本文是留学会计专业的Essay代写范例，题目是“The Sarbanes-Oxley Act: Evaluation of Section 103（萨班斯-奥克斯利法案:对第103条的评估）”，萨班斯-奥克斯利法案是对内部和外部审计师、高管和董事会的重大改变之一。内部审计员对其审计委员会和外部审计员负有更大的责任。内部审计可以创建道德规范程序，执行适当的内部控制，以评估风险，并有助于发现和预防欺诈。审计师不能接受管理层对公司内部控制有效性得出结论的责任。管理层不能根据审计人员的测试结果来断言设计和操作的有效性。最终，审计师和管理层共同工作，但独立确定内部控制过程是准确平衡的。该公司确保更好的控制程序可以减少欺诈行为。
The Sarbanes-Oxley Act was one of major change for internal and external auditors, executives and boards of directors. Internal auditors have greater responsibilities to their audit committees and external auditors. Internal auditing can create ethics programs and perform proper internal control to assess risk as well as be instrumental in detecting and preventing fraud. Auditors cannot accept management’s responsibility to reach conclusions on the effectiveness of the company’s internal controls. Management cannot base its assertions about design and operating effectiveness on the results of the auditor’s tests. Ultimately, auditors and management work together but independently to determine the internal controls process is accurately balanced. The company ensuring better control processes could reduce fraud.
Auditing, Quality Control, and Independence
Standards and Rules
Business fraud is a major concern in the accounting profession and in the business community. The current audit process emphasizes the independent auditor’s responsibility for detecting and deterring fraud. Executives of public companies are subject to new fraud prevention measures enacted under the Sarbanes-Oxley Act of 2002 and administered by the Securities and Exchange Commission (SEC). Congress enacted the Sarbanes-Oxley Act of 2002 in response to highly publicized business failures, allegations of corporate fraud and financial statements restatements. “It is the most extensive overhaul of securities law since the 1930’s, and was the result of corporate and accounting scandals, including, Enron, Worldcom, Tyco, Xerox, Sunbeam, Adelphia and Arthur Anderson” (Linsley, 2003). If management has the ability to manipulate the financials in order to affect stock prices, then opportunities give them the incentive to do so. Large grants of stock options give large incentives to management and the risk of manipulation increases. The interest of management in their own personal wealth was more intense and lead to manipulating the financials to ensure their own profit was maximized.
Cynthia Glassman, Commissioner of the Security and Exchange Commission, in a speech given in Washington D.C., on September 27, 2002 specifically includes the requirement that the CEO and the Board put in place procedures to “ensure that they hear bad news,” and “not to create an environment in which senior officials are afraid to discuss or act on potentially serious misconduct that comes to their attention.” (Linsley, 2003).
The law changes the behavior of those in charge to reduce risk exposure in a number of ways. One of the most important ways is the risk that is created directly by their behavior; basically, the management, the board, and the auditors could themselves be a major source of the risk.
There is no doubt thatthe Sarbanes-Oxley Act was one of the major changes for internal and external auditors as well as the board of directors and executives of companies. The corporate world is dependent on high-quality and high-functioning Chief Financial Officers; The reports that Chief Financial Officers are now required to prepare and submit will take time and effort and a fair amount of cost. A company that has proper internal controls in place will ultimately say that it is worth every penny due to the rules and regulations that are now required for the Sarbanes-Oxley Act. Internal auditors are in the best position to alert senior management to potential issues before they become larger problems. Sarbanes-Oxley Act has ensured that the Chief Financial Officer is either more knowledgeable or at the very least wants to be more knowledgeable about the internal controls within the company. If there is a particular control that is not gaining the needed result then a change can be made prior to the end of the year when a negative opinion from an outside auditor could make things worse. Many companies started out by taking a short-term approach to the compliance standards and now are struggling to maintain compliance with the regulations. “Meeting these regulatory requirements is the new reality, but the running of a better business over the long-term should be the objective” (Heffes, 2004).
毫无疑问，萨班斯-奥克斯利法案是公司内部和外部审计师以及董事会和高管的主要变化之一。企业界依赖于高质量、高功能的首席财务官;现在要求首席财务长编写和提交的报告将花费时间和精力和相当多的费用。一家拥有适当内部控制的公司最终会说，由于萨班斯-奥克斯利法案(Sarbanes-Oxley Act)现在要求的规则和规定，它的每一分钱都是值得的。内部审计员是在潜在问题变成更大的问题之前提醒高级管理层的最佳人选。萨班斯-奥克斯利法案确保了首席财务官对公司内部控制的了解或至少希望了解得更多。如果有一个特定的控制没有获得所需的结果，那么可以在年底之前做出改变，因为来自外部审计师的负面意见可能会使事情变得更糟。许多公司开始时采取了遵从性标准的短期方法，现在正努力保持对法规的遵从性。“满足这些监管要求是新的现实，但长期经营更好的业务应该是目标”(Heffes, 2004)。
Another issue that Chief Financial Officers are tasked with is achieving lean operations through aggressive cost-cutting, which sometimes means that cutting costs may jeopardize compliance or cause a material breakdown in controls and can result in the company’s competitiveness being diminished. One approach to this issue is to identify the most effective and efficient controls that are needed to achieve compliance. Risk-based considerations are used to drive efficiently and realizes that not all accounts, transaction and risks are equally important. Another approach would be a balanced control design and basically treat each control as an equal regardless of the risk consideration. However, both of these approaches are a continuous process and should be integrated into the regular routines of the business.
