included in the financial statements presented, such independent auditor must decide whether it may serve as the principal auditor. Generally, the principal auditor is expected to have audited or assumed responsibility for reporting on at least 50% of the assets and revenues of the consolidated entity. If it is impracticable for a principal auditor to assume that extent of responsibility for one or more of the periods presented, the staff will evaluate whether to accept the audit reports as sufficient for reliance in filings with the SEC depending on the facts and circumstances.

4140.2 A principal auditor must decide whether to make reference in its report to the audit performed by another auditor. If the principal auditor decides to assume responsibility for the work of the other auditor insofar as that work relates to the principal auditor’s expression of an opinion on the financial statements taken as a whole, no reference should be made to the other auditor’s work or report.

4140.3 If a principal auditor decides not to assume responsibility for the work of the other auditor insofar as that work relates to the principal auditor’s expression of an opinion on the financial statements taken as a whole, the principal auditor’s report should make reference to the audit of the other auditor and should indicate clearly the division of responsibility between the principal auditor and the other auditor in expressing his opinion on the financial statements. Regardless of the principal auditor’s decision, the other auditor remains responsible for the performance of its own work and for its own report.

4140.4 If a principal auditor makes reference to the work of the other auditor in the principal auditor’s report on either the financial statements or ICFR, the separate report of the other auditor shall be filed. [S-X 2-05]

(Last updated: 9/30/2012)

4140.5 If a principal auditor makes reference to the work of the other auditor in the principal auditor’s report, the other auditor must comply with all requirements with which the principal auditor must comply, with the exception of PCAOB registration when the other auditor does not meet the “substantial role” threshold defined in PCAOB Rule 1001(p)(ii) in the audit of the issuer. The other auditor must register with the PCAOB if it meets the “substantial role” threshold defined in PCAOB Rule 1001(p)(ii) in the audit of the issuer, regardless of whether the principal auditor refers to the work of the other auditor.  (Last updated: 9/30/2012)

4200 ACCOUNTANTS’ REPORTS [S-X 2-02]

4210 general – audit reports.

4210.1 The accountant’s report must be dated, electronically signed [S-T 302(a)], indicate the city and state where issued, and identify the financial statements covered.

4210.2 The report should refer to any supplemental schedules presented pursuant to S-X Article 12 (or a separate report on those schedules may be included with the schedules).

4210.3 The report must contain clear statements as to the scope of the audit. It must include representations that the audit is conducted in accordance with the standards of the Public Company Accounting Oversight Board (United States) for issuers or applicable professional standards (that is, U.S. GAAS as issued by the AICPA) for non-issuers (with certain exceptions noted in Section 4210.4). (Last updated: 10/30/2020)

4210.4 Audit reports on non-issuer financial statements may, but are not required to, refer to PCAOB standards, except in certain cases. An audit of non-issuer financial statements must be conducted in accordance with PCAOB standards if the issuer’s principal auditor makes reference to the work performed by the non-issuer auditor. (Last updated: 9/30/2012)

4210.5 The report must contain a clear statement as to the auditor’s opinion that the financial statements are presented in conformity with GAAP, and any exceptions taken. All financial statements must be prepared in accordance with U.S. GAAP for domestic issuers. Foreign private issuers may present their financial statements in accordance with IFRS as issued by the IASB without a reconciliation to U.S. GAAP, or in accordance with non-IFRS home-country GAAP reconciled to U.S. GAAP as permitted by Form 20-F.

4210.6 Auditors’ reports must refer to each period for which audited financial statements are required, except that audit reports opining on only the most recently completed fiscal year are permitted in an annual report to shareholders. Including an audit report on only the current period precludes the incorporation by reference of those financial statements into the Form 10-K or other filings unless the audit reports for previous years are separately included or incorporated by reference from another document. [Proxy Rules 14a-3(b)(1), Note 1]

4210.7 See Section 4320 for further requirements regarding ICFR audit reports, including PCAOB standard requirements.

4220 Qualified Audit Reports

The audit report that an independent auditor issues under PCAOB standards (or U.S. GAAS for non-issuers) may indicate that the financial statements do not satisfy the requirements of the SEC's rules or the audit procedures applied omitted certain procedures deemed necessary by the auditor. There may be rare instances when the staff will not object to an audit report on the financial statements that contains a qualification. However, a waiver from CF-OCA would need to be requested and obtained before filing. Examples of audit reports on the financial statements that represent a substantial deficiency in the filing are set forth in 4220.1 through 4220.4. In substantial deficiency situations, the related filing, e.g. Form 10-K, is deemed not timely filed and would impact compliance with certain rule and form eligibility requirements – such as, Regulation S, Rule 144, Form S-3 and Form S-8. (Last updated: 10/30/2020)

4220.1 Disclaimer of Opinion

S-X Article 2 requires the clear expression of an opinion on the financial statements. A report that states that the auditor is disclaiming an opinion on the financial statements for any reason does not satisfy the requirements of S-X Article 2.

4220.2 Adverse Opinion

An audit report that states that the financial statements taken as a whole are not presented fairly in conformity with GAAP does not satisfy the requirements of S-X Article 2.

4220.3 Scope Qualifications [SAB Topic 1E.2]

• A qualification with respect to the scope of the audit of the financial statements results in a finding by the staff that the audit of the financial statements required by SEC rules has not been performed.
• Sometimes an auditor is not present for observation of inventory. In that case, the auditor must be able to satisfy himself or herself through alternative procedures. No language in the report should imply a qualification as to scope or conclusions. [FRC 607.01]

4220.4 Qualifications as to Accounting Principles or Disclosures [SAB Topic 1E.2]

Audit reports that express a qualified or "except for" opinion due to a departure from GAAP do not meet the requirements of S-X Article 2. Financial statements not in conformity with GAAP are presumed to be inaccurate or misleading, notwithstanding explanatory disclosures in footnotes or in the accountant's report. [FRC 607.01]

4220.5 In the case of an auditor's issuance of an adverse opinion on a company's ICFR, the auditor should determine the effect an adverse opinion on ICFR has on the auditor's opinion on the financial statements. An auditor should disclose whether or not an adverse opinion on ICFR affected its audit opinion on the financial statements. [AS 2201, paragraph 92]

4230 Other Report Modifications

4230.1 Going Concern Modifications [AS 2415]

• Going concern modifications are required by PCAOB standards and U.S. GAAS in certain circumstances.
• Filings that include reports having going concern modifications must also include appropriate and prominent disclosure of the financial difficulties giving rise to that uncertainty. Discussion of a viable plan that has the capability of removing the threat to the continuation of the business must be included. The plan may include a "best efforts" offering so long as the amount of minimum proceeds necessary to remove the threat is disclosed. The plan should enable the issuer to remain viable for at least the 12 months following the date of the financial statements being reported on. If management has no viable plan, the use of going concern financial statements may be inappropriate and liquidation-basis financial statements may be necessary or the classification and amounts of assets and liabilities may need to be adjusted. [FRC 607.02] AU 341 does not apply to an audit of financial statements based on the assumption of liquidation.
• Going concern opinions that do not use the words "substantial doubt" when referencing a going concern matter do not comply with PCAOB standards/U.S. GAAS.
• Going concern opinions that use conditional language in expressing a conclusion concerning the existence of substantial doubt about the entity's ability to continue as a going concern are not appropriate.
• A disclaimer of opinion, "except for" opinion, or an adverse opinion resulting from going concern matters is permitted by AS 2415, but none of these types of opinion comply with the requirements of S-X Article 2.

4230.2 Changes in Accounting Principles [ASC 250, AS 2820, S-X 10-01]

• A change in accounting principle that has a material effect on the financial statements should be recognized in the auditor's report. [AS 2820, paragraph 8]
• The correction of a material misstatement in previously issued financial statements should be recognized in the auditor's report on the audited financial statements through the addition of an explanatory paragraph. [AS 2820, paragraph 9]
• Preferability letters must be included in Form 10-Q or Form 10-K as Exhibit 18 and need only be filed once in the first applicable 1934 Act filing following the change. Preferability letters are not required in 1933 Act filings. A preferability letter generally is required in Form 10-K only when a change in accounting occurs in the fourth quarter. Even though the independent accountant referred to the change in its audit report as required by PCAOB standards and concluded as to the preferability of the change, S-K 601 requires that a preferability letter be included as an exhibit to the Form 10-K (unless it was previously filed).
• The staff has objected to the change from one acceptable method to another acceptable method if the registrant and its independent accountants cannot demonstrate that the new method is preferable. Conforming to industry practice may not justify a change if industry practice is not the preferable method.
• Preferability letters are not required after a business combination where changes in the acquired entity's accounting are made to conform to those of the acquiring entity.
• A preferability letter is not required for a change in estimate effected by a change in accounting principle.
• A preferability letter is not required for changes that are mandatory or will be mandatory.

4230.3 Clarification in Audit Report Regarding No Audit of Internal Control Over Financial Reporting [SOX 404(b), S-K 308(b), AS 3105]

In a financial statement audit of an issuer or non-issuer that has determined it is not yet required to obtain, nor did it request the auditor to perform, an audit of internal control over financial reporting under SOX 404(b) and S-K 308(b), a firm may, but is not required to, expand its audit report to clarify this fact. A firm may include a statement that the purpose and extent of the auditor's consideration of internal control over financial reporting was to determine that the nature, timing, and extent of tests to be performed are appropriate in the circumstances, but was not sufficient to express an opinion on the effectiveness of internal control over financial reporting. If a firm chooses to expand its report to clarify this point, the scope paragraph in the audit report should follow the suggested language in AS 3105.59 to .60.

4300 REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING [SOX 404, AS 2201 and S-K 308, SEC Interpretive Guidance, ICFR FAQs, PCAOB Staff Guidance]

4310 management's annual report on internal control over financial reporting [s-k 308].

4310.1 S-K 308(a) requires management to provide its report on ICFR containing its assessment of the effectiveness of ICFR as of the end of the most recent fiscal year in its annual report on Form 10-K, 20-F, or 40-F (including transition reports filed on such forms upon a change in fiscal year-end). If the registrant is a non-EGC accelerated filer or a large accelerated filer, S-K 308(b) requires management to provide the registered public accounting firm's attestation report on the registrant's ICFR. Filings without the required report or reports are deficient and considered not timely, except for the limited situation described in Section 4310.6 below. Non-accelerated filers (both domestic and foreign) and EGCs (both domestic and foreign) are not required to include an auditor attestation report under S-K 308(b).

NOTE: Management's report on ICFR and the accompanying attestation report are not required in registration statements (whether under the 1933 Act or 1934 Act) or Forms 11-K. (Last updated: 6/30/2013)

4310.2 A non-EGC that enters accelerated filer status at the end of a fiscal year (based upon its public float as of the end of its second fiscal quarter) is required to include an auditor attestation report in the Form 10-K for that year. Similarly, a company that exits accelerated filer status at the end of its fiscal year (based upon its public float as of the end of its second fiscal quarter) would not be required to include an auditor attestation report in the Form 10-K for that year. (Last updated: 6/30/2013)

4310.3 The staff's Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Frequently Asked Questions ("ICFR FAQs") is available at http://www.sec.gov/info/accountants/controlfaq.htm .

