Impact of the Sarbanes-Oxley Act on Internal Controls
Published: Last Edited:
Disclaimer: This essay has been submitted by a student. This is not an example of the work written by our professional essay writers. You can view samples of our professional work here.
Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.
In 2001, Enron reaffirmed that their previous financial report had to revise as accounting errors existed in their computer system. After that, Enron the largest US corporate with assets of $63.4 billion faced the end road of bankruptcy suddenly. Four thousand employees face losing theirs job and retirement pays (Benston, 2002). It is not merely one person can break a solid business structure. The result of investigation shows this case was a corporate scandal. The Enron's top executive empowered the employees to manipulate the stock price.
As a result, the Sarbanes-Oxley Act was legislated because of the fraud behaviors which created by Enron. President Bush described this scandal as the "most far-reaching reforms of American business practices since the Great depression" when he signed SOX Act (Hays 2003, cited in Eichar S. 2009, p.1). It seems likely that the weak internal control system were has ability to prevent the accounting scandal happening. Moreover, the top managers did not function effectively in order to monitor theirs company's financial condition as well as involving in accounting scandal. Another problem is that the managers' ethics behavior needs to be tested and considered. The main purpose of SOX Act is to prevent a fraud such as Enron case happening again, whereas some people have the skepticism with SOX Act that can still work for modern corporation. This paper attempts to analyse that internal control was generally become more effective since the Enron scandal.
2. Accounting Information Systems
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has a definition on internal control "that as a process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations." (http://www.coso.org/resources.htm)
When Sarbanes-Oxley (SOX) Act "(to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes, US congress)" (SOX Act) has been signed in 2002, the concept of internal control has been carefully considered in information system improvement. The section 404 of SOX Act indicates that company has the responsibility to declare the assessment of internal control structure in each fiscal financial report.
For an organization, an accounting information system (AIS) which is a key framework for information system plays an important role in organization, processing and management the process of transaction, which is a foundation for building information system in business (Moscove, 1999). Because accounting information system could bring benefit for computerized company. Not only can it control obvious 'audit trail' (an obvious evidence to confirm the transactions accurately) for purpose of assurance and auditing, but also it has connecting general demand for physical protection of assets.
Nowadays, the Enterprise Resource Planning (ERP) system is used popularly after SOX Acts had announced. ERP system is built based on the advantage of accounting information system. According a research indicates "that 80 percent of the fortune 500 firms have implemented the ERP system" (SAP, 2005 cited in Brown &Nasuti, 2005), because of the following benefits: accessing data in time, integrating the process of business operation and transferring internal information correctly. The SOX Acts requests the enterprises should keep going on evaluation of the management risk, ERP systems still has significant effect on collecting risk management data as companies used it (Brown &Nasuti, 2005). Research (Huang, Hsieh, Tsao, and Hsu, 2008) shows the most important factor of internal control dimensions is the control environment: monitoring. There is a good example illustrates some main elements of internal control as using ERP system. Research (Huang, Hsieh, Tsao, and Hsu, 2008) finds some features of using ERP systems in Taiwan public companies and there are most important results tally with the purpose of internal control:"(1) Establishment of IT organizations and their relations, (2) Integration and communication of financial information, (3) Development of IT strategic plans, (4) Management of information quality, and (5) Monitoring of operating procedures" (pp. 104). This result is exactly integrated with the original definition of control environment by COSO: "The Control Environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure."(COSO, 1992 cited in Huang, Hsieh, Tsao, and Hsu, 2008, p. 114) As the result, the primary task is making security for physical control, in order to process the internal control function effectively. In addition, the senior management support could be a main factor caused ERP and IT project implementation successfully. The second issue which should be considered for internal control is integration and communication of financial information. The ERP systems could support utilize IT to combine organizational resources and information about finance and accounting for company's operation strategies. Furthermore, the SOX section 404 has regulated the internal control leading to contribution of financial reporting (Huang, Hsieh, Tsao and Hsu, 2008). The company mangers not only could use financial information for evaluating their companies' financial structure and the result of operating, but also public users have more confidence to invest these companies with their safety financial information. Therefore, it is necessary to confirm the 'relevance and reliability' of financial information.
Today, firms should consider implementing a new concept of internal control monitoring (ICM) technology for purpose of support and facilitate internal control processes. There are two definitions that explain ICM function: "ICM technology encompasses a range of control monitoring tasks, including the automation of routine control tests, enhanced risk assessments, evaluation and documentation of controls, and managing and communicating control assurance activities" (COSO 2009 cited in Masli, 2010, pp.1103-1104) and "The goal of ICM is to enhance the overall visibility of the organization to risk and performance through the effective use of technology" (KPMG2008 cited in Masli, 2010, p.1104). Masli(2010) shows that most companies had imputed large-scale investment in IT development in the last ten year. Unfortunately, these funds were wasted, because some reasons caused the plan to fail, such as untrained workers can not fully use the leading software effectively and physical hardware incompatibility. Different than AIS and ERP system, the ICM concentrates on risk assessment and responds a message immediately if somebody intends to break internal control system. The ICM technology can link with other data of operating index. For instance, if the supervisor finds companies' stock price has an unusual fluctuation in stock marketing, the monitoring system will respond to high executives and list the potential factors together. For these reasons, there is no question that the ICM technology can be used in every firm.
3. Organization of board of directors
In Enron Company, the board of directors does not have responsibilities to detect the weak financial structure. Even though there were 15 members in the board of directors, they do not prohibit managers using 'high risk accounting standards', and ignore any potential because all members are. Furthermore, the each member had received more salary and owned high amount of Enron's stock (USA senate report).
