The financial farce at Enron Corporation in US corporate sector dented public opinion over the effectiveness and ethics of financial accounting, reporting, and auditing processes. President George W. Bush signed into law the Sarbanes-Oxley Act of 2002 to ensure the effectiveness of accountability standards for directors and top executives. The Act is structured into 11 titles. These titles are further subdivided into 66 sections which deal with auditor's independence, corporate responsibility, enhanced financial disclosures, conflicts of interest, corporate accountability, among other things. The main focus of my review will be on section 404: Internal Control.
Section 404: Internal Controls. States "Management must state their responsibility in establishing, maintaining, and analyzing the internal control structure, and must assess the effectiveness of such processes"
2. SECURITIES AND EXCHANGE COMMISSION
The mission of the US Securities and Exchange Commission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. (US Securities and Exchange Commission, 2006). As soon as the Sarbanes-Oxley Act of 2002 was signed into law, the implementation role and the authority to oversee the Public Company Accounting Oversight Board (PCAOB) were assigned to Securities Exchange Commission (SEC).
Get your grade
or your money back
using our Essay Writing Service!
Schaeffer (2006) states that although Sarbanes-Oxley Act of 2002 was signed into law, corporate constituents were given a little leeway in complying with various requirements, and SEC also had to extend the compliance deadline for another year for the non accelerated filers to comply with the filing requirements under the section 404 of the Act.
3. PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD
The enactment of Sarbanes-Oxley Act of 2002 established the Public Company Accounting Oversight Board. PCAOB is a private-sector, non-profit corporation created by the Sarbanes Oxley Act of 2002 to oversee the accounting professionals who provide independent audit report for publicly traded companies. (US Securities and Exchange Commission, 2006). Their vision is to seek to be a model regulatory organisation. Using innovative and cost effective tools, the PCAOB aims to improve audit quality, reduce the risk of auditing failures in the U.S. public securities market and promote public trust in both the financial reporting process and auditing profession. (Public Company Oversight Board, 2003-2010).
The PCAOB has been empowered to enforce disciplinary and remedial actions against accounting professionals for breach of rules and accounting standards. They carry out these functions through standard settings, assessment, and enforcement plans. PCAOB issued Auditing Standard No.2 (AS2): Audits of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. They concluded that the best approach to meet all the requirements is to adopt the COSO Framework. This was first published in 1992 by the Commission of Sponsoring Organisations of the Treadway Commission (COSO) under title of Internal Control - Integrated Framework.
4. COMMITTEE OF SPONSORING ORGANISATIONS OF THE TREADWAY COMMISSION
COSO was formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, an independent private-sector initiative which studied the casual factors that can lead to fraudulent financial reporting. (Committee of Sponsoring Organisations of the Treadway Commission, 2010). The National Commission was sponsored jointly by five major professional associations headquartered in the United States: the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), the Institute of Internal Auditors (IIA) and the Institute of Management Accountants (IMA). (Committee of Sponsoring Organisations of the Treadway Commission, 2010). According to COSO its mission is to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organisation performance and governance and to reduce the extent of fraud in organisations.
5. INTERNAL CONTROL - INTEGRATED FRAMEWORK
Internal Control - Integrated Framework, published by the Committee of Sponsoring Organisations of the Treadway Commission addresses the concerns identified in Section 404 of Sarbanes-Oxley Act of 2002. The framework was developed to support companies in ensuring the efficiency of their financial, operational, and compliance related internal controls. PCAOB recognises the effectiveness of the framework and issued in Auditing Standard No.2 (AS2) that management are required to evaluate the effectiveness of their internal control over financial reporting, using suitable control criteria such as the COSO Framework.
6. OBJECTIVES OF INTERNAL CONTROL - INTEGRATED FRAMEWORK
COSO (2010) defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
Always on Time
Marked to Standard
Effectiveness and efficiency of operations: This deals with organisation primary objectives and that includes performance and profitability goals and safeguarding of resources.
Reliability of financial reporting: This deals with the preparation of reliable published financial statements.
Compliance with applicable laws and regulations: This addresses compliance with laws and regulations to which to which the entity is organisation is subject.
The objectives of COSO framework is to issue a framework that has a common knowledge of internal control amongst its users and assist management in evaluating and improving its internal control.
7. COMPONENTS OF INTEGRATED FRAMEWORK
The original internal control - integrated framework had five interrelated components. These components are:
Information and Communication
The framework was updated in the year 2004 to highlight the significance of identifying and managing risk across the enterprise. The three components that were added are:
All of these components have to be satisfied before an organisation's internal control can be deemed to be effective and efficient.
7.1. CONTROL ENVIRONMENT
The control environment of an organisation is important in assessing the internal control system of an organisation. The control environment consists of ethical values, integrity, competences of employees and management's philosophy and operating style.
According to Schaeffer (2006) The internal environment encompasses the tone of an organisation and sets the basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
7.2. RISK ASSESSMENT
According to Khawar (2008) all organisations have to face both internal and external risks. He further states that the main reason for these risks are the changing nature of economic, industry, regulations, and operational activities. Management needs to ascertain and assess the risk associated with the preparation of reliable financial statements.
As stated by Schaeffer (2006) Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and residual basis.
7.3. CONTROL ACTIVITIES
Once risks are identified, appropriate measures and other control activities are put into practice to help ensure the realisation of the financial reporting objectives. The control measures are the policies and procedures that help ensure that management directives are carried out. (Committee of Sponsoring Organisations of the Treadway Commission, 2010). These measures occur within the entire organisation, in all levels and they include range of measure as diverse as approvals, verifications, segregation of duties, authorisations, reconciliations and reviews of operating performance.