4310.4 [Reserved]

4310.5 [Reserved]

4310.6 Pursuant to S-K 308, a newly public company need not provide management's report on ICFR until it either had been required to file or had filed a Form 10-K with the Commission for the prior fiscal year. A company that historically reported under the Exchange Act as a voluntary filer or because of registered debt, and therefore filed annual reports up to and through the date of its IPO, in which it was required to comply with the disclosures required by Item 308(a) of Regulation S-K, is therefore required to provide management's report on ICFR in its first annual report following the IPO.

Only "accelerated filers" that are not EGCs and "large accelerated filers" are required to provide an auditor's attestation report on ICFR under Item 308(b) of Regulation S-K. The definitions of "accelerated filer" and "large accelerated filer" require that the issuer has been subject to reporting under Section 13(a) or 15(d) and has filed at least one annual report. Newly public companies and companies that historically reported under the Exchange Act as voluntary filers or because of registered debt do not satisfy the definitions of "accelerated filer" or "large accelerated filer" for purposes of their first annual report following their IPO, and therefore are not required to include an auditor's attestation report on ICFR under S-K 308(b) in that first annual report.

A registrant should include a statement in its first annual report in substantially the following form:

"This annual report does not include a report of management's assessment regarding internal control over financial reporting or an attestation report of the company's registered public accounting firm due to a transition period established by rules of the Securities and Exchange Commission for newly public companies." [Instruction 1 to S-K 308] (Last updated: 6/30/2013)

4310.7 The framework on which management bases its evaluation of ICFR must be a suitable, recognized control framework. Many companies follow the COSO framework, but other frameworks are also acceptable. In assessing effectiveness, management evaluates whether its ICFR system addresses the elements of internal control that its chosen framework describes as necessary for an internal control system to be effective. There are no specifically required methods or procedures for evaluating ICFR, so it will vary from company to company. Management will have to use its best judgment. The evaluation must be based on procedures sufficient to evaluate both the design and operating effectiveness of ICFR. In June 2007, the SEC issued interpretative guidance regarding management's report on ICFR. [ Release No. 33-8810 ] An evaluation following this interpretative guidance is one way to satisfy the evaluation requirements of ICFR.

Under any method of evaluating ICFR, management must attain a level of "reasonable assurance" when making conclusions about the effectiveness of ICFR. While "reasonable assurance" is a high level of assurance, it does not mean absolute assurance. The term "reasonable assurance" relates to similar language in the Foreign Corrupt Practices Act. 1934 Act Section 13(b)(7) defines “reasonable assurance” as the degree of assurance that would satisfy prudent officials in the conduct of their own affairs. There is a range of judgments that an issuer might make as to what is reasonable in implementing SOX 404 and the SEC's rules.

4310.8 S-K 308 does not specify the exact content of management's annual report on ICFR. Management should tailor the wording of the report to fit its company's particular circumstances. However, management's annual report on ICFR must state or disclose the following:

• Management's responsibility for establishing and maintaining adequate ICFR for the company.
• The framework used by management as criteria for evaluating the effectiveness of ICFR.
• Management's assessment of the effectiveness of the company's ICFR at year end, including a statement as to whether or not ICFR is effective.
• Any material weaknesses in the company's ICFR identified by management (See Section 4320.8 for definition of material weakness).
• The fact that the company's independent public accountant, who audited the financial statements included in the annual report, has issued an attestation report on the company's ICFR (if applicable).

4310.9 Management must reach one of two conclusions for its assessment of ICFR – ICFR is either effective or not effective. Management cannot conclude that its ICFR is effective if there are one or more material weaknesses. Additionally, management cannot qualify its conclusion by stating that its ICFR is effective with certain qualifications or exceptions.  However, management may state that its controls are ineffective for specific reasons. Because of the substantial overlap between ICFR and DCP, if management concludes that ICFR is ineffective, it must also consider the impact of the material weakness on its conclusions related to DCP. (Last updated: 9/30/2010)

4310.10 In certain circumstances, management may encounter difficulty in assessing certain aspects of ICFR. Management must still conclude whether ICFR is effective or not since management is not permitted to issue a report with a scope limitation (except under the limited circumstances described in Section 4310.11). Therefore, management must determine whether an inability to assess certain aspects of ICFR is significant enough to conclude that ICFR is not effective.

4310.11 If management does not have the ability to assess certain aspects of ICFR, management must conclude whether ICFR is effective or not, taking into consideration any scope limitation. Scope limitations are not permitted in management’s report, except for the following limited exceptions (see 4310.3 for link to FAQs referenced):

• A variable interest entity in existence prior to December 15, 2003 that is consolidated AND the registrant does not have the right or authority to assess the internal controls of the consolidated variable-interest entity and also lacks the ability, in practice, to make that assessment. A similar exception is available for an entity accounted for via proportionate consolidation in accordance with ASC 810-10-45-14 if management does not have the ability to assess ICFR. [ICFR FAQ 1]
• Equity method investments. [ICFR FAQ 2]
• A current year acquisition (includes initial consolidation resulting from becoming the primary beneficiary of a variable interest entity) when it is not possible to conduct an assessment of the acquired business's ICFR in the period between the consummation date and the date of management’s assessment. The exclusion may not extend beyond one year from the date of the acquisition nor may it be omitted from more than one annual management report on ICFR. [ICFR FAQ 3]     (Last updated: 9/30/2010)
• A reverse acquisition between an issuer and a private operating company when it is not possible to conduct an assessment of the private operating company or accounting acquirer's ICFR in the period between the consummation date of a reverse acquisition and the date of management’s assessment of ICFR. See the Division of Corporation Finance's C&DIs for Regulation S-K, Question 215.02.

For foreign private issuers who file their financial statements in their home country GAAP, management's evaluation of ICFR should consider, in addition to controls related to preparation of the primary financial statements, controls related to the preparation of the U.S. GAAP reconciliation because the reconciliation is a required element of the financial statements. [ICFR FAQ 12] (Last updated: 9/30/2010)

4310.12 Management should consider disclosing the following with respect to a material weakness:

• Describe the nature of the material weakness;
• Describe its impact on the financial reporting and ICFR, if any; and
• Describe management's current plans or action already undertaken, if any, for remediating the material weakness.

4310.13 Management must communicate all significant deficiencies and material weaknesses it detects to the audit committee and external auditor. The SOX 302 certifications include an affirmative statement to this effect. Management must also provide written representations to the auditor regarding its internal controls.

4310.14 S-K 308 does not specify where management's internal control report must appear in the annual report on Form 10-K, but it should be located in close proximity to the corresponding attestation report issued by the company's auditor. [ Release No. 33-8238 ] Management's report is not required to have a title. Management's report does not need to be dated or signed, but may include the date and/or the names or signatures of management.

4310.15 Our rules do not address whether the assessment of ICFR covers supplementary financial information, Regulation S-X schedules, or ASC 932 oil and gas disclosures. Internal controls over supplementary information do not need to be included in an assessment of ICFR, although adequate internal controls over the preparation of supplementary information are required. [ICFR FAQ 11]

4310.16 There is no requirement for a company to reevaluate the effectiveness of its internal controls and/or reissue a revised management’s report on ICFR when a company restates its financial statements to correct errors in the financial statements. However, a company may need to consider whether or not its original disclosures in management’s report continue to be appropriate in light of these errors, and should modify or supplement its original disclosure to include any other material information that is necessary for such disclosures not to be misleading in light of the restatement. The company should also disclose any material changes to ICFR, as required by S-K 308(c).

4310.17 If a company's management concludes that its original assessment of ICFR was incorrect, it should consider whether or not to revise its original report on ICFR. A company should also reevaluate the appropriateness of its prior disclosures regarding the effectiveness of the company's DCP and make any necessary revisions. For example, a company disclosed that its Chief Financial Officer and Chief Executive Officer concluded its DCP were effective in its original Form 10-K. Subsequently, the company filed a Form 10-K/A to restate its financial statements for errors. In the Form 10-K/A, the company revised its disclosures to state that the Chief Financial Officer and Chief Executive Officer concluded its DCP were not effective, and the reasons why they were not effective.

4320 Auditor's Report on ICFR  [AS 2201, S-X 2-02(f)]

4320.1 AS 2201 requires an auditor to perform an audit of a company's ICFR that is integrated with an audit of the financial statements. A report on the audit of ICFR, which may be combined with or separate from the report on the financial statements, must include the following:

• A title that includes the word independent ;
• A statement that management is responsible for maintaining effective internal control over financial reporting and for assessing the effectiveness of internal control over financial reporting;
• An identification of management’s report on internal control;
• A statement that the auditor’s responsibility is to express an opinion on the company’s internal control over financial reporting based on his or her audit;
• A definition of internal control over financial reporting as stated in AS 2201, paragraph A5;
• A statement that the audit was conducted in accordance with the standards of the Public Company Accounting Oversight Board (United States);
• A statement that the standards of the Public Company Accounting Oversight Board require that the auditor plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects;
• A statement that an audit includes obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal controls based on the assessed risk and performing such other procedures as the auditor considered necessary in the circumstances;
• A statement that the auditor believes the audit provides a reasonable basis for his or her opinion;
• A paragraph stating that, because of inherent limitations, internal control over financial reporting may not prevent or detect misstatements and that projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate;
• The auditor’s opinion on whether the company maintained, in all material respects, effective internal control over financial reporting as of the specified date, based on the control criteria;
• The manual or printed signature of the auditor’s firm;
• The city and state (or city and country, in the case of non-U.S. auditors) from which the auditor’s report has been issued; and
• The date of the audit report.

4320.2 In addition, S-X 2-02(f) requires the audit report on ICFR to identify the period covered by the report.

4320.3 If the audit report on ICFR is separate from the audit report on the financial statements, both reports must be dated the same. See paragraphs 87-88 of AS 2201 for sample Illustrative Reports on Internal Control Over Financial Reporting.

4320.4 AS 2201 requires the auditor to modify its report on ICFR if any one of the following five conditions exists:

• Elements of management’s annual report on internal control are incomplete or improperly presented;
• There is a restriction on the scope of the engagement;
• The auditor decides to refer to the report of other auditors as the basis, in part, for the auditor's own report;
• There is other information contained in management's annual report on internal control over financial reporting; or
• Management's annual certification pursuant to SOX 302 is misstated. [AS 2201, paragraphs C1-C15]

The report modification may be in one of the following forms, depending on the condition:

• an explanatory paragraph;
• an adverse opinion; or
• a disclaimer of opinion.

4320.5 The auditor's report on ICFR should clearly state whether or not it is the auditor's opinion that a company maintained, in all material respects, effective ICFR at year end. It is not appropriate for the report to state that ICFR is effective with certain qualifications or exceptions. For example, language indicating that the company maintained effective ICFR, except for a certain weakness in a control, is not acceptable. Language indicating that the company maintained ICFR that are "sufficiently effective" or "adequate" is also not appropriate.

4320.6 The auditor must express an adverse opinion on the company’s ICFR when one or more material weaknesses in ICFR exist, unless there is a restriction on the scope of the engagement. See Section 4320.12. An adverse opinion on ICFR must include:

• The definition of a material weakness; and
• A statement that a material weakness has been identified and an identification of the material weakness described in management's assessment.

