While much its content can be found elsewhere, the combination of information, tools, and technological enhancements make Microsoft's launch of its free online consumer healthcare management platform, HealthVault, last Thursday one to watch. Almost all of the 40 device plug-in and software applications the company is starting with are available individually and independently from its vendor partners. Yet through the combination, HealthVault offers convenience, the possibility of application customization, the ability to import and store personal data, and a search capability that may not be available anywhere else. he key to HealthVault's initial appeal is its all-in-one-place access to a range of applications plus the ability for some of those applications to "play together" in a way has not previously been possible. For example, a user can download his or her heart rate from a monitor and then send those statistics to a personal trainer who can immediately adjust the user's exercise workout. "Customization is all online and completely integrated within both platforms," states Teri Sundh, CEO & co-founder of Podfitness, Inc., one of HealthVault's initial partners. Microsoft believes that its search engine will give the product an edge over existing solutions. Sean Nolan, chief software architect of the Microsoft Health Solutions Group, says HealthVault uses the technology from a company called MedStory, which Microsoft purchased earlier this year, to mine the very detailed minutia in peer-reviewed medical journals, simplify the material, and then present the user with much more relevant, narrow search results based on very specific medications and medical procedures. As a health data repository, another thing that sets HealthVault apart from existing records storage software solutions is its security. Deborah Peel, M.D., the founder of the Patient Private Rights Foundation, called the Microsoft security for HealthVault "Fort Knox state of the art." She added, "This is the first example of a technology product actually guaranteeing patients will be able to protect their information." While much of its content and even its tools are available elsewhere, the company believes that HealthVault will be greater than the sum of its parts. The American Heart Association, for example, developed its Blood Pressure Management Center after being solicited by Microsoft. The center is also available through the AHA web site, but Dan Jones, M.D., president of the AHA, says he believes HealthVault gives him a better chance to reach the 20% of Americans with high blood pressure who do not have it controlled. "It's not unlike the popularity of building applications at Facebook based on the personal information stored there, but with MSFT HealthVault, it's for a much higher purpose, improving the health of our loved ones," explains Enoch Choi, M.D., a Palo Alto urgent care doctor, and product manager at MedHelp.org, a HealthVault partner. Already there have been announcements of applications to come. Healthphone Solutions will launch a tool in early 2008 that will allow users to send "stop smoking" messages to their cell phones throughout the day. If the HealthVault's offering is really an evolutionary advance, as suggested by Peter Neupert, corporate vice president of the Health Solutions Group at Microsoft, this may be driven by its data repository, which provides a number of personal health management software packages a user can download. The user can then give access to that data to his personal physician, or an emergency room doctor, or anyone else. HealthVault’s shortcoming in this regard, as is the case with the other software packages, is that one cannot electronically import into the data repository information from one's physician, or from, for example, the hospital discharge summary that one might receive after having an operation. With the launch of HealthVault, Microsoft has what it calls a simple focus "to empower people to lead healthy lives." While this objective is far from an easy one--as are the privacy issues projects like these must contend with--the launch of HealthVault does provide a way for people to collect their health information in a digital repository, along with a platform on which companies across the health industry can develop compatible tools and services to enhance our search for good health. |
Microsoft Offers Healthy Solution: Introduces HealthVault Software and Services Platform
Jury Is Out On Impact Of AS5
While hopes are high that Auditing Standard 5 will sharply reduce audit costs, no one knows for sure. And success at multinational giants won’t necessarily carry over to smaller companies.
The corporate financial reporting world is holdings its collective breath as companies begin to talk to their auditors about Auditing Standard 5 (AS5), the tool that is supposed to whittle down excessive Sarbanes-Oxley auditing costs. The Public Company Accounting Oversight Board (PCAOB) developed AS5 to replace the reviled Auditing Standard 2 (AS2), the very prescriptive standard that had guided outside auditors as they did their attestations of corporate evaluations of internal controls over financial reporting.
Companies and auditors alike had argued that AS2 forced companies to test too many insignificant controls for fear of having overlooked what the auditor, looking into each tiny crevice in each corner of the corporate books, would later deem important minutia during its attestation audit.