The board of directors could affect the quality of companies' internal controls. First of all, one thing which has to be considered is the number of outside directors on the board of directors. Research (Beasley, 1996 cited in Yan, Jian & Nan, 2007) suggests that the board independence does not usually lead to the problem of financial fraud. Then, other expertise indicates it is necessary to consider the number of directors in a board. Enhancing the board structure could reduce the likelihood of the business being exposed in weak financial system and improve the financial reporting rationality. Research (Dalton, 1999 cited in Yan, Jian& Nan, 2007 p.308) states "a large board has more expertise than a small one, and that it tends to be more effective in monitoring accruals." It seems that the phenomenon of weak internal control does not exist in a large board. Moreover, another expertise finds that the board size is beneficial for audit committee independence and a large board of director could have the effective audit committee as well as served high-quality audit services (Yan, Jian & Nan, 2007). It seems that there are more outside directors can enhance the quality of internal control, because their independence can not be affected by compensation such as the director fees and stocks.
Under SOX, the primary issues of setting up the independent auditors could lead to the reliability of the internal control. The SOX section 301 requires that the audit committee has responsibility for ensuring the audit report and each member should be independent (SOX Act). From the Enron case, it is clear that the audit committees can enhance the financial report quality and offer effective monitoring censorship in internal control. An audit committee has some responsibility of such as: "review of the internal audit department and the annual audit plan, evaluate of annual financial reports and the results of audit, criticize of the internal accounting controls, and security of business assets." (Steven T., 2005 p.58) Steven T. (2005) points out that companies have the reliable financial information, because their audit committees are independent. Then, if the members of audit committees have high financial background, it can find that these companies are unlikely to have problem of internal control and have more abilities to find the faults of internal control (Yan, Jian & Nan, 2007).
One issue which should be considered the audit independence has a significant effect on disclosure of firm's internal control problems. Because the fees are a potential factor to affect the relationship between auditors and client businesses, the auditors are more likely to ignore potential problems and issue an incorrect opinion on clients' internal controls. Conversely, an expertise claims that there is no relation between non-charge services and independence. In order to maintain auditor's reputation, they could provide high-quality service and prevent anyone doubted about their independence (Yan, Jian & Nan, 2007). It can be concluded that the independence for board of directors is more important than the outside auditors (Certified Public Accountant films).
4. Business ethics
In this decade, the world economic system faces one big challenge that more and more frauds have happened in each year, such as accounting manipulations, and unethical behavior. The early law and legislation aimed at purpose of financial establishment and the security of the monetary system (Rockness, 2005). Consequently, the fraud scandals happened again and again. The Sarbanes-Oxley Act has the function of providing a regulation for companies' ethical behavior.
The SOX section 301 has ruled on the responsibilities to the audit committee, because the audit committee plays an important role in board of directors. Analyzing recent ethical failures, one study (Lublin and Carms, 2003 cited in Rockness, 2005 p. 45) indicates "the audit committee was directly involved, perceived as too closely tied to the corporation, or oblivious to financial reporting situations." In this way, the audit committee has to provide a 'mechanism' which communicate the unethical behavior to companies employees and the external auditors.
Additionally, it is obvious that SOX Act not only provides strict rules for business, but also giving guidelines for companies to establish the ethical atmosphere in order to maintain the high working performance. The SOX section 406 requires that public corporations should set up a code of ethics for senior managers, and moreover, they have to explain in annual report why not having code of ethic. The main purpose of code should be included: "promotion of honest and ethical conduct, full and fair disclosure, compliance with laws, internal reporting for violations, and accountability for adherence to the code." (Securities and Exchange Commission, 2003b cited in Rockness, 2005, p. 46)
In last two decades, most American companies have had an ethical code. Some of European companies also have accepted this trend. These companies have installed the codes to give theirs employees a guideline for work (Sobczak, 2003 cited in Stevens, 2007). According to one study (Kaptein, 2004 cited in Stevens, 2007) different countries' companies have the different results, when those companies have implemented ethical codes. A study (Kaptein, 2004 cited in Stevens, 2007) finds that European codes concentrated on work environment are 50% that more than American codes. Conversely, the honesty was a significant issue for American codes (64%) compared with European codes (45%) and Asian codes (38%). It is clear that American's organizations usually less concern fairness in the work. In the Enron case, it found that Enron were willing to offer high reward in order to motivate their employees to reach the business goal with the unethical behaviour.
To summary all mentioned above, successful companies should have a unique ethic value that connected with business goals. These employees could use different business skills at work. It can be more flexible and adaptable without losing their important ethical values. The long term goal for businesses is that infuse a new thinking of purposeful task with the pure ethical values rather than pursuing the high income (Stevens, 2007).
In conclusion, SOX Act makes the profound impact on internal control building and there are three aspects could explain why recent internal control is effective for the organizations. First of all, the role of accounting information system offer the important audit trail for accurate auditing and another benefit is protection for the physical assets. Moreover, enterprise resource planning software has an additional function which is risk management. Taiwan's example shows that the ERP is linked with enhancement information quality and monitor the operating process and another function is it can integrate internal control with the communication of financial information for the operation strategies. Then, new trend is for implementation of the internal control monitoring combined with ERP system. It can ensure security of the information effectively and detect the unusual signal immediately. Secondly, the independent audit committee is an essential requirement for enhancing the financial report quality and monitoring the internal control. More members in the board of directors could enhance the quality of audit committee and provide high-quality audit job for the companies. The last aspect is that the SOX Act has mentioned organizations should disclosure the code of ethics in financial report. It means the business have the responsibility for training the ethical culture to theirs employees. As discussed above, the SOX Act has ruled to make the internal control effective. It seems that the information system, manager's structure and ethical concept have been improved and achieve the internal control effective.
Cite This Essay
To export a reference to this article please select a referencing stye below: