PHASE II -- QUESTION 2
Through the Sarbanes-Oxley Act, Congress addressed certain problems, issues, and deficiencies that were facing the internal auditors.
a. Prior to SOX, what problems, issues, or deficiencies were facing the internal auditors? (Bloggers, tackle one per comment.).
b. Post Sox, how does the Sarbanes-Oxley Act of 2002 eradicate or decrease the problems, issues, or deficiencies noted above in part a?
a. Prior to SOX, what problems, issues, or deficiencies were facing the internal auditors? (Bloggers, tackle one per comment.).
b. Post Sox, how does the Sarbanes-Oxley Act of 2002 eradicate or decrease the problems, issues, or deficiencies noted above in part a?
posted by Dr. Scott @ 9/20/2005 02:26:00 AM
28 comments
28 Comments:
Prior to the Sarbanes-Oxley Act, there were many problems plaguing internal auditors. For instance, before the act, it was ok for auditors to audit with a computer without knowing the ins and outs of the process. This means if something were to be entered incorrectly into the computer, there was a chance that the auditor would not know hot to fix it. By making sure the auditors have a complete knowledge of the automatic and manual stages in the auditing process, it provides more insurance against fraud and illegal activities.
Post Sox, "Under SOX, a public accounting firm may not
provide certain non-audit services to a company with which
it has a current audit engagement."
(http://www.grahamdunn.com/cybergrahams/kfs_april2004.htm).
On top of this a firm will be deemed "not independent" if
the firm provides "prohibited non-audit services to the
audited company", when the company is under a regular
audit. anything non-audit actions such as appraisal,
bookkeeping or other services that are done while the
company is under audit will deem it a "non-independent"
audit.
Additionally to what Nicholas stated, post Sox, auditors should not be too closely involved with a company's assessment of its controls or they risk impairing their objectivity. The auditor cannot accept managements responibility to reach conclusions on the effectiveness of the entity’s controls nor can management base its assertion about the controls design and operating effectiveness on the results of the auditor’s tests.
In addition to zach's comment, the problem with auditors prior to the Sarbanes-Oxyley Act is that auditors were not focused on protecting investors as much as they should have. There were to many instances (i.e. Enron and Worldcom) where auditors missed fraud on balance sheets and income statements. The Sarbanes-Oxley Act implements rules that insure that their will be no more mistakes in auditing. For example, "the Board must require a 2nd partner review and approval of audit reports registered accounting firms must adopt quality control standards" (http://www.aicpa.org). Also there is an auditing standard that auditing commissions must abide by. This standard must require the auditor to evaluate whether the internal control structure and procedures include records that accurately and fairly reflect the transactions of the issuer, provide reasonable assurance that the transactions are recorded in a manner that will permit the preparation of financial statements in accordance with GAAP, and a description of any material weaknesses in the internal controls (http://www.aicpa.org).
This comment has been removed by a blog administrator.
In response to part B, post SOX, the Sarbanes-Oxley act decreased problems, issues and deficiencies by placing a stronger hold on the board and auditing committees. There were many changes and revised laws as a result of the Sarbanes-Oxley Act of 2002. All auditing information is now available to the SEC, US Attorney general and federal agencies. The board is now required to file all proposed rules and changes with the SEC, as a result, the internal auditors realize the SEC have a better control on the system. This helps by putting pressure on auditors while reviewing financial reports. As well as proposing ideas to the SEC, auditors or their partner along with the reviewer must be removed from the audit every five years. This helps to keep a constant flow of people and decrease the amount of fraud and mistakes within accounting. To help decrease issues, Congress gave the SEC many new powers to regulate auditing. The changes included, a new Public Company Accounting Oversight Board, a new attorney professional responsibility rules, new procedures for hiring and managing external auditors,and criminal penalties for while collar crimes were strengthened. As a whole, these new regulations stressed in the act of 2002 for the board and the SEC, have helped to decrease problems that previoulsy had taken place with Enron, WorldCom, as well as Arthur Anderson.
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
Most of the previous comments above focus on the EXTERNAL auditors rather than focus on the INTERNAL auditors. (Differences between the roles of internal and external auditors were discussed in Phase 1, remember?) How has the role of Internal Auditors changed pre-SOX versus post-SOX?
In addition, I have questions from previous comments.
(1) How can auditors audit a computer system without knowing the ins and outs of the process? Provide references.
(2) If (external) auditors should not be too closely involved with a company's assessment of its controls and external auditors cannot accept managements responsibility, then how can the external auditors attest to the effectiveness of the system?
What is going on in the world of internal auditors? Post-SOX, one article heading talks about the growing number of internal audit executives while another article claims increasing staff departures?
http://www.findarticles.com/p/articles/mi_m4153/is_3_62/ai_n14732748
http://www.findarticles.com/p/articles/mi_m4153/is_3_62/ai_n14732751
A problem that internal auditors faced pre-Sox was being considered "second-class citizens". Most external auditors viewed them to be so, therefore internal auditors felt inferior. The job of an internal auditor was not well known or understood by the public or by public accountants. As a result, internal auditors were not appreciated for the job they did; instead they were viewed "more as a service to fulfill corporate objectives."
http://accounting.smartpros.com/x45449.xml
In response to internal auditors being regarded as "second-class citizens", post-SOX helped fix this problem. Internal auditors now have much more responsibility and their "activities of internal audit have become critical components of effective internal control and reliable financial reporting." Also, "internal auditors play a role that is just as significant as that traditionally played by the CFO." This is a position that was considered to be a guiding role for external auditors. Due to SOX, internal auditors now hold a more prominent role and it is becoming an increasingly popular job.