The transition to a “principles-based” AS5 for integrated audits conducted for fiscal years ending on or after Nov. 15, 2007, and the associated management guidance approved in July by the U.S. Securities and Exchange Commission (SEC), allows companies to break the chains of AS2 and, ideally, embrace the new “risk-based, top-down” approach ushered in with much ballyhooing by both the PCAOB and SEC. But no one really knows whether AS5 will actually lower Sarbanes-Oxley Section 404 auditing costs significantly. Hopes are high. Yet significant skepticism abounds, too.
Greg Starr, middle-market practice director, Accounting Management Solutions Inc., explains that AS5 enhances management’s ability to rely on effective entity-level fraud prevention and computer controls. The auditor gains an enhanced ability to rely on the work of others and to include consideration of its previous experience with the client.
This new path leads down a road to what SEC Chief Accountant Conrad Hewitt describes as “tailoring and scaling of evaluations and audits according to the relevant facts and circumstances.”
“While auditors and companies are still grappling with AS5, we are clearly moving in the right direction,” Starr states. “Although true savings have yet to be seen, there is a strong indication the revised standard will have a positive impact both practically and economically.”
Big Four auditors also sound a note of caution on costs. Craig Crawford, partner in charge of the audit group at the Department of Professional Practice at KPMG, says, “The standard is sound. It effectively achieves its stated objectives.” But, he adds, “Professional audit fees are influenced by many variables, one of which is auditor effort associated with the internal control element of an integrated audit. Changes in accounting standards, changes in a company’s operations, acquisitions and dispositions — these come into play, too.”
Arnold Hanish
AS5’s impact on companies will probably have a lot to do with company size, the complexity of its financial statement and who its outside auditor is. Arnie Hanish, executive director, finance, and chief accounting officer at Eli Lilly & Co. and chairman of
However, there have been a few dissenters in the issuer community who suggest AS5 is, at least as a reform, weak gruel. Michael G. Oxley, Nasdaq‘s vice chairman and co-author of Sarbanes-Oxley, says, “While AS5 represents improvement over the previous standard, it does not go far enough to help decrease regulatory complexity and reduce the risk for overzealous auditing. We must take bolder steps to make our markets more attractive and competitive.”
Bethany Sherman, a spokeswoman for Nasdaq, says its internal auditors have told the Nasdaq board that AS5 will not bring a reduction of Section 404 audit costs. “And though our companies think AS5 is a good thing, they say it will not substantively reduce their auditing costs, either,”
Mark Olson
While its actual impact will not be clear for some time, AS5’s objective is clear as a freshly Windexed window. The idea is to allow companies to focus on ensuring they have internal controls that will catch material weaknesses and for outside auditors to test only those “high-risk” controls. Those hopes may, in fact, be fulfilled. “The markets, on balance, think we got the words right,” emphasizes Mark Olson, chairman of the PCAOB. “That doesn’t mean we got all the words exactly the way everyone wanted.”
In fact, there are perhaps 10 key areas within AS5 where the PCAOB (either on its own or at the SEC’s insistence) denied additional relief or clarification in a way sought by corporations and auditors, leaving some companies convinced that while Section 404 auditing costs may go down, they will still be higher than necessary.
For example, the PCAOB declined to allow “rotational” testing of those internal controls deemed to be, as a result of the “scoping” AS5 is supposed to promote, of much lower risk. PCAOB also declined to ax “walkthroughs,” which are technically not required, but are described in AS5 as “frequently the most effective way of achieving objectives,” making them a requirement in everything but name.
The PCAOB’s initial draft of AS5 had nearly 250 “shoulds” and “musts” dictating things the auditor had to do. The final version cuts that number a little. Robert Kueppers, deputy chief executive officer of Deloitte & Touche, agrees the board moderated some of those dictates, and that AS5 permits auditors to use much more judgment in completing their work.
