Forwarded from: Mark Bernard <Mark.Bernard@private> Dear Associates, The tentative date for approval of amendments to the Canadian Institute of Chartered Accountants (CICA) audit standards CICA 5900 now is January 1st, 2006. Amendments to standards CICA 5900 and CICA 5310 will bring Canadian auditing standards up to par with the Sarbanes Oxley Act (SOX) and the revised Canadian Securities Act - bill 198. Summary of proposed changes include: a.. Section 5970, Audit Reports on Controls at a Service Organization, which replaces Section 5900; and b.. Section 5310, Audit Evidence Considerations when an Entity uses a Service Organization, which revises the requirements of Section 5310. Will organizations be ready? Many Canadian business have already made changes to comply with SAS No. 70 and SOX due to our interwoven economies. However some business always wait until the last minute, so it is likely that there will be many projects initiated from new budgets in January 2006. ======beginning of excerpt ========= http://www.cica.ca/index.cfm/ci_id/19365/la_id/1.htm Status: Final Handbook Sections approved. Assurance and Related Services Guideline approved subject to written ballot. Effective date for the standards and guideline is January 1, 2006. Objectives of this Project This project will update and expand auditing and assurance standards and guidance for engagements to provide assurance on controls at a service organization, and for the use of assurance reports as evidence, in a financial statement audit as well as in assurance engagements to report on internal control over financial reporting. This project will respond to the need for updated standards in light of the increased use of outsourcing and the increased scrutiny of internal control by securities regulators and other stakeholders. At the same time, it will ensure that Canadian standards for auditor-to-auditor communications for service organizations engagements are harmonized with equivalent US standards. Scope It is not currently possible to satisfy the needs of all stakeholders with either a SAS 70 or a Section 5900 report alone. Nor is it desirable to simply combine elements of SAS 70 with Section 5900. The project will therefore result in the issuance of a new standard harmonized with US Statement on Auditing Standards No. 70, Service Organizations (SAS 70), and with updated Handbook Sections 5900, Opinions on Control Procedures at a Service Organization and 5310, Audit Evidence Considerations when an Enterprise uses a Service Organization. Specifically, the project will do the following: a.. Harmonize with SAS 70 for the immediate specific regulatory issues related to the Sarbanes-Oxley Act of 2002 (Sarbanes) and the proposed Ontario Securities Commission (OSC) Investor Confidence Rules, and for auditor-to-auditor communications in financial statement audits. This standard will also consider the need for additional guidance to reflect environmental changes (e.g., privacy legislation, and the issuance of the US Public Company Accounting Oversight Board's (PCAOB) Exposure Draft, Reporting on Internal Control Over Financial Reporting in Conjunction with an Audit of Financial Statements) since the issuance of SAS 70. The project will also undertake revisions to Section 5310, Audit Evidence Considerations When an Entity Uses a Service Organization, to harmonize with SAS 70 material. b.. Consider the need for additional guidance to reflect environmental changes (e.g., privacy legislation, and the issuance of the PCAOB's Exposure Draft, Reporting on Internal Control over Financial Reporting in Conjunction with an Audit of Financial Statements) since the issuance of SAS 70. c.. Undertake revisions to Section 5310 to harmonize with SAS 70 material for financial statement audits. d.. Update Section 5900 for other uses of service auditor reports to reflect Section 5025, Standards for Assurance Engagements, and conform terminology with Section 5025, SAS 70 and the proposed audit risk framework. ====== end of excerpt ============ Best regards, Mark. Mark E. S. Bernard, CISM, CISSP, PM, Principal, Risk Management Services, e-mail: Mark.Bernard@private Web: http://www.TechSecure.ca Phone: (506) 325-0444 Leadership Quotes by Warren Bennis: "The manager asks how and when; the leader asks what and why?" _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Mon Aug 29 2005 - 23:57:34 PDT