SEC Urges Holistic Approach in Assessing Company's Internal Controls Over Financial Reporting

The Chief Accountant of the US Securities and Exchange Commission (SEC), Paul Munter, has called for a broader perspective when evaluating the effectiveness of a company's internal control over financial reporting (ICFR). In a recent statement, Munter expressed concern that both auditors and management often focus too narrowly on information directly related to financial reporting, overlooking broader entity-level issues that could impact financial reporting and internal controls.

Munter emphasized the need for a holistic approach in assessing business risks. He pointed out that while traditional ICFR assessments might not account for one-off incidents such as data breaches, these incidents could still have a significant impact on financial reporting. He urged company managers to consider a wider range of factors and to avoid evaluating problems as isolated incidents. By doing so, they could better identify risks, including those at the entity level.

This perspective aligns with the growing pressure on auditors to play a more proactive role as gatekeepers in holding management accountable. Munter's stance resonates with the proposed updates by the Public Company Accounting Oversight Board (PCAOB), which would require auditors to scrutinize potential instances of company noncompliance and fraud more closely.

Munter highlighted that management should stay vigilant about emerging or evolving business risks that could affect their internal control systems. He stressed that companies must provide auditors with comprehensive information, taking into account changing economic conditions, new business strategies, regulatory guidance, technological developments, and more.

Auditors, in turn, must stay informed about these changes and apply a healthy level of skepticism. They should assess the consistency of information disclosed by companies in their periodic filings and compare it with the judgments made by management throughout the financial reporting process. This assessment helps determine whether new business risks could significantly impact the effectiveness of ICFR.

Munter also encouraged auditors to avoid bias and instead use objective judgment when evaluating deficiency evaluations by management. He suggested that enhanced scrutiny methods, including root cause analysis and considering potential misstatements, could be necessary to make accurate determinations.

In conclusion, Munter underscored the importance of timely and transparent reporting by management. Such reporting enables auditors to provide informative, accurate, and independent reports on a company's ICFR to investors. The call for a holistic approach reflects the evolving landscape of financial reporting and the need for more comprehensive risk assessment to ensure the integrity of financial controls.

By fLEXI tEAM