4320.7 The auditor should determine the effect an adverse opinion on ICFR has on the auditor’s opinion on the financial statements. Also, the auditor should disclose whether or not the adverse opinion on ICFR affected its audit opinion on the financial statements. [AS 2201, paragraph 92]

4320.8 A material weakness is a deficiency, or combination of deficiencies, in ICFR such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. [S-X 1-02(a)(4); AS 2201, paragraph A7]

4320.9 A deficiency or combination of deficiencies is an indicator of a material weakness if the auditor determines that the deficiency or combination of deficiencies might prevent prudent officials in the conduct of their own affairs from concluding that they have reasonable assurance that transactions are recorded as necessary to permit the preparation of the financial statements in conformity with GAAP. [AS 2201, paragraph 70]

4320.10 AS 2201 lists four indicators of a material weakness in ICFR, which are:

• Identification of fraud, whether or not material, on the part of senior management;
• Restatement of previously issued financial statements to reflect the correction of a material misstatement;
• Identification by the auditor of a material misstatement of financial statements in the current period in circumstances that indicate that the misstatement would not have been detected by the company’s internal control over financial reporting; and
• Ineffective oversight of the company’s external financial reporting and internal control over financial reporting by the company’s audit committee. [AS 2201, paragraph 69]

4320.11 If the material weakness was not included in management’s assessment, the auditor’s report on ICFR should be modified to state that a material weakness has been identified but not included in management’s assessment. Also, the auditor’s report should include a description of the material weakness, which should provide the users of the audit report with specific information about the nature of the material weakness and its actual and potential effect on the presentation of the company’s financial statements issued during the existence of the weakness. If the material weakness was included in management’s assessment but the auditor concludes that management’s disclosure of the material weakness is not fairly presented in all material respects, the auditor’s report should describe this conclusion as well as the information necessary to fairly describe the material weakness. [AS 2201, paragraph 91]

4320.12 Any report modification due to a scope limitation would result in a disclaimer of opinion on the audit of ICFR. Reports that result in a disclaimer of opinion are expected to be rare. [S-X 2-02(f)] Reports on audits of ICFR that disclaim an opinion due to a scope limitation should be discussed with CF-OCA in advance of filing. (Last updated: 9/30/2011)

4320.13 When disclaiming an opinion due to a scope limitation, the auditor must state that the scope of the audit was not sufficient to warrant the expression of an opinion. Also, the auditor’s report on ICFR should provide the substantive reasons for the disclaimer in a separate paragraph. [AS 2201, paragraph C4]

4320.14 When the auditor plans to disclaim an opinion on the audit of ICFR due to a scope limitation and the limited procedures performed by the auditor cause the auditor to conclude that a material weakness existed, the auditor’s report on ICFR should include the definition of a material weakness and a description of any material weakness identified, as described in 4320.6. [AS 2201, paragraph C5]

4320.15 If management discloses additional information in the report (e.g., its plans to implement new controls, corrective actions taken after the date of assessment, or a statement that management believes the cost of correcting a material weakness would exceed the benefits to be derived from implementing new controls), the auditor is required to modify its report regarding any additional information and disclaim an opinion on this information. [AS 2201, paragraphs C1 and C12-14]

4320.16 The auditor should inquire about and examine relevant documents for events which occurred subsequent to the date as of which ICFR is being audited but before the date of the auditor’s report. Such subsequent events could include changes in internal controls or other factors. If the auditor obtains knowledge about subsequent events that materially and adversely affect the effectiveness of the company’s ICFR as of the date specified in the assessment, the auditor should issue an adverse opinion on ICFR. If the auditor is unable to determine the effect of the subsequent event on the effectiveness of ICFR, the auditor should disclaim an opinion. [AS 2201, paragraphs 93-96]

4320.17 The auditor may obtain knowledge about subsequent events with respect to conditions that did not exist at the date specified in the assessment but arose subsequent to that date and before issuance of the auditor’s report. If a subsequent event of this type has a material effect on the company’s ICFR, the auditor should include an explanatory paragraph in its report on ICFR describing the event and its effects or directing the reader to the event and its effects as disclosed in management’s report on ICFR. [AS 2201, paragraph 97]

4320.18 An audit report on ICFR may be based, in part, on the work of another auditor when another auditor has audited the financial statements and ICFR of a subsidiary, division, branch or component of a company. The principal auditor should determine whether or not it will make reference in its report on ICFR to the audit of ICFR performed by another auditor. The auditor’s decision to make reference or not is based on factors analogous to those in AU 1205 when a principal auditor decides to make reference to the report of another auditor when reporting on a company’s financial statements. As a result, the decision to make reference to another auditor’s report on ICFR may differ from the decision to make reference to another auditor in the principal auditor’s report on the financial statements. When the auditor decides to make reference to the report of the other auditor in its report on ICFR, the principal auditor’s report on ICFR should refer to the report of the other auditor when describing the scope of the audit and expressing an opinion on ICFR. [AS 2201, paragraphs C8-C11]

4320.19 If the auditor makes reference to another auditor’s report on ICFR, the separate report of the other auditor on ICFR must also be included in the filing. [S-X 2-05]

4320.20 AS 6115 establishes requirements and provides guidance that apply when an auditor is engaged to report on whether a previously reported material weakness in internal control over financial reporting continues to exist as of a date specified by management.

4320.21 The auditor’s objective in an engagement to report on whether a previously reported material weakness continues to exist is to obtain reasonable assurance about whether the previously reported material weakness exists as of a date specified by management and to express an opinion thereon.  The auditor’s opinion relates to the existence of a specifically identified material weakness as of a specified date and does not relate to the effectiveness of the company’s ICFR overall.

4400 REVIEW AND COMPILATION REPORTS

4410 review reports on interim or pro forma data [as 4105, at section 401].

4410.1 Prior to filing, interim financial statements included in quarterly or transition reports on Form 10-Q must be reviewed by an independent registered public accountant using PCAOB standards and procedures for conducting such reviews, as may be modified or supplemented by the SEC. If the company states in any filing that interim financial statements have been reviewed by an independent public accountant, a report of the accountant on the review must be filed with the interim financial statements. [S-X 10-01(d)] Otherwise, the report is not required to be included in Form 10-Q.

4410.2 If a Form 10-Q that contains a review report on pro forma data or interim financial statements is incorporated by reference into a registration statement, the auditor must acknowledge use of its review report in a letter filed as Exhibit 15 to the registration statement. [S-K 601]

4410.3 If the review was not performed by a registered public accounting firm, the Form 10-Q is considered substantially deficient and not timely filed. In addition, the Form 10-Q must include the following disclosures:

• Identify the report as deficient;
• Label the columns of the financial statements as “not reviewed”; and
• Describe how the registrant will remedy the deficiency

When the review is completed by a registered accounting firm, the registrant must file an amendment to remove the references to the deficiency and the financial statements as “not reviewed.”

4420 Selected Quarterly Financial Data [AS 4105]

4420.1 Selected quarterly financial data is required for all registrants except foreign private issuers, mutual life insurance companies, and smaller reporting companies, and in initial registration statements. If it is required to be presented, it must be reviewed by the independent registered accountant. [S-K 302]

4420.2 No reference in the audit report to the quarterly data accompanying the annual financial statements is necessary if the auditor’s review conformed with applicable standards and the auditor is not aware that the interim information is materially affected by a departure from GAAP. Otherwise, the auditor must discuss the departures that exist.

4430 Compilation Reports

Compilation reports are not appropriate in any filings, including Regulation A filings, because the association of the accountant provides no basis for reliance. In addition, the presence of a compilation report may indicate a violation of SEC independence standards under S-X 2-01(c)(4)(i)(B).

4500 CHANGE IN ACCOUNTANTS [S-K 304, ITEM 4.01 FORM 8-K]

4510 change in accountants.

4510.1 If a change in accountant for a registrant or a significant subsidiary on whose report the principal accountant relied occurred within 24 months prior to or in any period subsequent to the date of the most recent financial statements, the registrant should provide the required information in:

• An Item 4.01 Form 8-K within 4 business days of the change;
• Proxy statements, even though previously disclosed in Form 8-K, if required by Item 9 of Schedule 14A; and
• Forms 10-K and 20-F, and registration statements, unless the change was previously disclosed.

NOTE: The disclosures about disagreements required by S-K 304(b) must always be provided, where required, even if previously disclosed. [Instruction 1 to S-K 304; Instruction 2 to Item 16F of Form 20-F for registrants with fiscal years ending on or after December 15, 2009]

4510.2 Disclosure of the following items should be provided:

• Whether the accountant resigned, declined to stand for reelection or was discharged (one of these must be specifically stated in the filing);
• The date of resignation or discharge;
• Whether the decision was recommended or approved by the Board of Directors or a committee thereof;
• Whether the accountant had issued a report in the last two fiscal years containing a disclaimer or adverse opinion, or that was qualified or modified. A modified opinion includes an opinion that expresses substantial doubt about a company’s ability to continue as a going concern;
• Whether in connection with audits of the two most recent years through the date of resignation or discharge there were any disagreements with the former accountant on any matter which, if not resolved to the satisfaction of the accountant, would have caused the accountant to make reference in its report to the matter. Among other items specified in S-K 304(a)(1)(iv), the filing should describe the subject matter of any such disagreement. Disagreements required to be reported include both those resolved to the satisfaction of the accountant and those not resolved to the satisfaction of the accountant.
• If there were any reportable events described under S-K 304(a)(1)(v) during the two most recent years and any interim period preceding the former accountant’s resignation or discharge, provide the disclosures required by S-K 304(a)(1)(iv). If the event led to a disagreement, then it should be reported as described under Section 4510.2(e) and need not be repeated.

4510.3 If the registrant amends the Item 4.01 Form 8-K disclosures for any reason, it must also file an updated letter from the auditor addressing the revised disclosures as Exhibit 16.

4520 Unusual Issues Involving Changes in Accountants

4520.1 [Reserved]

4520.2 Predecessor Auditor Refuses to Furnish Exhibit 16 Letter

If the predecessor auditor refuses to furnish an Exhibit 16 letter stating whether it agrees with the registrant’s statements, the registrant should indicate that fact in the Item 4.01 Form 8-K or by amendment to the original Form 8-K. See the Division of Corporation Finance’s C&DIs for Exchange Act Form 8-K, Question 214.01.

4520.3 Reverse Acquisition

• Unless the same accountant reported on the most recent financial statements of both the registrant and the accounting acquirer, a reverse acquisition always results in a change in accountants. An Item 4.01 Form 8-K should be filed within four business days of the change in accountants, which often occurs on the date the reverse merger is consummated. The accountant that will no longer be associated with the registrant’s financial statements is the predecessor accountant. If a decision has not been made as to which accountant will continue as the successor auditor as of the date of filing the Item 2.01 Form 8-K, an Item 4.01 Form 8-K must be filed within four business days of the date the decision is made.
• The disclosures required by S-K 304 with respect to any changes in the accounting acquirer’s auditor which occurred within 24 months prior to, or in any period subsequent to, the date of the acquirer’s financial statements must be provided in the filing. See Section 12230.

4520.4 Form 11-K Plans

Staff practice is not to object if a change in accountants for an employee stock purchase plan or similar plan filing a Form 11-K does not result in the filing of an Item 4.01 Form 8-K.

