While efforts are still underway to reconcile some differences between the SEC and the PCAOB proposed remedies, three key levers are clear:

1. A top-down risk-based approach.
   
   The SEC highlights two broad principles:
   
   
   • Risk-Based Design Evaluation: That management should evaluate the design of the controls to determine whether they adequately address the risk that a material misstatement would not be prevented or detected in a timely manner.
     
     There is no requirement to identify every control in a process or document the business processes impacting ICFR. For example, if management determines that the risks for a particular financial reporting element are adequately addressed by an entity-level control, no further evaluation of other controls is required.
     
     
   • Risk-Based Testing Evaluation: That management's evaluation of evidence about the operation of its controls should be based on its assessment of risk (allowing) management to align the nature and extent of its evaluation procedures with those areas that pose the greatest risks.
     
     As a result, management may be able to use more efficient approaches to gathering evidence, such as self-assessments, in low-risk areas and perform more extensive testing in high-risk areas.
     
     
2. Refined Deficiency Evaluation
   • Revise the definitions of significant deficiency and material weakness, as well as the "strong indicators" of a material weakness; and
   • Clarify the role of materiality, including interim materiality, in the audit;
     
     
3. Reduce Management / Audit Redundancy
   • Remove the requirement to evaluate management's process;
   • Permit consideration of knowledge obtained during previous audits;
   • Allow for greater use and consideration of the Work of Others (and not just internal audit);
   • Provide a single framework for using the work of others based on the auditor's evaluation of the combined competence and objectivity of others and the subject matter being tested.