Auditing & Assurance

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Auditing & Assurance Summative Assignment|

Light vertical




Question 1………………………………………………………………………………………………………………………3

Question 2………………………………………………………………………………………………………………………x

Reference List………………………………………………………………………………………………………….........x


Question 1

The role played by Cynthia Cooper and Sherron Watkins, in exposing accounting fraud (at WorldCom and Enron respectively), highlighted the importance of whistle-blowing as well as the notoriety associated with it. Whistle-blowing, as defined by Miceli and Near (1985, p.4), is the “disclosure by organization members (former or current) of illegal, immoral or illegitimate practices under the control of their employers". In the case presented to us, the story of Cynthia Cooper at WorldCom illustrates the trials and tribulations faced by whistle-blowers. Research suggests that whistle-blowers are often individuals with strong moral convictions, universal standards of justice and high levels of internal control (Hersh, 2002). These qualities are essential as whistle-blowers often face retaliation from not only the organisation, but also the public (Jubb. 1999).

A report by the ACFE (Association of Certified Fraud Examiners), released in 2012, found that the typical organisation lost 5% of its revenue to fraud each year. Since the introduction of the U.S. Sarbanes-Oxley Act of 2002, Canadian MI 52-110, and UK Combined Code on Corporate Governance, the majority of public and private corporations have implemented a whistle-blower hotline (Slovin, 2006). These hotlines are an effective tool in fighting corporate malpractice and fraud, with the ACFE (2004) reporting that fraud losses are reduced by 60% when a hotline is present. As explained by Pergola and Sprung (2005), reporting mechanisms allow employees to provide information without the fear of reprisal, thus acting as a protective outlet for whistle-blowers. An effective whistle-blower hotline will not only detect fraud, but it will also deter it.

In response to the Enron and WorldCom scandals in 2002, the U.S congress passed the Sarbanes-Oxley Act (2002). The act states, under section 301.4, that audit committees are responsible for the creation of an effective whistleblower program in public corporations. Following this, the United Kingdom and Canada have also passed similar laws. An audit committee’s role in implementing a whistleblower program is vital; they must continuously evaluate the design of the hotline and adjust it according the company’s operations. Rezaee and Riley (2011) identify the key attributes of an effective whistleblower telephone line. These include 24/7 availability, trained and multilingual interviewers, anonymous caller IDs, feedback mechanisms and timely reactions to information.

In order to protect the integrity of a whistle-blower hotline, the audit committee should provide strong leadership and direction. As well as this, the audit committee should directly receive all enquiries, ensuring that the management does not have the opportunity to filter any of the complaints. In doing so, the audit committee can effectively monitor the risk of management override of internal controls, thus improving the function of a whistleblower hotline (AICPA, 2005).

Communication and confidence is key in determining the effectiveness of a whistleblower hotline and program. The existence of a hotline should be communicated to employees, shareholders and customers. Using advertisements, such as employee handbooks and newsletters, a company can promote their hotline to the workforce. Regular training should also be commonplace, ensuring the employees are competent in the use of the hotline (Eaton et al., 2007).

Once the communication is complete, a corporation must ensure that the workers have confidence in the hotline. Employees need to have faith in the integrity, reliability and value of the whistle-blower program. As highlighted by Sheldon (2008), the ability to “receive, and quickly respond to employee complaints” is key in the development of an effective whistleblower hotline. The use of independent third party operators is a potential solution in increasing employee confidence (EY, 2012). WorldCom’s uncooperative response, in regards to Cynthia Coopers claims, was a major factor that led her to seek help from external sources. This highlights that special care should be taken to explain a company’s philosophy on fraud and unethical practices. The message that needs to be portrayed by a company is that whistle-blowing is taken seriously and reports are investigated thoroughly (Hussain, 2009). It is essential that corporations create a healthy environment and culture, as a whistle-blower hotline should reinforce the belief transparency and accountability.

The protection of those who blow the whistle is an important criterion of any policy or hotline. In the case of Cynthia Cooper, the lack of anonymity led her to face retribution from the employees at WorldCom as well as scrutiny from the public. Under the Sarbanes Oxley Act (2002), reporting mechanisms must demonstrate confidentiality, thus protecting potential whistle-blowers. The quickest route to failure of a whistleblower program, as outlined by LPI (2011), is the perception that “information received will not be kept confidential”. Anonymous reporting systems create the opportunity for employees to comfortably submit their concerns.

Therefore, an effective whistle-blower hotline will include non-retaliation provisions, as well as a clear definition of individuals covered by the policy. Eliminating the backlash involved in whistleblowing is important in corporations, as the fear of dismissal, disciplinary actions and victimisation is a major deterrent (Hussain, 2009). The outsourcing of the hotline to a third party, as mentioned earlier, will give employees confidence in maintaining their anonymity.