Another problem Internal Auditors faced before the SOX Act was the temptations to be dishonest due to job security. For a company to keep people buying its stock, they needed to look as good as possible to investors. Companies would go with whatever auditor in their company to make themselves look the best. To keep their job, auditors would often make things look like they were going much better for the company then they really were. Now that auditors must be rotated ever five years there really isn’t as much of a strain pushing them to be dishonest to investors.
Dr. Scott's question poses a very good point. Pre-SOX external auditors were very closely knit with a company, not as close as internal but very close none the less. Post-SOX they do not want the external auditors to be as close. How is this as effective, how do they know if the company's work is effective within the system?
This is a very good question. And in my opinion, I have read a few articles and from what I have read, even though the external auditors are not as close they still are around a lot while doing thier business and checking on the companies. The difference between pre-sox and post-sox is, pre-sox not only were they involved in their work but they got bribs and a lot of other people involved as well, which is where the dishonesty occurred. Post-SOX external auditors are not getting as involved but they are doing what they should be. They follow the company for awhile, policies, procedures, transactions, but they try not to get in contact with more then they need to, ie, outside involvment with management.
Internal auditors, post-SOX, are becoming a more crucial part of executive accountability. Corporations' CEO's and CFO's are coming to rely more heavily on the opinions and reports issued by internal audit committees. More interatction among these once clearly seperated corporate organizations enhances the firm's reliability and efficiency. The author of the article referenced by Dr. Scott, suggests that internal auditors develop a closer, more visible relationship with the auditing committees. He reasons that there's no such thing as too much information. I agree entirely with this because I feel that what might seem like a "little" problem or glitch, might turn out to be an even bigger one in the long-term. Communication between these two is crucial to the dependency of the financial statement.
http://www.findarticles.com/p/articles/mi_m4153/is_3_62/ai_n14732748
Post Sox, "The Board must adopt an audit standard to implement the internal control review required by section 404(b). This standard must require the auditor evaluate whether the internal control structure and procedures include records that accurately and fairly reflect the transactions of the issuer, provide reasonable assurance that the transactions are recorded in a manner that will permit the preparation of financial statements in accordance with GAAP, and a description of any material weaknesses in the internal controls."
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
In response to Dr. Scott and how the role of internal auditors changed pre-SOX versus post-SOX, is by taking on much more responsibility. Initially back in 1977 the role of an internal auditor was to double check management and not to act as an advisor or in-house consultant. As the mid 90s approached, according to the CPA Journal "Why Internal Auditors Audit", checking up on top management "fell out of vogue." Steering away from the original role given to internal auditors, it is obvious as to why so much corporate fraud occured making billion-dollar corporations go bankrupt. Internal auditors add value to the company and if it weren't for their unethical practices, billions of dollars would have been saved and thousands of employees would still be working if Enron and other companies hadn't gone bankrupt. In order for internal auditing to be effective they must audit all of the activites, decisions, projects, and review management on behalf of the common stockholder. Another problem facing the internal auditors is that they should quit reporting to the CFO and CEO but should report to the audit committee. This is because CEO'S, CFO's and other top executives are the orginators of fraudelent practices. These problems, deficiencies, and issues that faced internal auditors were taken into consideration when writing the Sarbanes-Oxley Act of 2002 in order to improve the accuracy and reliability of corporate disclosures.
source:
http://www.nysscpa.org/cpajournal/2004/204/perspectives/nv5.htm
Elaborating in my comment, I think the idea of forcing the auditors to rotate every five years is not a good idea. I know the act does this to try to keep things fair, but instead I think it actually makes things more competitive and strains auditors to become more likely to bend numbers to make things look like the company is doing better then it really is so they will stay with their job for those five years.
I agree with the point that Jessica brought up about changing auditors every 5 years and about how it makes things more competitive, however I think that it is a good idea to rotate auditors every 5 years. Rotating auditors creates an unbias throughout the auditing process. I believe that after an auditor is with a company for a couple of years, they understand how the company runs and what kind of numbers and totals the company should be putting up on their financial statement. I think that auditors feel less pressured to find every detail that may be off in the company's books after the first year. Rotating auditors ensures that the comapny is making correct statements on their reports. If you have 4 different auditors checking a company over 20 years, and they all state that the company is effectively and correctly issuing their reports then it gives an outside investor security to see that this company is legitimate.
I don't really agree with the previous comments suggesting a rotation of auditors every 5 years. I feel that internal auditors need to know and understand the company's inner financial workings to great extents. Working with a company for only 5 years doesn't really promote an intimate environment or provide suitable time for the auditor to really get to know the company inside and out. The problems before SOX were a result of internal auditors not spending enough time or effort on the company's financial statements. If you shorten their time, or put a cap on their employment period, you're discouraging individual integrity and motivation for promotions within the corporation.
