| Accounting profession integrates security responsibilities in audit committee guidelines
(1) Assessing significant risks and exposures,
including the extent to which insurance adequately covers exposures,
and For a copy of the Audit Committee Toolkit, refer to the AICPA's website at http://www.aicpa.org/ Although security is included in narrative and various checklists, the Audit Committee Toolkit is almost exclusively focused on traditional governance roles and responsibilities. These include independence and oversight of financial statements integrity. Including, but not emphasising security is consistent with the roll-out of Sarbanes-Oxley regulations and standards. The Public Company Accounting Oversight Board (PCAOB), for example, has narrowly defined auditing standards on internal controls. The standard, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, does not expand Sarbanes-Oxley attestations beyond matters closely connected to financial statements integrity. The PCAOB's approach suggests that, for now, internal control reviews mandated by Sarbanes-Oxley will stick closely to financial accounting principles and not include broader risk management concerns. The PCAOB does, however, explicitly recognize the validity of the internal control framework developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, which is the foundation for the AICPA's discussion on security and enterprise risk management in the Audit Committee Toolkit. The COSO framework expands traditional Generally Accepted Accounting Principles (GAAP) to include greater emphasis on "people, processes, and technology" as they affect corporate risk. The Enterprise Risk Management Framework, which the COSO released last year, is significant in three important areas: * First, the Enterprise Risk Framework defines terms, as well as roles and responsibilities, more broadly than traditional accounting principles. Throughout the material, COSO expands customary reporting and accounting responsibilities, which focus narrowly on financial reporting, historical cost, and limited non-financial disclosures. The COSO draft thus challenges exclusive reliance on recognised accounting and financial reporting principles. Generally Accepted Accounting Principles (GAAP) and rules developed by the Financial Accounting Standards Board form the basis of public company reporting responsibility. * Second, the Enterprise Risk Framework provides an additional auditing mechanism to assess corporate value and risk. To date, legal and auditing communities have been reluctant to expand Sarbanes-Oxley to more than the integrity of financial reporting. * Third, the Enterprise Risk Framework clarifies fiduciary roles and responsibilities in areas of risk oversight and management. In adopting Sarbanes-Oxley, Congress narrowly links corporate governance to financial transparency and independence issues. Several often-cited court cases expand this statutory definition of fiduciary responsibilities to include risk oversight for areas such as security and regulatory compliance. If integrated into public company auditing requirements, COSO's Enterprise Risk Framework would further expand corporate governance expectations. The COSO will release the final draft early this year. Source: Zeichner Risk Assessment Newsletter. To subscribe to this weekly newsletter, click here.
•Date:
30th January 2004 •Region: N.America •Type:
Article •Topic:
Operational risk |
