We learned of this proposal today and we thought our readers would be interested. This change would have an inpact on the financial reporting requirements for all public companies.
This is a great article looking at the outcome of a recent SEC investigation into Medifast's financial reporting from 2006 through 2009. Medifast disclosed, without admitting or denying the SEC's findings, that under the terms of the settlement it has consented to a Cease-and-Desist Order and agreed to pay a $200,000 civil penalty.
Google SAS 104-115 and you will find mostly articles by us (Vibato) discussing the need for auditors to pay special attention to internal controls as part of their audit. Why? Because the AICPA & the PCAOB dictates standards that the auditors must adhere to in order to perform their audits. Parts of these requirements include reviewing your internal controls and this applies to ANY COMPANY THAT IS AUDITED – public, private, non-profit; it doesn’t matter. If you are audited, your auditors must look at your internal controls as part of your audit. If you do not have any documented internal controls then be prepared for a higher audit bill because your auditors will have to go looking for internal controls at your company on your dime year-over-year. Moreover, due to independence issues, they are not allowed to share their work with you to use going forward so they will do this work each year and all you will see for it is a higher bill. Period.
An internal control deficiency can be caused by a number of issues but it is primarily defined as an error discovered during internal controls testing (e.g., a payment was coded to utilities when it should have been coded to inventory) or during a review of the internal control evidence (e.g., the internal or external auditors discover the coding mistake rather than management finding it as part of their closing activities). An internal control deficiency may also occur simply from someone forgetting to execute one of their internal controls entirely.
Tags: Internal Controls, Compliance tools, risk assessment, audit, SOX, 404 audit, best-practice, Controls Testing, 10k, Product Information, Sarbanes-Oxley Training, compliance, risk management, Sarbanes-Oxley, audit deficiency, Internal Control Deficiency
We're approaching the 10K filing deadline (tomorrow) and it's been a great year for Vibato clients once again for receiving a clean opinion on their internal controls!