4530 Additional Guidance

(Last updated: 12/31/2010)

4530.1 Guidance regarding changes in accountants can be found in the Division of Corporation Finance’s Compliance and Disclosure Interpretations. Questions are grouped into the following categories and sections:

• Subsequent interim period
• No reportable events
• Remediation of internal control deficiencies
• Material weakness or significant deficiency in ICFR
• Going concern
• Explanatory paragraph in report on ICFR
• Revocation of accountant’s PCAOB registration
• Time period preceding resignation, declination or dismissal
• New principal accountant related to former principal accountant
• Business combination between principal accountant and another accounting firm
• Former accountant declines to provide agreement letter
• Requirement to use Form 8-K

4600 NON RELIANCE ON PREVIOUSLY ISSUED IFINANCIAL STATEMENTS OR RELATED AUDIT REPORT OR COMPLETED INTERIM REVIEW [ITEM 4.02 FORM 8-K]

4610 non-reliance on previously issued financial statements [item 4.02(a) form 8-k].

4610.1 An Item 4.02(a) Form 8-K should be filed when a registrant’s board of directors, committee of the board, or board authorized officer(s) concludes any previously issued financial statements should no longer be relied upon due to an accounting error.

4610.2 [Reserved]

4610.3 The staff believes that filing an Item 4.02(a) Form 8-K without also filing an Item 4.02(b) Form 8-K would be acceptable unless the auditor’s conclusion that the financial statements can no longer be relied on relates to a different error or matter from that which triggered the registrant’s filing under Item 4.02(a) Form 8-K. See the Division of Corporation Finance’s C&DIs for Exchange Act Form 8-K, Question 115.01.

4610.4 The Form 8-K should disclose:

• The date that the registrant concluded the financial statements should no longer be relied upon and identify the financial statements and years or periods covered that should no longer be relied upon;
• A description of the facts underlying the conclusion to the extent known to the registrant at the time of filing; and
• Whether the audit committee, or the board of directors in the absence of an audit committee, or authorized officer(s), discussed the disclosed matters with the registrant’s independent accountant.

4620 Non-Reliance on Previously Issued Audit Report or Completed Interim Review [Item 4.02(b) Form 8-K]

4620.1 An Item 4.02(b) Form 8-K should be filed if the registrant’s current or former independent accountant advises or notifies it must disclose or take action to prevent future reliance on a previously issued audit report or completed interim review related to previously issued financial statements.

4620.2 The filing of an Item 4.02(b) Form 8-K may, but does not necessarily, result in non-reliance on previously issued financial statements, and require the filing of an Item 4.02(a) Form 8-K. It would depend upon the underlying reasons that the accountant advised a registrant that its audit report or completed interim review should no longer be relied on.

4620.3 [Reserved]

4620.4 The Form 8-K should disclose:

• The date on which the accountant advised or notified the registrant;
• The specific financial statements that should no longer be relied upon;
• A brief description of the information provided by the accountant; and
• A statement of whether the audit committee, or the board of directors in the absence of an audit committee, or authorized officer or officers, discussed the matters disclosed in the filing under Item 4.02(b) of Form 8-K with the accountant.

4620.5 The Form 8-K should include any written notice received from the accountant as Exhibit 7.

4620.6 A registrant should provide the accountant with a copy of the disclosures the registrant is making in response to the Item 4.02(b) Form 8-K no later than the day that the disclosures are filed with the SEC.

4620.7 A registrant should request the accountant furnish the registrant as promptly as possible a letter addressed to the SEC stating whether the independent accountant agrees with the statements made by the registrant in response to the Item 4.02(b) Form 8-K and, if not, stating with what it does not agree. If the letter is not available on the date the 8-K is filed, a company should amend its previously filed Form 8-K to file the independent accountant’s letter as Exhibit 7 no later than two business days after the registrant’s receipt of the letter.

4630 Other – Prior Disclosures Regarding Disclosure Controls and Procedures

A registrant should consider whether the disclosures provided under S-K 307 in prior filings need to be modified, supplemented or corrected in order to explain whether management’s previously discussed conclusions regarding the effectiveness of DCP continue to be appropriate in light of the restated financial statements or non-reliance on a previously issued audit report or completed interim review. [Release No. 33-8810]

4700 “TO BE ISSUED” ACCOUNTANT’S REPORTS

4710 contingent upon future event or transaction.

If audited financial statements are required in a filing, the audit report should be signed and unrestricted. Generally, the staff will not make a review determination on or commence a review of a filing that does not meet that requirement. In some circumstances, however, a transaction that will occur at or immediately before the effectiveness of a registration statement is retrospectively reflected in the annual financial statements. If the transaction prevents the auditor from expressing an opinion on the financial statements at the time of filing, the staff has accepted the filing of a “draft report” in the form that it will be expressed at effectiveness. Such transactions may include, but are not limited to:

• stock splits; and
• reorganizations in which the entities comprising an IPO registrant will not be legally transferred to the registrant until immediately before effectiveness.

Another transaction where the staff has accepted the filing of a “draft report” in the form that it will be expressed at effectiveness is if there is a component that qualifies as a discontinued operation before an initial registration statement is filed but after the date of the latest balance sheet included in the initial filing. A “to-be-issued” report in this circumstance may be included when:

• The disposal of the discontinued operation has occurred;
• The audit of the financial statements, including the retrospective revision, is complete; and
• The registrant has consulted with CF to confirm that the use of the “to-be-issued” audit report is appropriate.

In these cases, the draft report should be accompanied by a signed preface of the auditor stating that it expects to be in a position to issue the report in the form presented at effectiveness. No registration statement can be declared effective until the preface is removed and the accountant’s report finalized.

4720 Contingent upon Future Underwriting Agreement

(Last updated: 6/30/2010)

An auditor may conclude that it is appropriate to include an explanatory paragraph about the registrant’s ability to continue as a going concern in the auditor’s report. The auditor may believe that upon the receipt of the proceeds from the offering that the explanatory paragraph could be removed. As the receipt of the proceeds occurs upon closing - not at effectiveness – the auditor’s report should include the explanatory paragraph that the auditor believed was appropriate at the time of effectiveness.  It would not be appropriate for the report to indicate that the explanatory paragraph would be removed at closing as that event takes place after effectiveness.

4800 OTHER MATTERS

4810 consents to the use of audit reports.

4810.1 Registrants must file a copy of the auditor’s consent to the use of its audit report or an acknowledgement letter regarding the use of its review report in any filing under the 1933 Act as an exhibit. The primary purpose of obtaining a consent or acknowledgement letter is to assure that the auditor is aware of the use of its report and the context in which it is used.

4810.2 The consent or acknowledgement letter must indicate the date and a conformed EDGAR signature. A manually signed consent or acknowledgement letter must be kept on file by the registrant.

4810.3 A new consent or acknowledgement letter is required:

• Whenever any change, other than typographical, is made to the financial statements;
• For an amendment if there have been intervening events since the prior filing that are material to the company; and
• Prior to the effectiveness of a registration statement if an extended period of time passes since the last filing.  An extended time is generally any period which is more than 30 days. (Last updated: 12/31/2010)

4810.4 1934 Act Reports

• Filing of a consent to the use of an audit report (or acknowledgment letter) is not required in 1934 Act reports, other than an annual report on Form 40-F, unless the 1934 Act report is automatically incorporated by reference into a previously filed 1933 Act filing, such as a Form S-3 or Form S-8. In addition, a consent is required in a registration statement on Form 20-F [Item 10.G of 20-F] and in registration statements and annual reports on Form 40-F.   (Last updated: 12/31/2010)
• Periodic reports on Forms 10-K and 20-F, and 1934 Act registration statements on Form 10 or Form 20-F must include a signed audit report. The signature must be a conformed EDGAR signature. [S-T 302] The original manually signed report must be kept on file by the registrant.
• Definitive proxy statements that include financial statements must have a manually signed audit report.
• A reissuance of the auditor’s report is required when a previously filed 1934 Act filing is amended to include restated financial statements or retrospectively adjusted financial statements.
• A registrant need not file an updated consent on the annual financial statements when the registrant forward incorporates a Form 10-Q into a pre-effective Form S-3. However, the auditor’s Section 11 liability extends through the effective date of the registration statement regardless of the inclusion of the updated consent. (Last updated: 9/30/2009)

4810.5 Waivers [Regulation C, Rule 437]

• In rare circumstances, such as situations involving hostile takeover attempts, a consent may be waived if the registrant submits a request to CF-OCA for a waiver and provides an affidavit complying with Rule 437 of Regulation C
• A registrant offering its own securities in a hostile exchange offer for a target's stock may seek and not be able to obtain the target's cooperation in providing either its audited financial statements or the target auditor's consent to the use of its report in the required registration statement. The acquirer/registrant should use its best efforts to obtain the target's permission and cooperation for the filing or incorporation by reference of the target's financial statements and the target auditor's consent to the inclusion of its report on the financial statements. At a minimum, a registrant is expected to write to the target requesting these items and to allow a reasonable amount of time for a response prior to effectiveness of the filing.
• If a registrant uses its best efforts but is unsuccessful in obtaining the target's permission and cooperation for the filing or incorporation by reference of its financial statements and its auditor's consent to the inclusion of its report on the financial statements, the registrant may request a waiver of the consent. The affidavit included in the request should document the specific actions taken by the registrant to obtain the cooperation of the other party for the filing as well as the efforts to obtain the auditor's consent. Correspondence evidencing the registrant's request for these items should accompany the affidavit.
• Depending on the facts and circumstances, the staff may agree to waive the requirement to include or incorporate by reference the target auditor’s audit report in the event the target is unwilling to cooperate. In that situation, disclosure should be made that, although an audit report was issued on the target’s financial statements and is included in the target’s filings, the auditor has not permitted use of its report in the registrant’s registration statement. The auditor should not be named. Any legal or practical implication for shareholders of the registrant and the target resulting from the inability to obtain the cooperation of the target or consent of the target’s auditor should be explained. No disclosure in the registration statement should expressly or implicitly disclaim the registrant’s liability for the target’s financial statements. In the event that circumstances change, the registration statement should be amended to include the audited financial statements and the auditor’s consent required by the form.

4810.6 The consent of the independent accountant is not required for a report on financial statements which is not a part of a 1933 Act registration statement under Rule 412(c) of Regulation C, like superseded financial statements.

4820 Accountant's Inability to Reissue Reports [AI 23, Interpretation 15; Regulation C, Rule 437]

4820.1 When an accounting firm ceases operations, it may be unable to reissue a prior report or give consent to the use of a prior report. A company should submit a consent waiver request under Regulation C, Rule 437 with CF-OCA if the auditor does not reissue or give consent to the use of its prior report. The guidance in Section 4810.5 regarding consent waiver requests should be followed. If the firm still exists, although it is not practicing public accounting, and has the ability to reissue or give consent to the use its prior report, a waiver may not be granted.

NOTE: The footnote to Interpretation 15 of AI 23 states a firm is considered to have ceased operations when it no longer issues audit opinions either in its own name or in the name of a successor firm. A firm may cease operations with respect to public entities and still issue audit opinions with respect to non-public entities.