Agreeing with Jennifer, I feel a major problem faced by internal auditors in the pre-sox era was the very common and often necessary element for an auditor to lie. In large corporations such as Enron, Adelphia, Worldcom, and Tyco the internal auditors of these firms were faced with a very serious decision to either lie or remain truthful. In the mind of an auditor, he or she could either: lie in which there is a slight possibility of facing criminal charges, but at the same time securing their job position. Or to not commit this “white collar crime” but have their companies fire them only to hire someone else who will “do the job.” The main problem facing auditors in the pre-sox error was the secret role that lying and deception played in their job description.
In addition to and directly a result of SOX, a process known as due diligence is being undertaken by many organizations to further ensure compliance with SOX regarding internal auditors and to provide support for its certification requirements, hence further decreasing the problems that were seen prior to the institution of the act. Texas-based energy firm El Paso Corp has recently adopted a due diligence process that often requires its internal auditors to go back to its due diligence checklist to make sure that all steps in the auditing process are complete. Furthermore, El Paso also took proactive steps by "asking internal auditors, to serve in an ex officio capacity on the company's disclosure committees," which is directly suggested by Sarbanes-Oxley. Overall, the process of due diligence, a direct result of SOX, has at least in part decreased the problems internal auditors faced prior to the passing of the act, as seen through the El Paso energy firm.
source for my previous post
http://www.findarticles.com/p/articles/mi_m4153/is_1_60/ai_98009254#continue
In addition to my previous posting, I feel as though it is necessary to properly define exactly what due diligence consists of. It can be defined as "the process of investigation, performed by investors, into the details of a potential investment, such as an examination of operations and management and the verification of material facts." ALthough somewhat broad, it ultimately proves to be relatively effective working in tandem with SOX to reduce inefficiencies relating to internal auditors, hence its recent adoption in one form or another in the vast majority of corporations throughout the US.
http://www.investorwords.com/1596/due_diligence.html
I disagree with Kristin's statement that auditor's need an "intimate environment" and "to know the company inside and out." I think that intimate environments, caused by one firm auditing a particular company's financial statements for a long period of time, foster the temptation to lie. As company executives get to know their auditors, they may feel comfortable enough to ask them to make "little adjustments" here and there, and eventually large-scale fraud could occur. This may have been the case with Enron and Arthur Andersen since they had worked together for so many years. Also, I do not think it's necessary for auditors to know their companies inside and out. Numbers are numbers, they're either right or wrong, and where there's room for debate the auditors can do further research. I definately think that 5 year rotations are a good idea. There shouldn't be fraud resulting from increased competition since there will always be companies looking for new auditors.
Now, in the post SOX era it is required to switch internal auditors every 5 years. Though not the solution to the problem in its entirety, I do believe this is a good start to keeping internal auditors honest. In contrast, with Jennifer who believes this 5 year switch will cause increasing competition among auditors and create strain to bend numbers. I believe this 5 year switch will keep auditors honest by worrying less about their job security. Knowing the date of their switch, I believe, will help auditors realize that sanctions for lying are not worth the minute rewards.
In response to Dr. Scott's questions: How can auditors audit a computer system without knowing the ins and outs of the process? Due to rapid growth in information technology use, the Accounting Standards Board issued SAS no. 94, "The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit." It was issued to "provide guidance to auditors concerning the proper assessment of internal control activities in IT systems." SAS no 94 provides information on auditing through the computer techniques, such as test data, parallel simulation or embedded audit module. Accounting firms may hire auditors who specialize in CAAT (Computer Assisted Auditing Techniques) to help them in the IT department.
Sources:
http://www.aicpa.org/pubs/jofa/sept2001/tucker.htm
http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=16201&TEMPLATE=/ContentManagement/ContentDisplay.cfm
It seems to me that the general opinion in here is that people as individuals are for the msot part untrustworthy and driven by greed. If this is the case, then I feel switching internal auditors every 5 years is not a very smart idea. If a person only has 5 years to make as much money in that position as he can, then more numbers will be altered for a better short term performance. This would mean more dishonesty within the accounting department, as opposed to if the rotation didnt exist.
In contrast to what Zach said, I do not feel that keeping a internal auditor in term for 5 years is a good idea. Yes all people are untrustworthy and driven by greed but switching people in and out of positions isn't always a good thing. What if they were actually doing a good job, then you move someone who sucks into position.
There is much confusion about auditor rotation.
Section 203, refers to the External Audit Partner that must rotate every five years, not the internal auditors.
Furthermore, Sec 207 required a study of mandatory rotation of registered public accounting firms (external auditors). GAO study concludes that mandatory auditor switching may not be the most efficient way to strengthen auditor independence and improve audit quality considering the additional financial cost and loss of institutional knowledge ....See GAO link http://www.gao.gov/new.items/d04216.pdf In essence, it would be costly if it was mandatory for external auditors to switch audit clients every five years.
Post a Comment
<< Home