Qualification Sets Unclear
An example of that is AS5’s allowing auditing firms to decide when to depend on testing done by company personnel who are not internal auditors. This was a marquee issue. But AS5 provides no real guidance on what qualifications a corporate executive has to have before his or her testing can be relied on by the outside auditor. Olson states that auditors need to insure that the corporate officials they rely on are objective and independent. But he quickly admits that would be the subject of a “very idiosyncratic evaluation.”
The definition of “materiality” — which is really an SEC decision — leaves a lot to the imagination; so does the definition of “fraud.” For example, the language in AS5 on detecting fraud is short of what was asked for by people like Lilly’s Hanish. He had asked the PCAOB to “define the specific types of fraud that should be considered to be an indicator of a material weakness (i.e., management fraud — senior management intentional manipulation of financial statements, versus employee fraud — inappropriate expense reporting).”
Hanish admits, “That was not changed as much as I had hoped it would be. What you don’t want to do is give auditors an open check to look for fraud — looking for a needle in a haystack. That is very costly.”
Nonetheless, Hanish believes it is important to acknowledge that the PCAOB responded very well to some of the public outcry and criticism of AS2. However, he adds that the ultimate success or failure of AS5 will only be determined after the first round of PCAOB inspections under the new standard, which won’t happen for at least a year.
Any 404 audit savings companies achieve in the first year of AS5 will have to be ratified by the PCAOB’s inspection process, which will either endorse or reject the “judgment” used by auditors on the “scoping” that underpins the new, “principles-based” era. “In my view, the PCAOB will respect the auditor’s judgment if that judgment is made in good faith, is well-reasoned and properly documented,” says Deloitte’s Kueppers.
Olson says the PCAOB is aware that the inspection process can cast a pall over an auditor’s work. “We are spending a lot of time meeting with the accounting profession, at this point, the eight largest firms,” explains Olson. “We are helping them to challenge their methodology in making the transition from AS2 to AS5 as aggressively as we did in [considering what improvements could be made in] going from AS2 to AS5.”
Kueppers says Deloitte is doing a lot of work with its partners, instructing them how to modify their audit approach to comport with AS5. In addition, PCAOB inspectors are on premise at some Deloitte locations talking about audits done last year under AS2, and how they might be done differently under AS5. “It is an active and natural dialogue,” he says.
Meanwhile, on the key question of whether AS5 and the management guidance will reduce corporate testing and external audit costs associated with Section 404, there can only be speculation. “I have had numerous conversations within the CCR and at the PCAOB,” offers Hanish. “What we are seeing really depends on two things, the nature of the company and its current controls, as well as who their auditing firm is.”
Hanish breaks the Big Four into three camps. One company already was “out in front” on taking a “top-down” approach to AS2. Two of the other Big Four firms took a very conservative approach to AS2, he argues, and the third was in the middle between the leader and the other two. In the first year of Section 404 implementation, Lilly’s auditing costs increased 28 percent. That compared with increases of 50 percent and up for companies being audited by the other three majors.
Hanish expects to see some reductions in Lilly’s internal corporate testing costs, particularly from reduced testing at foreign locations, where the nature of the business, size of locations and financial staff in place result in lower risk. This will probably be true for many other
In the past, Lilly sent internal auditors to do internal control testing at certain foreign locations that were in scope. Now, because of the “top-down, risk-based” mandate of AS5 and the SEC guidance, Lilly has pulled back on testing at some foreign locations and has moved to a variable approach based on a set of criteria. “At some of those locations, based on a risk analysis and prior-year results, for example, we do desktop testing,” he explains. “At some other locations, we may only use a self-assessment questionnaire.”
Positive reviews by Fortune 500 companies, if in fact they are forthcoming over the next year, won’t be the final word on the success of AS5. It is one thing for a Fortune 500 company to comply. It will be another thing for the 6,000 public companies with less than $75 million in public equity — the so-called non-accelerated filers. They have not had to do the Section 404 management reports, much less have those reports audited.
Their first reports are due in March 2008, and their first audits are required on their first financial statements for the fiscal year ending after Dec. 14, 2008. PCAOB inspections of those small company audits won’t be public for a year after that. Only then will it be clear whether AS5’s tailoring, scaling and scoping will be as transformational as advertised by the SEC.