4820.2 If the waiver request is granted, certain disclosures should be made in any filings or reports that include the ceased firm's audit report. The predecessor auditor’s latest signed and dated report on the financial statements should be reprinted with a legend indicating that the report is a copy of the previously issued report and that the ceased firm has not reissued the report. [AI 23.65]

4830 Successor Auditor Reports [AI 23]

4830.1 If the prior period financial statements audited by the predecessor auditor are unchanged, the successor auditor should indicate in the introductory paragraph of his or her report that the financial statements of the prior period were audited by another auditor, the date of the predecessor auditor's report, the type of report issued by the predecessor auditor, and if the report was other than a standard report, the substantive reasons for it. The successor auditor ordinarily should indicate in its report that the other auditor has ceased operations. The successor auditor should not name the predecessor auditor in the report. [AI 23.61]

4830.2 If the financial statements audited by the ceased firm are restated, the successor auditor will need to either reaudit the financial statements, or in certain cases, audit only the restatement adjustments. The successor's auditor's report should state that the predecessor auditor reported on the prior financial statements before restatement. [AI 23.66]

4830.3 A full reaudit generally is necessary when the restatement adjustments include, but are not limited to:

• Corrections of an error;
• Reflection of a change in reporting entity;
• with significant impact on previously reported amounts, or
• that affect previously reported net income or net assets;
• Reporting discontinued operations; and
• Changes affecting previously reported net income or net assets. [AI 23.70]

4830.4 If the successor auditor is engaged to audit only the restatement adjustments to the prior period financial statements that were audited by a predecessor auditor, the successor auditor must be able to form an opinion that the adjustments are appropriate and have been properly applied. In determining whether he or she can form such an opinion, the successor auditor should consider the extent of the adjustments, the reason for the adjustments, and the cooperation of the predecessor auditor. [PCAOB Staff Questions and Answers, "Adjustments to Prior-Period Financial Statements Audited by a Predecessor Auditor", Question 4]

4830.5 If the successor auditor is able to satisfy him or herself as to the appropriateness of the restatement adjustments, he or she may report on the restatement adjustments pursuant to the guidance in AS 3105.58. [AI 23.71]

4830.6 A successor auditor may audit the restatement adjustments in prior period financial statements audited by a predecessor auditor that has not ceased operations, so long as the auditor is independent and registered with the PCAOB.

4830.7 An auditor that is subsequently determined to be no longer independent of its client may reissue previously issued reports and consents to the use of those previously issued reports, as long as it was independent at the time of original issuance of the report. An auditor may perform the normal subsequent events procedures required by AS 4101 prior to reissuing a report. Situations in which other audit work would be necessary to reissue the report should be discussed with OCA prior to filing.

4840 Accountant's Refusal to Reissue Reports

4840.1 The staff is not in a position to evaluate the reasons for an accountant's refusal to reissue its report and will not intervene in disputes between registrants and their auditors. Moreover, the staff will not waive the requirements for the audit report, the accountant's consent to the use of its audit report, or the naming of the accountant as an expert in filings. If a registrant is unable to reuse the previously issued audit report in a current filing, the registrant must engage another accountant to reaudit those financial statements.

4850 Illegal Acts

Section 10A of the 1934 Act requires that auditors report in a timely manner certain uncorrected illegal acts to a registrant's board of directors. It further requires the registrant, or the auditor if the registrant fails to do so, to provide information regarding the illegal act to OCA. For additional information, see Notices required under Section 10A-1 of Exchange Act . (Last updated: 10/30/2020)

4860 Signatures

Wherever a signature is required, typed signatures or duplicated or facsimile versions of the manually signed document may be used. In any of these cases, each signatory must manually sign the document authenticating, acknowledging or otherwise adopting the signature that appears in the filing before or at the time that the filing is made, and the manually signed document must be retained by the filer for five years. A copy of this document must be furnished to the SEC upon request. [S-T 302] In certain instances, an auditor may reissue its audit report. If the reissued report is included in a filing, it must be manually signed as described above. (Last updated: 12/31/2010)

4870 Selected Financial Data

4870.1 An auditor may be engaged to report on selected financial data using the guidance of AS 3315. Unless the auditor reports on selected financial data using the guidelines in AS 3315, the information should not be labeled or described as audited. However, it would be acceptable to state that the information is derived from audited financial statements.

4870.2 If an auditor was engaged to report on the selected financial data, the form of report specified by AS 3315 should be included in the filing and the auditor's consent to the report should make reference to its applicability to the selected financial data.

[1] This table describes the staff’s application of PCAOB registration requirements for an auditor whose report is included in a filing with the SEC. There are instances, not included in the table, when a principal auditor will use the work of another auditor and take responsibility for the other auditor’s work. In these instances, the other auditor’s report is not included in the filing with the SEC. The determination of whether the other auditor must be registered with the PCAOB is made by reference to the Sarbanes-Oxley Act and the PCAOB’s rules. In all such instances the principal auditor is responsible for performing the audit in accordance with PCAOB standards.

[2] The term ‘issuer’ means an issuer (as defined in Section 3 of the 1934 Act), the securities of which are registered under Section 12 of that Act, or that is required to file reports under Section 15(d) of that Act, or that files or has filed a registration statement that has not yet become effective under the 1933 Act, and that it has not withdrawn. See Section 2(a)(7) of the Sarbanes Oxley Act and PCAOB Rule 1001.

[3] The auditor of the financial statements of the non-issuer entity must be registered if, in performing the audit, the auditor played a “substantial role” in the audit of the issuer, as that term is defined in PCAOB Rule 1001(p)(ii). If the “substantial role” test is not met, the firm is not required to be registered. The inclusion or exclusion of such a report under S-X 2-05 does not affect this determination.

[4] S-X 2-02 requires that the auditor’s report state the applicable professional standards under which the audit was conducted. Under S-X 1-02 an audit of the financial statements of an issuer means an examination by an independent accountant in accordance with the standards of the PCAOB. In the situation identified in the chart above, the view of the SEC staff is that the applicable professional standards in S-X 2-02, as applied to the other auditor’s report, relates to an issuer and, therefore, the other auditor’s report must refer to the standards of the PCAOB.

[5] If a principal auditor is making reference to another auditor’s report on the financial statements of the non-issuer entity, the other auditor’s report must refer to the standards of the PCAOB. See footnote 4 above. If a principal auditor does not make reference to another auditor’s report on the financial statements of the non-issuer entity, the other auditor’s report need not refer to the standards of the PCAOB.

[6] The entity is itself an issuer and so must comply with the rules applicable to issuers.

• Find Flashcards
• Why It Works
• Tutors & resellers
• Content partnerships
• Teachers & professors
• Employee training

Brainscape's Knowledge Genome TM

Entrance exams, professional certifications.

• Foreign Languages
• Medical & Nursing

Humanities & Social Studies

Mathematics, health & fitness, business & finance, technology & engineering, food & beverage, random knowledge, see full index, internal control—required communications flashcards preview, internal control > internal control—required communications > flashcards.

After testing a client’s internal control activities, an auditor discovers a number of significant deficiencies in the operation of a client’s internal control. Under these circumstances the auditor most likely would

Issue a disclaimer of opinion about the internal control as part of the auditor’s report.

Increase the assessment of control risk and increase the extent of substantive tests.

Issue a qualified opinion of this finding as part of the auditor’s report.

Withdraw from the audit because the internal control is ineffective.

This answer is correct because such deficiencies suggest the possibility of misstatement, and accordingly suggest the need for an increase in the assessment of control risk, with a corresponding increase in the scope of substantive procedures.

A material weakness involves a reasonable possibility that what size misstatement will not be prevented or detected?

Immaterial. Material. More than inconsequential. Substantial.

This answer is correct because a material amount is necessary under the professional standards definition of a material weakness.

Which of the following statements is correct concerning an auditor’s communication on internal control related matters noted in an audit of a nonpublic company?

The auditor may issue a written report to the audit committee representing that no significant deficiencies were noted during the audit.

Significant deficiencies should not be re-communicated each year if the audit committee has acknowledged its understanding of such deficiencies.

Significant deficiencies may not be communicated in a document that contains suggestions regarding activities that concern other topics such as business strategies or administrative efficiencies.

The auditor may choose to communicate significant control-related matters either during the course of the audit or up to 60 days after the audit report release date.

This answer is correct because the auditor may choose to communicate significant deficiencies during the course of the audit or after the audit is concluded. This decision is influenced by the relative significance of the significant deficiencies and the urgency of corrective follow-up action.

Which of the following are correct concerning the likelihood of loss and the potential amount involved with a material weakness? Likelihood of loss

Potential amount involved

Probable More than inconsequential

Probable Material

Reasonable possibility More than inconsequential

Reasonable possibility Material

This answer is correct because the professional standards indicate that a material weakness has more than a reasonable possibility of resulting in a material misstatement.

Which of the following is true regarding significant deficiencies?

Auditors must search for them.

Auditors should communicate them to the audit committee.

They must be included in the financial statements.

They must be disclosed in footnotes.

This answer is correct because they should be communicated to the audit committee.

The auditor who becomes aware of a material weakness related to internal control is required to communicate this to the

Management and those charged with governance.

Senior management and the chief financial officer.

Board of directors and internal auditors.

Internal auditors and senior management.

This answer is correct because the professional standards require the auditor to communicate to management and those charged with governance material weaknesses that come to his/her attention during the examination of financial statements.

During the audit the independent auditor identified the existence of a significant deficiency in the client’s internal control and communicated this finding in writing to the client’s management and to those charged with governance. The auditor should

Consider the significant deficiency a scope limitation and therefore disclaim an opinion.

Document the matter in the working papers and consider the effects of the condition on the audit.

Suspend all audit activities pending directions from the client’s audit committee.

Withdraw from the engagement.

This answer is correct because the auditor considers and documents his/her understanding of internal control to assist in determining the proper nature, timing, and extent of substantive tests.

An auditor’s letter issued on significant deficiencies relating to an entity’s internal control observed during a financial statement audit should

Include a brief description of the tests of controls performed in searching for significant deficiencies and material weaknesses.

Indicate that the significant deficiencies should be disclosed in the annual report to the entity’s shareholders.

Include a paragraph describing management’s assertion concerning the effectiveness of internal control.

Indicate that the audit’s purpose was to report on the financial statements and not to express an opinion on internal control.

The requirement is to identify the statement that should be included in an auditor’s letter on significant deficiencies. Answer (d) is correct because AU-C 265 indicates that such a letter to the audit committee should (1) indicate that the audit’s purpose was to report on the financial statements and not to express an opinion on internal control, (2) include the definition of a significant deficiency, and (3) restrict distribution of the report.

Which of the following representations should not be included in a report on internal control related matters noted in an audit?

Significant deficiencies related to internal control exist.

There are no significant deficiencies in the design or operation of internal control.

Corrective follow-up action is recommended due to the relative significance of material weaknesses discovered during the audit.

The auditor’s consideration of internal control would not necessarily disclose all significant deficiencies that exist.

The requirement is to determine the representation that should not be included in a report on internal control related matters noted in an audit. Answer (b) is correct because the auditors should not issue a report on internal control stating that no significant deficiencies were identified during the audit. Answer (a) is incorrect because significant deficiencies should be disclosed. Answer (c) is incorrect because an auditor may recommend corrective follow-up action. Answer (d) is incorrect because an auditor may disclose the fact that the consideration of internal control would not necessarily disclose all significant deficiencies that exist.

Which of the following statements is correct concerning significant deficiencies noted in an audit?

Significant deficiencies are material weaknesses in the design or operation of specific internal control structure elements.

The auditor is obligated to search for significant deficiencies that could adversely affect the entity’s ability to record and report financial data.

