Conducting Efficient Internal Controls Audits of Smaller Companies Under AS5

Strategies for a Thorough Yet Cost Effective Examination

***Featuring a PCAOB Expert to Discuss AS5 and Recent Guidance About Applying it to Smaller Companies***

Recording of a 100-minute CPE webinar with Q&A

Conducted on Thursday, November 6, 2008

Program Materials


From the day the PCAOB's Auditing Standard No. 5 (AS5) took effect in June 2007, accounting firms have struggled to apply its principles-based format to their examinations of internal controls at smaller, less complex public entities.

Firms have found it difficult to scale internal control audits down to the size and complexity of their smaller clients under AS5. In response, the PCAOB offered special guidance on how auditors can evaluate entity-level controls of these businesses without exam costs spiraling out of control.

However, major challenges persist for accounting firms and their smaller public clients. How can auditors effectively and efficiently adapt broad AS5 principles, which seem more appropriately geared toward big public companies, to these other business entities?

Listen as our panel of audit veterans presents alternatives to make AS5 work for internal control audits of smaller public clients.



  1. Review Of Key Terms Of AS5
    1. Contrast with predecessor AS2
      1. Use of broader principles, simpler language
      2. Intent to focus auditors more on areas that could produce a material misstatement
      3. Contrast with checklist approach under AS2
  2. Problems With AS5 Internal Controls Audits Of Smaller Public Entities
    1. Concurrent problems with those entities’ auditing firms
    2. Making approach that seemed more appropriate for larger companies work for smaller entities
    3. PCAOB’s October 2007 guidance on using AS5 in smaller company exams
      1. Principles and approaches for evaluating entity-level controls
      2. Trying to contain cost
  3. Lessons Learned From Applying AS5 To Smaller Entities
    1. Where broad principles work well and not well
    2. Smart decisions on selecting which controls to review
    3. Evaluating how well company management respects those controls
    4. Role of IT-based controls in a company of that size


The panel helps you get a handle on these and other challenges:

  • Making a principles-based controls audit work at a smaller company used to more of a checklist approach — and integrating that exam with the financial statement audit.
  • Selecting which controls need to be tested under AS5.
  • Gauging risk that a smaller company's actively involved management will try to override controls.
  • Effectively using IT-based controls in a smaller business.


Lorraine Chilvers
Lorraine Chilvers
Associate Managing Partner (Recently Left Firm)

As regional practice leader, she until recently oversaw the executive services consulting firm's business development...  |  Read More

John Rowe
John Rowe
Managing Director, SEC and Business Advisory Services
SMART Accounting and Consulting Services

His 15-year career in accounting and auditing also includes stints as Internal Audit Director for a $1.5 billion...  |  Read More

Mark Agulnik
Mark Agulnik
Principal, Commercial and SEC Assurance Division

He has more than 10 years of experience and works on assurance services (including financial statement review and...  |  Read More