On July 25, 2007, the SEC held an open meeting to discuss issues relating to the evaluation of internal control over financial reporting (“ICFR”).

At the meeting, the SEC approved the adoption of rule amendments to Exchange Act Rule 12b-2 and Rule 1-02 of Regulation S-X to define the term “significant deficiency” in ICFR. On August 3, 2007, the SEC issued a final rule release,1 defining the term “significant deficiency” as “a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of a registrant’s financial reporting.” The final rules regarding the definition of “significant deficiency” will be effective on September 10, 2007.

At the meeting, the SEC also approved the Public Accounting Oversight Board’s (“PCAOB”) Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements (“Auditing Standard No. 5”), a related Independence Rule 3525, and conforming amendments. Auditing Standard No. 5 is effective for audits of internal control over financial reporting for fiscal years ending on or after November 15, 2007. Earlier adoption of Auditing Standard No. 5 is both permitted and encouraged. Auditing Standard No. 5 is designed to reduce the amount of work that must be performed by an auditor in its audit of ICFR and is designed to work hand-in-hand with the recently adopted SEC guidance and rule amendments relating to management’s evaluation of ICFR. For more information regarding the guidance and rule amendments, please refer to our July 2007 memorandum regarding “SEC Adopts Final Rules and Publishes Interpretive Guidance for Management Regarding its Evaluation of Internal Control over Financial Reporting.”

Final Rules regarding the Definition of “Significant Deficiency”

In conjunction with the approval of Auditing Standard No. 5 and recent interpretive guidance and rule amendments relating to ICFR, the SEC has also approved a definition for “significant deficiency” to assist management in effectively evaluating ICFR. A “significant deficiency” is defined as “a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of a registrant’s financial reporting.” Under the rules implementing Section 302 of the Sarbanes-Oxley Act, a registrant’s principal executive officer and principal financial officer is required to certify that they have communicated all significant deficiencies to the audit committee and the external auditors. Accordingly, the definition of “significant deficiency” focuses on matters that are important enough to merit discussion among management, audit committees and independent auditors, and the definition explicitly does not include a likelihood component (unlike the definition of “material weakness”), in an effort to reduce the chance that management or independent auditors will design and implement ICFR evaluations or audits for the purpose of detecting anything less severe than a material weakness.

Auditing Standard No. 5

Auditing Standard No. 5, which governs the conduct of audits of ICFR by independent accountants, will replace the much-criticized Auditing Standard No. 2, which SEC Chairman Christopher Cox has called “unduly expensive and inefficient.” Accounting Standard No. 5, which the SEC reports is less than half the length of Auditing Standard No. 2 and is easier to read, reduces mandatory requirements, provides for a scalable audit that accounts for the size and complexity of each company, focuses auditors on those areas that have the highest risks with a view towards eliminating unnecessary procedures and provides a principles-based approach permitting auditors to use their judgment in determining whether rely on the work of others.

In response to issuers’ comments that the SEC and PCAOB had standards that were often contradictory or incompatible, the SEC and PCAOB have worked together to align the SEC’s interpretive guidance for management regarding its evaluation of ICFR and Auditing Standard No. 5, particularly for prescriptive requirements, definitions and terms, including the definition of “material weakness.”

Key Elements of Auditing Standard No. 5

1. Auditing Standard No. 5 uses a top-down, risk-based approach focusing on areas that the auditors, management and audit committees consider to be material or at greater risk for misstatement, such as the financial statement close process and controls designed to prevent fraud by management, rather than rote compliance with a rulebook.

2. Auditing Standard No. 5 has a scalable approach that adapts to the size and complexity of the issuer. Companies’ control standards will no longer have to be designed to comply with the Auditing Standard but rather can be designed to achieve the intended objective of improving the quality of the financial statements.

3. Auditing Standard No. 5 directs auditors to those areas that present the highest risk of misstatement. Auditors need not scope the audit to search for deficiencies that do not constitute material weaknesses. Fraud is acknowledged as a high-risk area, and auditors are required to deal with the possibility of fraud throughout the audit process, beginning in the planning stages of the audit. Auditing Standard No. 5 focuses the auditor on an evaluation of the effectiveness of ICFR rather than an evaluation of management’s ICFR evaluation process. The goal of Auditing Standard No. 5 is to eliminate unnecessary work.

4. Auditing Standard No. 5 uses a principles-based approach that permits auditors to use their judgment in determining when and to what extent auditors may use the work of others based on the objectivity and competence of those third parties. Auditors may also use past years’ work in current audits to reduce testing.

Related Matters and Effectiveness

In conjunction with the approval of Auditing Standard No. 5, the SEC has approved PCAOB Rule 3525, which requires auditors to take certain steps to seek pre-approval of the audit committee for internal control related non-audit services.

Although new Auditing Standard No. 5 is effective for audits of internal control over financial reporting for fiscal years ending on or after November 15, 2007, early adoption is both permitted and encouraged.