Significant deficiencies should not be recommunicated each year unless management has failed to acknowledge its understanding of such deficiencies.

The auditor should separately identify and communicate significant deficiencies and material weaknesses.

Professional standards define “material weaknesses” and “significant deficiencies,” and provide a sample written communication about internal control matters noted in an audit that separately reports material weaknesses and significant deficiencies if both categories of deficiencies have been identified in an audit of an entity’s financial statements.

The auditor is required to communicate each of the following items to those charged with governance except

An overview of the planned scope and timing of the audit.

The auditor’s responsibilities to complete the audit in accordance with generally accepted auditing standards.

All control deficiencies detected during the course of the audit.

Any significant findings from the audit.

CORRECT! AICPA Professional Standards (specifically, Communicating Internal Control Related Matters Identified in an Audit) requires the auditor to communicate to those charged with governance any “significant deficiencies” in internal control identified by the auditor. The auditor is not required to communicate all control deficiencies identified.

Significant deficiencies are matters that come to an auditor’s attention that should be communicated to an entity’s audit committee (or those charged with governance) because they represent

Disclosures of information that significantly contradict the auditor’s going concern assumption.

Material irregularities or illegal acts perpetrated by high-level management.

Significant deficiencies in the design or operation of internal control.

Manipulation or falsification of accounting records or documents from which financial statements are prepared.

Significant deficiencies should be reported to the audit committee because they are significant deficiencies in the design or operation of internal control that could adversely affect the entity’s financial reporting process.

A letter issued regarding significant deficiencies relating to an entity’s internal control observed during an audit of financial statements should include a

Restriction on the distribution of the report.

Description of tests performed to search for material weaknesses.

Statement of compliance with applicable laws and regulations.

Paragraph describing management’s evaluation of the effectiveness of the control structure.

Letters on significant deficiencies are restricted as to distribution. The letters are intended solely for the use of the audit committee (or those charged with governance), management, and others within the organization.

Which of the following factors should an auditor consider in making a judgment about whether an internal control deficiency is so significant that it is a significant deficiency?

I. Diversity of the entity’s business.

II. Size of the entity’s operations.

I only. II only. Both I and II. Neither I nor II.

Both I and II.

A significant deficiency is a control deficiency in the design or operation of internal control that can adversely affect the entity’s ability to initiate, record, process, and report financial data in the financial statements.

Factors to be considered in evaluating deficiencies include the entity’s size, its complexity, and the nature and diversity of its business activities.

The correct answer is C - both the diversity of the entity’s business and the size of the entity’s operations would be considered.

Significant deficiencies related to internal control design exist, but none is deemed to be a material weakness.

There are no significant deficiencies in the design or operation of the internal control structure.

An auditor is not allowed to issue a report indicating that no significant deficiencies were found. Such a report might be misinterpreted.

Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee (or otherwise those charged with governance)?

Management’s failure to renegotiate unfavorable long-term purchase commitments.

Recurring operating losses that may indicate going concern problems.

Evidence of a lack of objectivity by those responsible for accounting decisions.

Management’s current plans to reduce its ownership equity in the entity.

A significant deficiency is a control deficiency in the design or operation of internal control that can adversely affect the financial statements.

If those responsible for accounting decisions appear to lack objectivity, the resultant accounting decisions may result in material misstatements of the financial statements.

For example, revenue recognition decisions might be made to increase current period net income (and managerial bonuses).

When reporting on conditions relating to an entity’s internal control observed during an audit of the financial statements, the auditor should include a

Statement of positive assurance on the structure.

Paragraph describing the inherent limitations of the structure.

A report on internal control related conditions should include a restriction on the distribution of the report. The report should be limited to the information and the use of the audit committee, management (or those in governance), and others within the organization.

Which of the following statements concerning an auditor’s communication of significant deficiencies is correct?

The auditor should request a meeting with management one level above the source of the significant deficiencies to discuss suggestions for remedial action.

Any report issued on significant deficiencies should indicate that providing assurance on the internal control structure was not the purpose of the audit.

Significant deficiencies discovered and communicated at an interim date should be reexamined with tests of controls before completing the engagement.

Suggestions concerning administration efficiencies and business strategies should not be communicated in the same report with significant deficiencies.

The auditor’s report on significant deficiencies should indicate that the purpose of the audit was to report on the financial statements and not to provide assurance on the internal control structure.

To what degree, if at all, is a significant deficiency related to a material weakness?

It is less severe than a material weakness.

It is more severe than a material weakness.

It is unrelated to a material weakness.

It is equivalent to a material weakness.

CORRECT! The definition of a significant deficiency states that a significant deficiency is less severe than a material weakness.

Which of the following matters in a financial statement audit is most appropriate to communicate with those charged with governance?

Clearance explanations of workpaper review notes

Major variances in budgeted versus actual audit hours

The nature and timing of detailed audit procedures

An overview of the planned scope and timing of the audit

CORRECT! The auditor would appropriately discuss the planned scope and timing of the audit at a fairly general (strategic) level with those charged with governance.

Decks in Internal Control Class (10):

• Obtaining Understanding Of I/C
• Evaluating Internal Control
• Assessing Control Risk Under Aicpa Standards
• Performing Procedures In Response To Assessed Risks
• Internal Control—Required Communications
• Using The Work Of An Internal Audit Function
• Specific Transaction Cycles
• Revenue/Receipts—Sales
• Revenue/Receipts—Cash
• Expenditures/Disbursements
• Corporate Training
• Teachers & Schools
• Android App
• Help Center
• Law Education
• All Subjects A-Z
• All Certified Classes
• Earn Money!

With 783 million people going hungry, a fifth of all food goes to waste

Facebook Twitter Print Email

While a third of humanity faces food insecurity, an equivalent of one billion meals go to waste every day, a new report by the UN environment agency (UNEP) revealed on Wednesday. One fifth of food is thrown away.

The UN Environment Programme’s  Food Waste Index Report 2024 highlights that latest data from 2022 shows 1.05 billion tonnes of food went to waste.

Some 19 per cent of food available to consumers was lost overall  at retail, food service, and household levels.

That is in addition to around 13 per cent of food lost in the supply chain , as estimated by the UN Food and Agriculture Organization ( FAO ), from post-harvest up to the point of sale. 

‘Global tragedy’

“Food waste is a global tragedy. Millions will go hungry today as food is wasted across the world,” said Inger Andersen, Executive Director of UNEP , explaining that this ongoing issue not only impacts the global economy but also exacerbates climate change, biodiversity loss, and pollution.

Most of the world’s food waste comes from households, totalling 631 million tonnes – or up to 60 per cent - of the total food squandered. The food service and retail sectors were responsible for 290 and 131 million tonnes accordingly.

On average, each person wastes 79 kilogrammes of food annually . This is the equivalent of 1.3 meals every day for everyone in the world impacted by hunger, the report authors underscore.

Not just a ‘rich country’ problem

The problem is not confined to affluent nations. Following a near doubling of data coverage since the 2021 Food Waste Index Report was published, there has been increased convergence between rich and poor.

High-income, upper-middle income, and lower-middle income countries differ in average levels of household food waste by just seven kilogrammes per capita per year. 

The bigger divide comes in the variations between urban and rural populations .

In middle-income countries, for example, rural areas are generally wasting less. One possible explanation is in the recycling of food scraps for pets, animal feed, and home composting in the countryside. 

The report recommends focusing efforts on strengthening food waste reduction and composting in cities. 

Waste and climate change

There is a direct correlation between average temperatures and food waste levels, the report finds.

Hotter countries appear to have more food waste per capita in households, potentially due to increased consumption of fresh foods containing fewer edible parts and a lack of robust refrigeration and preservation solutions.

Higher seasonal temperatures, extreme heat events, and droughts make it more challenging to store, process, transport, and sell food safely, often leading to a significant volume of food being wasted or lost.

Since food loss and waste generates up to 10 per cent of global greenhouse gas emissions – almost five times the total emissions compared to the aviation sector – reducing emissions from food waste is essential, UNEP expert believe. 

Food for hope

There is room for optimism, the report suggests: public-private partnerships to reduce food waste and impacts on climate and water stress are being embraced by a steadily growing number of governments of all levels.

Examples include Japan and the UK with reductions of 18 per cent and 31 per cent respectively , showing that change at scale is possible, if food is rationed properly. 

Published ahead of the  International Day of Zero Waste , the UNEP Food Waste Index Report, has been co-authored with WRAP, a UK climate action NGO.

It provides the most accurate global estimate on food waste at retail and consumer levels, offering countries guidance on improving data collection and best practices, in line with the Sustainable Development Goal 12.3 of halving food waste by 2030 .

• climate action

Advertisement

Engineers Raise Questions About Bridge’s Construction as Inquiry Begins

In reviewing images of the Francis Scott Key Bridge, some structural engineers said that its piers, which are essential to the structure’s integrity, appeared to lack protective barriers.

• Share full article

By James Glanz and Annie Correal

• March 26, 2024

The large container ship that collided with the Key Bridge in Baltimore, leading to its near-total collapse, appeared to strike a critical component, known as a pylon or pier, according to several engineers who have reviewed footage of the incident.

Without the pier, they said, it was impossible for other components of the bridge to assume the load and keep the bridge standing.

The piers on a bridge act as a kind of leg and are what is known as “nonredundant” parts of a bridge’s structure. If a pier is somehow taken out, there is nothing to compensate for the missing structural support, and a collapse of the bridge is all but inevitable, most of the analysts said.

How Fenders Might Have Protected Against Bridge Collapse

The Francis Scott Key Bridge did not have an obvious fender system, or protective barriers, to redirect or prevent a ship from crashing into the bridge piers.

Yet the collapse in Baltimore on Tuesday might have been avoided, some of the engineers said, if the piers had been better able to block, deflect or withstand such a collision. And some of the engineers questioned whether the bridge’s piers had adequate blocking devices that are known with a self-explanatory name: fenders.

In bridge engineering, fenders can be anything from simple pyramids of rocks piled around the pylons to major concrete rings padded with slats of wood, designed to shield the bridge’s supports from damage by water or collisions.

It was not clear whether any such protection built around the bridge’s piers was sufficient to guard against even a glancing hit from a 95,000-gross-ton container vessel.

And the U.S. secretary of transportation, Pete Buttigieg, expressed doubt on Tuesday that any bridge could have withstood such a serious collision.

“This is a unique circumstance. I do not know of a bridge that has been constructed to withstand a direct impact from a vessel of this size,” he told reporters.

Yet a different perspective emerged in initial comments by the investigators who will be sorting out what happened in the collapse.

Jennifer Homendy, the chair of the National Transportation Safety Board, said protective structures would be a part of the investigation into the collapse. “There’s some questions about the structure of the bridge — protective structure around the bridge or around the piers to make sure there isn’t a collapse,” she said, responding to a reporter’s question.

“We are aware of what a structure should have. Part of our investigation will be how was this bridge constructed? It will look at the structure itself. Should there be any sort of safety improvements? All of that will be part of our investigation.”

The Maryland Transportation Authority did not immediately respond to a request for comment on the design of the piers in Baltimore, and did not say whether any fenders were installed to protect them.

Between 1960 and 2015, there were 35 major bridge collapses worldwide because of ship or barge collisions, resulting in the deaths of 342 people, according to a 2018 report from the World Association for Waterborne Transport Infrastructure, a scientific and technical organization.

