PCAOB and SEC are Keeping Watch

It's amazing that after 12 years of collective experience with SOX-related audits of Internal Controls over Financial Reporting (ICFR) that companies and external auditors are struggling. Look at this factoid:


Among the Big 4, KPMG’s 46-percent audit deficiency rate follows only EY, which drew criticism on 49 percent of its inspected audits in its 2013 inspection. The PCAOB flagged 32 percent of the audits it examined in 2013 at PwC, and 28 percent at Deloitte.”


Truly amazing! The question that we keep asking ourselves is, "how can we help our respective companies and our external auditors"? How can we guide them to ensure that our audits meet with the scrutiny that is expected? What's the problem and why does it keep cropping up?

Well, the first issue tends to be associated with a company not having selected the version of COSO that will be used by last year's deadline. That's an easy fix. It's a declaration that management needs to elicit. However, the next challenge is a bit tougher. It comes down to understanding best practices for traceability. Does the firm have policies and Standard Operating Procedures (SOP's) for each of COSO 2013's 17 specific principles. Are they traceable back to the COSO authority document references (citations)?

The issue that companies are struggling with is, collectively, associated with poor house-keeping. They have not nailed down the traceability links and the associated policies and procedures. Companies can solve this issue with the selection of a solid mapping product that runs in the cloud. This avoids a number of issues such as not knowing the latest version of the document or policy that is in force, relying on e-mail to distribute key documents and many other housekeeping-related controls.

If you're struggling with these issues, contact us and we can help you to assess a cloud-based mapping product that will solve these issues so that you can immediately lock down your COSO-related internal controls (all 17 of them) and, oh, by the way, you can also nail down your internal controls for information technology COBIT. By mapping your policies and SOP's from COSO and COBIT you'll head off the PCAOB and SEC and help your external auditor to get through the process as it was originally intended.

Good luck and let us know if you need guidance on compliance and industry standards best practices for traceability mapping.