Skip Ribbon Commands
Skip to main content

Are You Fully Leveraging AS5 to Improve Your CEO/CFO Certification Process?


The Public Company Accounting Oversight Board (“PCAOB”) released Audit Standard 5 (“AS5”) in 2007 in response to exorbitant audit fees and compliance costs being incurred by public reporting issuers in the United States, related to meeting SOX 404 requirements. These same companies are now undergoing their second year-end audit in accordance with AS5 and we have found that companies are still not fully leveraging the guidance set out in AS5 to improve their compliance process.

At the same time, companies are faced with the challenge of reducing their compliance costs while continuing to satisfy their external auditors’ interpretation of AS5. Some reporting issuers struggle to achieve efficiencies in their compliance process mainly because their external auditors may not have not fully embraced these new standards.

I have outlined my top ten strategies to drive compliance efficiencies and to significantly reduce your compliance costs. Note the strategies that do not reference external auditors would equally apply to other CEO/CFO certification requirements such as National Instrument 52-109 in Canada.

Top Ten Strategies to Drive Compliance Efficiencies

1. Engage the external auditors early in the planning and scoping phase and agree on scoping decisions such as materiality thresholds, identification of significant financial reporting elements, identification of relevant IT applications, preliminary identification of significant risks, etc.

2. Drive a “true” risk-based approach throughout each compliance phase (e.g., risk-based assessment and documentation strategy, risk-based testing strategy, etc.).

3. Identify effective key entity-level controls (e.g., period-end financial reporting and monitoring controls) that can be relied upon to reduce testing at the business process level and agree on key controls with your external auditors.

4. Identify key automated application controls over manual business process controls, where possible, to reduce extent of testing in the current period (i.e., only test one sample per scenario) and potentially eliminate testing in future periods (i.e., leverage baseline where there were no changes).

5. Identify the optimal set of key internal controls to ensure significant risks are adequately addressed with minimum testing efforts (e.g., identify key controls that address multiple significant risks, eliminate redundant assertion coverage, select automated and preventive controls, etc.).

6. Conduct testing whereby nature, timing and extent of testing are based on the level of control risk and coordinate with your external auditors such that the tests are performed in a manner that enables maximum external auditor reliance.

7. Leverage knowledge obtained from the results of the prior years’ walkthroughs and operational effectiveness testing to reduce nature, timing, and extent of testing in the current year.

8. Negotiate with your external auditors to place reliance on work performed by others including management, internal auditors or external service providers and discuss the extent of external audit re-performance which should be based on the assessed level of risk, and competency and independence of persons performing the work.

9. Identify joint testing opportunities including dual purpose testing with external auditors.

10. Negotiate with your external auditors to rely on walkthrough procedures as sufficient audit evidence for operating effectiveness for lower risk controls.

If you have any questions or need assistance meeting your compliance efforts, please feel free to contact me or your local MNP advisor.