The deadliest crash took place in 1983, when a passenger ship collided with a railroad bridge on the Volga River in Russia, killing 176 people, according to the report.

It was only after “a marked increase in the frequency and severity of vessel collisions with bridges” that attempts to study and address the risks were initiated in the 1980s, said the report’s authors, Michael Knott and Mikele Winters.

A widely circulated video of the Key Bridge failure drew attention to the disastrous collapse of the upper bridge structure. But engineers who reviewed the footage said that did not appear to be the culprit in the disaster. Instead, they said, the superstructure failure was most likely a secondary effect of the pier crumbling beneath it after the collision.

Engineers who reviewed images of the bridge both before and after the collapse said no significant fender structures were visible. Only fairly small structures were visible in photos taken at the foot of the pier, and they did not appear to be substantial enough to be able to stop a large ship, some of them said. They said the structures may have served another purpose entirely — like preventing water from scouring and undermining the pier’s foundation.

Benjamin W. Schafer, a professor of engineering at Johns Hopkins University, said, after looking at images of the bridge taken before the disaster, “If you zoom further out, you can see these large cylinders that sort of define the shipping channel. They are to direct the ships and they are part of the bridge structure. Some would say those are protective structures. But I haven’t seen any evidence of fenders myself.”

In some bridges, engineers may elect, instead of fendering, “the alternative of making the pier exceptionally strong,” said Shankar Nair, a structural engineer with over half a century of experience who is a member of the National Academy of Engineering. But the visual evidence so far, he and others said, suggested that the pier was simply not strong enough to survive the collision.

The structure’s apparent vulnerability left some engineers dumbfounded.

“This is a huge shock,” Dr. Nair said. “A bridge of that size and importance should not collapse when hit by an errant vessel.”

The importance of sturdy fenders on bridge piers was backed up by a similar accident that occurred in 2013 when a 752-foot-long tanker collided with a support of the San Francisco-Oakland Bay Bridge. According to a National Transportation Safety Board report on the incident, the support stood — although $1.4 million in damage was done to the fendering system, which cushioned the impact.

In other cases when collisions lead to full or partial collapses, shortcomings in the fendering system are usually involved, said Matthys Levy, a longtime structural engineer and co-author of “Why Buildings Fall Down.”

“It’s usually an issue of fendering,” Mr. Levy said. “The fendering is not strong enough.”

According to a description of the Key Bridge by an American Society of Civil Engineers manual, the 8,636-foot-long structure in Baltimore was opened to traffic in 1977. The steel span above it, a design known as a truss, can be vulnerable to failure itself — damage to individual elements of the truss can theoretically cascade into a wider collapse. But that did not appear to be the case in Baltimore, engineers who reviewed the footage said: The truss, they said, was simply unable to remain intact when the pier was taken out beneath it.

Tuesday’s collapse raises the question “of how vulnerable are the piers and what is done or should have been done to protect them in the event of something like this,” said Donald O. Dusenberry, a consulting engineer who has investigated many bridge failures.

Mr. Dusenberry, in pointing to the issue of fender protection, said that it was impossible to make a full determination of what was installed without reviewing structural drawings of the bridge.

But images taken before the disaster, he said, suggested that small barriers that could be seen rising around the bridge’s piers, roughly at water level, would be unlikely to be able to stop a large ship. Effective fenders, he said, had to be far enough from the pier to keep the bow of a large ship from striking the pier, and large enough to absorb the energy of a collision. Assuming nothing had changed since the prior pictures were taken, he said, the visible structures did not seem up to that task.

“Maybe it would stop a ferry or something like that,” he said. “Not a massive, oceangoing cargo ship.”

One of the catastrophes prompting scrutiny of the issue of bridge collisions was the collapse of the Sunshine Skyway Bridge in Tampa, Fla., in 1980.

The structure collapsed when a cargo ship hit a pier, bringing down part of the main span and killing 35 people. Seven years later, a shrimp boat hit a bumper erected on the bridge built to replace it.

While catastrophic collisions garner the most attention, vessel collision accidents with bridges are not uncommon and regularly cause damage that, according to the 2018 report, “varies from minor to significant but does not necessarily result in collapse of the structure or loss of life.”

Mr. Schafer, the professor of engineering at Johns Hopkins, said fenders were undeniably important to preventing catastrophic collisions but that the size of the vessel that hits a bridge plays a critical role.

“When people think about fenders, they’re thinking about something that is similar in scale, in size, to the supporting concrete structure itself,” Mr. Schafer said. “So, you know, if that is 30-feet across, you might think of a fender which is like 30 feet as well. Right?”

The problem, he said, comes with trying to design protection against something so large as a container ship. “Could we design something that’s big enough to divert a runaway cargo ship? Yes. Would it be of a scale that’s practical? Probably not.”

Rather than build bigger fenders, Mr. Schafer said, the key is to divert ships before they get dangerously close to the piers and fenders. “That would be the physical answer,” he said. “The better answer is to have the people and the processes in place, so it never happens .”

James Glanz is a Times international and investigative reporter covering major disasters, conflict and deadly failures of technology. More about James Glanz

Annie Correal reports from the U.S. and Latin America for The Times. More about Annie Correal

Australian Defence Force chief Angus Campbell issues unreserved apology for 'deficiencies' in supporting veterans at royal commission

The chief of the Australian Defence Force has issued an unreserved apology for "deficiencies" in providing wellbeing support and care for veterans during and after their service and says he is committed to "doing better".

General Angus Campbell is appearing before the long-running Royal Commission into Defence and Veteran Suicide, which is in its final week of public hearings.

He began his evidence with an opening statement which acknowledged failings.

"Our people deserve and should rightly expect the wellbeing support and care they need both during and after their service," General Campbell said.

"I acknowledge that this has not always been the case and has tragically led to the deaths by suicide of some of our people.

"I apologise unreservedly for these deficiencies.

"Defence is committed and I am committed to doing better."

General Campbell said the courage of those who have come forward to share experiences with the commission was "deeply admirable".

He said he appreciated the efforts of those who have contributed to his learning and the force's "deeper understanding" of suicide and its "enduring aftermath".

Under questioning from Counsel Assisting, Erin Longbottom KC, he also acknowledged he was accountable for "everything that happens in the defence force and everything that does not happen in the defence force".

General Campbell previously appeared before the royal commission in June 2022, where he admitted defence was not doing enough to address veteran suicide.

Defence needs 'culture of organisational accountability'

Ms Longbottom put to General Campbell that the royal commission was not the first inquiry to explore issues connected to mental health and suicide prevention within the defence community.

He accepted there were some 22 reports and inquiries that have examined the issue over 16 years.

But he disagreed that Defence waited until 2022 or 2023 to start "in earnest" initiatives to improve the experience of personnel.

Ms Longbottom asked why the newly established mental health and wellbeing branch could not have been set up before last year.

General Campbell said Defence was previously coming from a "disaggregated perspective".

"What we have been doing, certainly through my tenure, is trying to systematically build the aggregated capacity to act as an enterprise and to generate consistently high quality outcomes by an enterprise view," he said.

General Campbell also accepted that suicide and suicidality is a "significant adverse event" that Defence must confront.

He agreed with Ms Longbottom's propositions that it requires more than a "procedural response" and there is a need for a "culture of organisational accountability".

On his way into the hearing, General Campbell told the media the royal commission was "critically important".

"Defence is determined to learn from and to improve our support to our people," he said.

The inquiry is due to deliver its final report in September.

• X (formerly Twitter)

Related Stories

Senator lambie receives at least two reports about veteran suicide every day, inquiry hears.

'They left me on my own': Former navy diver alleges the ADF tried to discredit him in Defence Royal Commission

Government to front veterans royal commission as soldiers warn of 'Canberra cover-up'

• Defence Forces
• Royal Commissions

• International

March 26, 2024 - Baltimore Key Bridge collapses after ship collision

By Helen Regan , Kathleen Magramo , Antoinette Radford, Alisha Ebrahimji , Maureen Chowdhury , Rachel Ramirez , Elise Hammond , Aditi Sangal , Tori B. Powell , Piper Hudspeth Blackburn and Kathleen Magramo , CNN

Our live coverage of the Baltimore bridge collapse has moved here .

Crew member on DALI said everyone on board was safe hours after bridge collapse, official says

From CNN’s Amy Simonson

A crew member on the DALI cargo ship sent a message hours after the Francis Scott Key Bridge collapsed Tuesday saying everybody on board was safe, according to Apostleship of the Sea director Andy Middleton.

Middleton, who spent time with the captain of the DALI Monday, told CNN’s Laura Coates he reached out to a crew member after hearing about the incident Tuesday morning. 

He said there were 22 members aboard the ship from India who were setting sail earlier Tuesday morning and were heading toward Sri Lanka.

“I was able to reach out to a crew member very early this morning around 5:30 (a.m. ET) or 6 (a.m. ET) and get a message to them asking if they were OK,” he said. “That crew member responded within just a few minutes advising that the crew was safe, and everybody that [was] on board was safe.”

Middleton was told by the ship's captain Monday that the vessel was going to take a longer route to avoid risks along the Yemen coast.

“When I was out with the captain yesterday, we were talking while we were driving, and he advised that they were sailing down and around the tip of South Africa in order to avoid the incidents that are going on off the Yemen coast, and it was a safer way to go,” he said.

Middleton said the  Apostleship of the Sea  is a ministry to seafarers with members that spend time in the port and on the vessels as a friendly face to the seafarers that visit the Port of Baltimore, “taking care of their needs to make sure that they're reminded of their God-given human dignity when they're here in Baltimore.”

Search operation ends in "heartbreaking conclusion," Maryland governor says. Here's the latest

From CNN staff

Six people, who were believed to be part of a road construction crew, are presumed dead after Baltimore's Francis Scott Key Bridge collapsed early Tuesday morning. The collapse came after a 984-foot cargo ship hit the bridge's pillar.

Maryland Gov. Wes Moore told reporters Tuesday evening it's a "really heartbreaking conclusion to a challenging day."

Late Tuesday, it was discovered that two of the construction workers who went missing after the bridge collapsed were from Guatemala , the country's Ministry of Foreign Affairs said late Tuesday.

Here's what you should know to get up to speed:

• The victims: Eight people were on the bridge  when it fell, according to officials. At least two people were rescued — one was taken to the hospital and was later  discharged , fire official and the medical center said.
• The incident: Video shows the moment the entire bridge structure falls into the water, as the ship hits one of the bridge's pillars. CNN analysis shows that the  ships lights flickered  and it veered off course before it hit the bridge. Maryland Gov. Wes Moore said the crew on the ship were able to issue a "mayday" before colliding into the bridge, which allowed the authorities to stop incoming traffic from going onto the bridge.
• Response efforts: Earlier, dive teams from various state and local agencies were brought in to assist in search-and-rescue operations, according to Maryland State Police Secretary Col. Roland L. Butler Jr.. The mission started with 50 personnel and continued to grow before the Coast Guard announced Tuesday evening that it was suspending its active search-and-rescue operation and transitioning to a "different phase."
• The investigation: Authorities are still working to establish exactly how the crash occurred. The National Transportation Safety Board will look into  how the bridge was built  and investigate the structure itself. It will "take time to dig through" whether the bridge had ever been  flagged for any safety deficiencies , NTSB Chair Jennifer Homendy said.
• Rebuilding the bridge: US Sen. Chris Van Hollen said the path to rebuilding the bridge will be "long and expensive." Senior White House adviser Tom Perez told reporters Tuesday “it’s too early” to tell how long it will take to rebuild the bridge. President Joe Biden said Tuesday he wants the federal government to bear the full cost of rebuilding the collapsed bridge, noting that it will not wait for the company who owns the container ship DALI to shoulder the costs. Funding could come from the Federal Highway Administration as well as the Bipartisan Infrastructure Law, but it may require additional funding from Congress.