Upon the creation of a whistle-blower policy, the corporation should ensure the development of a culture consistent with the hotline. To safeguard the longevity, it is crucial that the mechanism is continuously updated, implemented and enforced, only then will a whistle-blowing policy be effective. Through the implementation of whistle-blower hotlines, corporations are usually faced with a series of challenges. These risks must be understood and firms should make an effort in reducing them.

Arguably, the biggest risk involved is a breach of confidentiality. During an inquiry based on a tip, it is important that details regarding the source of the information are not disclosed. An information breach can occur either through the hotline, or through the personal that operate the hotline. If there is a breach of confidentiality, employee faith is lost in the hotline system, as well as the integrity of the corporation. Consequently, users will be hesitant in reporting their concerns. Miethe (1999), noted that legal protection for whistleblowers is “illusionary”; this is due to the various loop-holes in the protection laws. A breach in confidentiality will not only endanger whistle-blowers, but also the effectiveness of the hotline.

As discussed earlier, anonymity is a key feature of an effective whistleblower hotline; however, this trait may also lead to potential pitfalls. An issue arises when the promise of anonymity provides a platform for reports to be made in bad-faith, or with malicious intent. Disgruntled employees, such as those overlooked for a promotion, may use the hotline to submit spurious reports (Arszułowicz, 2011). Therefore, is essential that those in charge of the hotline test the accuracy and reliability of claims. Although it may be difficult to assess whether the motive of a whistleblower is altruistic, organisations must ensure that employees who abuse the hotline face disciplinary action.

Lastly, the management’s influence on whistleblower program can also create significant drawbacks. Corporations must recognise the principal agent problem that exists and separate management from operating a whistleblower hotline (Moberly, 2012). In the case of Cynthia Cooper, she describes the “resistance and pressure” she faced by her CFO Scott Sullivan when she voiced her concerns. As Scott Sullivan was an accomplice, he used his position to cover-up the fraud. A situation where managers are able to screen, filter and block complaints, before they are received by investigators, is risk that should be considered when implementing a whistleblower hotline.

Question 2

The separation of ownership from control is a defining feature as to why fraud and unethical behaviour is widespread in corporations. In this essay, we will discuss the effectiveness of regulatory reforms in detecting and deterring financial reporting fraud, and compare them to alternate solutions aimed at tackling unethical behaviour within organisations. Financial reporting fraud, by definition, is an “intentional manipulation of reported financial results to misstate the economic condition of the organisation” (Johnstone, 2013 pp.34). Over the last few decades, accounting fraud and unethical practices have led to turmoil in capital markets and loss of shareholder value. The Enron and WorldCom scandals have illustrated the costs of weak corporate governance, poor audit quality and inappropriate ethical decisions.

The true cost of financial statement fraud is staggering. Rezaee and Riley (2011) state that the loss of market capitalization, resulting from the financial statement fraud at Enron, WorldCom, Qwest, Tyco and Global Crossing, is estimated to be around $460bn. Financial reporting fraud, along with other types of unethical practices, damages not only the value of the organization, but also investor confidence. Assurance in the integrity and reliability of the financial reporting process is essential if public and investor confidence is to be maintained.

In response to the corporate scandals of the early 2000s and late 1990s, the U.S congress signed the Sarbanes-Oxley act of 2002 (SOX). The legislation, as described by the U.S congress, is intended to protect investors “by improving the accuracy and reliability of corporate disclosures”. Since the enactment, all publicly-traded companies within the U.S have been required to abide its regulations, with the task of enforcement given to the Securities Exchange Committee (SEC). The aim of the SOX, highlighted by Hoyle et al. (2011), has been to promote corporate responsibility, strengthen financial disclosure and hinder corporate fraud. Specifically, the act:

  • Requires the establishment of whistle-blower programs and enhances whistle-blower protection.
  • Obligates CEO’s & CFO’s to personally certify the completeness and accuracy of financial reports, ensuring they comply with the SEC Act of 1934.
  • Increases the responsibility of the audit committee, for example oversight of the external audit and whistle-blower programs
  • Requires evaluation and disclosure of a firms internal controls as well as its code of ethics
  • Establishes criminal penalties for corporate malpractice and violation of regulation laws.
  • Overhauls self-regulation by creating the Public Company Accounting Oversight Board (PCAOB), responsible for overseeing auditors of public companies, ensuring they adhere to regulations and professional values.

The SOX, as described by Keller (2002, p. 1), is “the most sweeping legislation affecting accounting, disclosure and corporate governance in a generation”. In terms of the audit – management relationship, the demands of the SOX, such as increased responsibility of the internal audit committee, has greatly improved corporate governance. In addition, auditor’s responsibilities have also been extended to assess internal controls, as highlighted in Sec 404. These provisions not only improve corporate governance, but they also create a more effective, reliable and transparent financial reporting process.

