The Auditing Standards Board recently approved a Statement on Standards for Attestation Engagements (SSAE) for reporting on a nonissuer’s internal control over financial reporting, An Examination of an Entity’s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements.  This new SSAE substantially conforms to the standard used for reporting on an issuer’s internal control over financial reporting - Public Company Accounting Oversight Board Auditing Standard (AS) No. 5, An Audit of Internal Control That is Integrated with an Audit of Financial Statements. The new SSAEsupersedes AT Section 501, Reporting on an Entity’s Internal Control Over Financial Reporting.  The new SSAE is effective for dates or periods ending on or after December 15, 2008, and is therefore effective for December 31, 2008 audits of financial institutions that are required to have an examination of internal control over financial reporting pursuant to the requirements of the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA).

The new SSAE establishes requirements that are applicable when an examination of internal control over financial reporting is integrated with an audit of financial statements.  As a practical matter, a reporting entity will want to engage the same firm to audit both its financial statements and its internal control over financial reporting as it will result in the most effective and efficient engagement.  The new SSAE has provisions that will affect both the auditor and the reporting entity.  Among other provisions, the new SSAE:

• Revises the definitions of the terms significant deficiency and material weakness to conform with the definitions in AS 5.
  
• Describes how to determine the likely sources of potential misstatements within a given significant account or disclosure.
Discusses how to identify significant accounts and disclosures and their relevant assertions.
• Introduces the top-down approach for identifying the most important controls to test.
• Incorporates the auditor's fraud risk assessment into the planning process for the examination of internal control and provides guidance on the types of controls used to identify and prevent material financial statement misstatements resulting from fraud.
• Includes an illustrative management report containing the reporting elements described in the SSAE and guidance for reporting under Section 112 of FDICIA. 

RSM McGladrey Inc. and McGladrey & Pullen LLP have an alternative practice structure. Though separate and independent legal entities, the two firms work together to serve clients' business needs.