2 of the missing construction workers from bridge collapse were from Guatemala, foreign ministry says

From CNN’s Allison Gordon, Flora Charner and Amy Simonson

Two of the construction workers missing from the bridge collapse in Baltimore were from Guatemala, the country's Ministry of Foreign Affairs said in a statement late Tuesday.

Those missing included a 26-year-old originally from San Luis, Petén. The other is a 35-year-old from Camotán, Chiquimula, the statement said.

The ministry said both were part of a work team “repairing the asphalt on the bridge at the time of the accident.”

The statement did not name the two people missing, but it said the country’s consul general in Maryland “went to the area where the families of those affected are located,” where he hopes to be able to meet with the brothers of both missing people.

The consulate   also issued a statement Tuesday saying its consul general in Maryland "remains in contact with local authorities," and also confirmed that two of those missing "were of Guatemalan origin.”

Six people, who were believed to be part of a road construction crew, are presumed dead after Baltimore's Francis Scott Key Bridge collapsed early Tuesday morning when a cargo ship hit the bridge's pillar.

State and federal officials have not released information about the identities of any of the six missing workers.

Underwater mapping of bridge collapse area to begin Wednesday, Baltimore fire chief says

From CNN's Jennifer Henderson

Search operations near the Key Bridge collapse have shut down for the night due to dangerous conditions, but the process of underwater mapping with many local, state and federal dive teams will begin Wednesday, Baltimore City Fire Chief James Wallace told CNN’s Anderson Cooper Tuesday night.

Wallace said the portion of the Patapsco River is “tidal influenced, so it goes through tide cycles just like the open waters of the Chesapeake Bay does.”

The water depths in the area under the bridge vary from 40 feet to more than 60 feet, Wallace said. The deeper the divers go, the colder the temperatures they encounter, and the visibility is zero, he added.

 Wallace said when crews arrived Tuesday morning, the surface water temperatures of the Patapsco River were about 47 degrees with an air temperature of 44-45 degrees.

Here's what you should know about the historic Francis Scott Key Bridge

The Francis Scott Key Bridge collapsed early Tuesday after a massive container ship lost power and crashed into the iconic Baltimore bridge, sending people and vehicles into the frigid Patapsco River.

Six people, believed to be part of a road construction crew, are presumed dead and the Coast Guard has ended its active search and rescue mission.

Here's what you should know about the historic bridge:

• How old?: The Francis Scott Key Bridge, also referred to as just the Key Bridge, opened to traffic in March 1977 and is the final link in the Baltimore Beltway, according to the Maryland Transportation Authority (MDTA.) It crosses over the 50-foot-deep Patapsco River, where former US attorney Francis Scott Key found inspiration to write the lyrics to the Star Spangled Banner, the MDTA says.
• How long?: The bridge was 1.6 miles long when standing, MDTA reports.
• Traffic volume: More than 30,000 people commuted daily on the bridge, according to Maryland Gov. Wes Moore.
• How much did it cost?: The bridge cost $60.3 million to build, MDTA says. Since its collapse, President Joe Biden said he’s committed to helping rebuild the bridge as soon as possible.
• About the port: Baltimore ranks as the ninth biggest US port for international cargo. It handled a record 52.3 million tons, valued at $80.8 billion, in 2023. According to the Maryland state government, the port supports 15,330 direct jobs and 139,180 jobs in related services.
• About the ship: The bridge collapsed after a container vessel called Dali collided with one of its supports. Dali is operated by Singapore-based Synergy Group but had been chartered to carry cargo by Danish shipping giant Maersk . The ship is about 984 feet long , according to MarineTraffic data. That’s the length of almost three football fields.

Baltimore woman says bridge collapse was "like a piece of family dissolved"

From CNN's Kit Maher

For longtime Baltimore resident, Ceely, who opted not to share her last name, seeing footage of the Francis Scott Key Bridge collapse  Tuesday was deeply personal.

“I was very heavy-hearted,” Ceely told CNN. “Very tearful, thinking about the families whose loved ones may be in the water and just remembering when the bridge was constructed, and it was just like a piece of family dissolved.”

Ceely was at a prayer group Tuesday morning when she saw the news. She recalled being afraid when she first crossed the bridge while in Ford Maverick in 1975, but grew to like it because it saved time on the road.

“It was a main artery just like a blood line. It was a main artery to the other side of town. It was awesome. It beat going through the city all the time,” she said.

Elder Rashad A. Singletary , a senior pastor who led Tuesday night’s vigil at Mt. Olive Baptist Church told CNN that many church members watched the bridge's construction.

"It’s a part of the community. A lot of our individuals in our congregation drive that bridge to go to work, and so now it’s really a life changing moment,” he said.

"Heartbreaking conclusion to a challenging day," Maryland governor says as Coast Guard ended search operation

From CNN's Aditi Sangal

More than 18 hours after the collapse of the Baltimore bridge, Maryland Gov. Wes Moore said it was a heartbreaking conclusion after the Coast Guard ended the search-and-rescue operation for the six people who were on the bridge when it collapsed.

It's a "really heartbreaking conclusion to a challenging day," he said.

"We put every single asset possible — air, land and sea" to find the missing people, he told reporters on Tuesday evening. "While even though we're moving on now to a recovery mission, we're still fully committed to making sure that we're going to use every single asset to now bring a sense of closure to the families," the governor added.

6 people presumed dead after Baltimore bridge collapse, Coast Guard says. Here's what we know

As the sun sets in Baltimore, six people are presumed dead after a major bridge collapsed overnight Tuesday, according to the Coast Guard. The Francis Scott Key Bridge came down around 1:30 a.m. ET after a cargo ship collided with it.

The Coast Guard said it has ended its active search-and-rescue operation for the missing construction workers who were on the bridge when it collapsed.

• What we know: Eight people were on the bridge when it fell, according to officials. At least two people were rescued — one was taken to the hospital and has been discharged . The Coast Guard has been searching for six other people. But, around 7:30 p.m. ET, the Coast Guard said it has transitioned to a “different phase” of operation, now it did “not believe we are going to find any of these individuals alive,” Rear Adm. Shannon Gilreath said.
• About the ship: The bridge collapsed after a container vessel called Dali collided with one of its supports. The vessel is operated by Singapore-based Synergy Group but had been chartered to carry cargo by Danish shipping giant Maersk . The US Embassy in Singapore has been in contact with the country’s Maritime and Port Authority, a State Department spokesperson said.
• The investigation: The National Transportation Safety Board is leading the investigation into the collapse. A team of 24 experts will dig into nautical operations, vessel operations, safety history records, owners, operators, company policy and any safety management systems or programs, said NTSB Chair Jennifer Homendy. A voyage data recorder will be critical to the investigation, she added. 
• Vehicles on the bridge: Officials are also working to verify the numbers of how many cars and people were on the bridge, Homendy said. Gov. Wes Moore said the quick work of authorities in closing the bridge had saved lives . Radio traffic captured how authorities stopped traffic and worked to clear the bridge seconds before the impact . Maryland State Police Secretary Col. Roland L. Butler Jr. said there is a “ distinct possibility ” more vehicles were on the bridge, but authorities have not found any evidence to support that.
• Looking ahead: NTSB will look into how the bridge was built and investigate the structure itself, including if it was flagged for any safety deficiencies , Homendy said. The federal government has also directed its resources to help with search and rescue, to reopen the port and rebuild the bridge, Vice President Kamala Harris said . Earlier, President Joe Biden said t he federal government will pay to fix the bridge.
• The economy: Transportation Secretary Pete Buttigieg warned the collapse will have a serious impact on supply chains . Until the channel is reopened, ships will likely already be changing course for other East Coast ports. Ocean carriers are already being diverted from the Port of Baltimore, where the bridge collapsed, to the Port of Virginia to “keep trade moving."

Please enable JavaScript for a better experience.

The accountant shortage is so bad that it's delaying key reports at companies like Tupperware

• The severe accountant shortage is causing companies to delay filing key mandatory reports.
• Tupperware has delayed its annual report due to accounting department shortages and resource gaps.
• A lack of fresh talent contributes to the ongoing crisis in accounting.

The accountant shortage is so bad that companies are delaying filing key mandatory reports.

On Friday, Tupperware said it didn't have enough accountants to get its annual report out on time. The storage container manufacturer is the latest on a growing list of companies that have delayed their annual reports for a host of reasons. About 70 companies have postponed annual reports this year, up 40% from last year, research company Intelligize tallied last month .

In a regulatory filing, Orlando-based Tupperware blamed the delay on "significant" past and present accounting attrition, "which has resulted in resource and skill set gaps, strained resources, and a loss of continuity of knowledge."

Tupperware added that previous delays in filing its 2022 annual report led to postponement of its quarterly reports, which subsequently pushed back work on its 2023 annual report.

On LinkedIn, the company is hiring for a single accountant, a job in Poland.

Once an American kitchen icon, the manufacturer now faces a slew of business problems. In October, its external accounting firm, PricewaterhouseCoopers, dropped the company as a client. Almost a year ago, Tupperware warned investors of potential bankruptcy amid greater losses and operational costs.'

Related stories

Accountant staffing issues at Tupperware and other businesses are becoming an operational headache with no signs of abating.

Seasoned accountants are retiring while the profession, which has a reputation for long hours and unfulfilling work, has struggled to attract younger talent. The American Institute of Certified Public Accountants said that 75% of certified accountants reached retirement age in 2020. The US Bureau of Labor Statistics projects there will be 126,500 openings for accountants and auditors each year, on average, over the decade.

But many students say they are turned off by the fifth year of college needed for accounting courses. And accountants' average starting salary of about $62,000 looks less appealing than other higher-paying or lower-stress jobs in business.

"Accountants and auditors are to business as those people in the black-and-white-striped shirts are to sports. We're the referees of business," Steven Kachelmeier, the chair of the accounting department at the University of Texas, told Business Insider last year.

"We may not always like the referees, but sports is a free-for-all without them," he said, explaining that if shortages of these workers continue, accountability and integrity in business could suffer.

This year has seen a slate of high-profile financial reporting errors, some of which caused stock prices to change. In February, ride hailing app Lyft erroneously reported in its fourth-quarter earnings release that it expects profit margins to increase by 500, not 50 basis points — which led its stock to surge 60%. Electric vehicle maker Rivian and gym company Planet Fitness said they made earnings typos this year.

In a similar move to Tupperware, toy giant Mattel said in a February filing that it was unable to file its 2023 annual report due to "certain deficiencies in its internal control over financial reporting."

The Securities and Exchanges Commission can issue penalties for erroneous filings, including fines for delays and errors in financial reporting.

Watch: Trump's kids testify in $250M fraud case, deny all wrongdoing

• Main content