Thursday, April 21, 2011
The Sarbanes-Oxley Act and it's Relation to Internal Control
The Sarbanes-Oxley Act was enacted on July 30, 2002 and also known as 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX. US Senator Paul Sarbanes and US Representative Michael G. Oxley were the sponsors of this law.
Since the Securities Exchange Act of 1934, the SOX is considered as one of the largest business reform acts because of the many provisions of the law. It has a great impact on all US public company boards, management and public accounting firms due to issuance of numerous enhanced standards. President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt" (Bumiller, 2002, p.1).
The pre-SOX scene is that of unconcerned investors and analysts who did not give that much weight on their internal control environment. Internal control issues were never given that much thought and the adequacy of internal control procedures and processes were not the highest priority. Not until the seismic accounting scandals in the early part of 2002 did the companies pay attention to their internal control. It was the Enron scandal that sparked the need for the development of new regulations that will improve the quality and reliability of financial reporting. Public awareness has also been increased with regards to the relevance of having accounting standards that will present the real financial score and stability and that auditors who evaluate the companies are governed by the principle of independence and objectivity. Presently, Section 404 of the SOX governs the issue on internal control. Companies are now required to report internal control over financial reporting and auditors should render opinions on the report as well the effectiveness of the internal control policies and procedures of the company.
Internal control provisions that is required by the SOX encompasses new auditing requirement for internal controls. Initially, the company must include in it's finacial report the internal control procedures employed by the company. The auditor then tests the scope of the one presented by the company and include the findings in the annual audit report. Auditor should include an evaluation whether the internal control provides a system wherein the company maintains a system of records that fairly and accurately reflect the company's transactions and are recorded in accordance with the preparation of GAAP financial statements. The report should also reflect whether material weaknesses are present in the internal controls and if there are non-compliance. Officer certification of internal control is also required wherein the CEO or CFO of the company certifies that they are responsible for designing internal controls, establishing and maintaining them as well as include fraud arising from lack of internal controls. They should also included significant changes in internal controls and if there are problems with it, include the corrective actions undertaken to address the problem.
With all these new provisions required by the SOX legislation, companies and auditors are now at their busiest because of the requirements that are now being demanded from them. The internal control report provided may now be an additional reference for both investors and analysts as well as shareholders and other viewers of the financial statements. Though not quantitative in nature, in fact majorly a qualitative assessment, it serves as a tool in assessing the company's effort in safeguarding their assets through internal control procedures. In addition of the honest, objective and independent evaluation of the auditor and the attestation of the auditing firm, the transactions and it's presentation is transparent enough and a reasonable assurance is confirmed. Lapses in a company's internal controls pose a big threat to the company's well-being. With effective internal controls, the risk of fraud within the company is reduced and the company gains credibility with the auditors which are responsible for providing the assessment of these controls. The establishment and maintenance of these control procedures may be costly and is in fact one of the issues of the Sarbanes-Oxley Act. However, investment on internal controls is money well spent. The Act is an improvement in the current structure of the financial community and may as well be the answer that will address the problem of early detection, better yet prevention of fraud. It decreases officer's liability and maximizes the protection of shareholder interests. As the Sarbanes-Oxley Act address the great need for an effective and well functioning internal control program it also anticipates and evaluates the possible weaknesses of the system which is generally critical for the improvement of the company. A company with a notable internal control system is one that is investor attractive and can provide assurance of it's ability to safeguard interests and can ensure it's stability in the long run.
Bumiller, E. (2002).Bush Signs Bill Aimed at Fraud in Corporations.
The New York Times, 1-2.
The RMA Journal, 1-8.