Other provisions within the SOX are directly aimed at tackling financial reporting fraud, insider trading and unethical practices. The certification responsibilities highlighted in section 302, coupled with the criminal penalties for CEO’s and CFO’s, work as a deterrent to unlawful behaviour. As senior management is directly responsible for certifying financial statements, the provisions ensure that the efforts of managers are aimed towards increasing the quality of internal controls and the reporting process. Although these legislations place tight restrictions on public organisations, they also remind managers of the social responsibility they hold in conducting business (Felicia, 2011).

Since the introduction of the Sarbanes-Oxley Act, the topic of cost vs. effectiveness of regulations has been a topic of intense debate. It has been claimed that the rules and controls presented by the SOX, particularly Sec 404, are “hurting shareholder returns” (United Press International, p. 1). The cost of complying with the legislation has proven to be expensive. A study conducted by Jain & Rezaee (2006) show that the cost of complying with the standards can range between $1 million to $10 million dollars.

Furthermore, the legislation compliance costs have affected smaller firms disproportionately. Since the SOX only applies to public companies, many smaller corporations have decided to re-privatize in order to avoid the regulations. The introduction of the SOX has also deterred foreign companies from listing on the U.S stock exchange. Bachman reports that the number of companies announcing privatization plans rose 30% after the announcement of the Act (as cited in DeVay, 2006). The overall effects have resulted in negative implications on the capital markets, showing that corporations will evade regulations where possible in order to pursue their own agendas.

A majority of public organisations have also resisted the heavily detailed internal controls, with researchers suggesting that the controls potentially have no practical effect on preventing unethical practices. Overall, the costly and burdensome task of complying with these provisions distracts senior management from pursuing alternate strategies, which may increase shareholder value (Coenen, 2008).

Following the introduction of the SOX, there has been an increase in the implementation of corporate governance measures. Legislations, such as the UK Combined Code on Corporate Governance, have based their provisions off the SOX. It has been argued that, while these regulations aim to improve the relationship and accountability between corporations and their shareholders, the underlying issue of manager incentive is not addressed. Instead of providing punishment provisions, the regulations should aim to align the interests of the managers with those of the shareholders (Ribstein, 2002). The gatekeeper provisions have also come under scrutiny, with researchers suggesting that these “gatekeepers” also need to in need of management, leading to a situation of never-ending regulation. In spite of these criticisms, a study conducted by Verlun, et al. (2011), established that the disadvantages of these measures must be considered in equal portion to the advantages they provide. The study concluded that regulations, such as the SOX, have had an overall positive effect on the quality of accounting – a major factor in detecting and deterring corporate malpractice.

Due to the scandals of recent times, executives are admitting that ethical values such as integrity, trust and fairness play a crucial role in preventing corporate malpractice. Pitt, a former chairman of the Securities Exchange Committee (SEC), believes that new laws will fail in preventing the next corporate scandals. While regulations are concerned with what individuals can and cannot do, ethics focus on what is morally right and wrong (DeGeorge, 1995). In the business environment, a management team with a strong sense of corporate social responsibility and ethical values will steer away from morally questionable business practice. Ethical leadership not only affects the actions of the managers, but also influences the behaviour of subordinates. However, the problem regarding ethics relates to whether ethics can be taught, and, if so, how to teach them.

The most effective solution, in my opinion, to tackle corporate financial fraud and unethical practices, is an integration of both legislation and the teaching of ethics. By these means, legislation provides guidelines, while ethical education ensures that workers adhere to the guidelines. Nevertheless, the question of whether ethics can be taught, particularly to adults, should be considered when evaluating its effectiveness. A review by Weber (1990), on four independent studies, found that overall there was a positive shift in ethical reasoning as a result of ethical education. Although many individuals learn their ethics from a young age (through school, religion, at home), a popular strategy of teaching ethics has been through business schools. Exposing students to the importance of business ethics, as early as possible, allows them to understand ethical dilemmas they may face in the workplace. Although ethical education is not a main priority of business schools, they have a responsibility to equip their students with the skills necessary, in order for them to successful and principled business leaders (Fund, 2012).

The board of directors, along with the audit committee, play a vital role in creating a workforce with a high standard of ethics and social responsibility. In order to create a strong ethical culture, it starts with the “tone at the top” from the senior managers. As senior managers have a direct influence on their employees, it is important that they clearly communicate and live by a set of ethical standards. Good corporate culture influences the mind-set of doing the right thing. Ethical standards, reinforced by a code of ethics, work alongside with internal controls and regulations in reducing, deterring and detecting corporate malpractice (CAQ, 2010).