The Sarbanes-Oxley internal control provisions impose significant responsibilities on both the management and the auditor. Management will be forced to take ownership of the process of identifying, documenting, and evaluating significant controls. Management will also need to determine the areas of the company that need to be evaluated. Auditors providing an opinion on the effectiveness of the company’s internal controls is a significant responsibility. Both management and auditors recognize that the internal control process will be valuable for several reasons. The Sarbanes-Oxley Act places legal restraints on certain behaviors, makes responsibilities more obvious, and requires that certain information be made public. Some of this affects external auditors; however, the majority affects both internal and external auditors. Thus, auditors have been drawn into a greater risk management role as a result of Sarbanes-Oxley. Basically, the management designs and implements the system of internal controls and the auditor review and make suggestions for improving the controls and process. Strong internal controls make fraud difficult to commit and make fraud discovery likely. However, managers who are intent on committing fraud have an incentive to design weaknesses into the system of controls because the benefits to fraud are more enticing to dishonest managers when the system of controls is weak. The possibility of management override potentially alters the auditor’s testing and evaluation because the evaluation of internal controls provide information about the manager’s incentives and opportunity to commit fraud because a weaker system of internal control makes fraud less difficult to commit.
Certified Public Accountants who audit public companies, usually as an external auditor, jobs have been significantly impacted due to the Sarbanes-Oxley Act. There are now specific rules for key proposals on responsibilities to test controls and evaluate internal control deficiencies and the extent that auditors can be involved. Other areas of concern for external auditors include their role to detect fraud, the retention of records, registering with the PCAOB, audit partner rotation to ensure objectiveness, and the restrictions on non-audit services that the auditor can provide to the company. One of the goals of Sarbanes-Oxley is to remove the conflict of interest where revenue from non-audit services may provide an incentive to give unjustified assertions for fear of losing the revenue. According to Heffes and Gimpert, internal auditors should be able to define and identify errors, omissions and/or process failures before they get out of hand and no area of the business should be exempt from some sort of independent assessment; while, external auditors are looking at materiality and processes that are financial statement-related (2006). Internal auditors are mostly concerned with operational activities which are the real risk to the company; while, external auditors are more concerned with financial risks which are also important to a company. Internal audit departments vary in size from five to 10 people for a Fortune 500 company to possibly 50 internal auditors at a Fortune 100 company.
The lack of sufficient internal controls can cause companies to be exposed to fraud, error and even misappropriation of company funds. These issues could potentially represent a substantial cost to the company. Internal auditors should use their knowledge to help put into place the kinds of policies and procedures that are going to drive employees to the right kinds of behaviors. Oftentimes the internal auditors assist in training about risk assessment and ethical behavior leading to getting involved and helping to structure the training. However, the internal auditor is an independent, objective assessor of the results, activities and processes of the company and should be an excellent source of information to the audit committee and management. As the audit committee and management are required to take more responsibility and to provide more documentation with limited time, they will want more assurance from the internal auditors that their statements are free of misstatements and that internal controls are suitable. The auditor must attest to management’s assessment of the effectiveness of a company’s internal controls using standards that the Public Company Accounting Oversight Board (PCAOB) issued. The auditor’s assessment and management’s assertion should be kept separate and should not be based upon each other to ensure that the audit is objective. Auditors must determine whether the control is properly designed to prevent or detect material misstatements on a timely basis, see how the control was applied and who applied it, and form an opinion of the effectiveness of the company’s internal controls. The auditor may consider the results of management’s tests of controls but should never rely on them solely. Third parties and internal auditors should adhere to this method as well.
The auditor incurs costs for performing audit work and could also face potential litigation and reputation harm if fraud occurs and is not detected during the audit process. The auditor chooses the amount of control tests and the amount of substantive tests to minimize total costs, which include the cost to perform the audit work and the expected cost of an audit failure. The costs of performing audit work are the costs of internal control testing and the substantive testing. If the manager commits a fraud that goes undetected by the auditor, the auditor suffers a penalty comparable to the amount of the fraud which could be substantial.
The IRS revised Schedule M-3 form for C corporations to increase the transparency between financial statement income and tax return income and ultimately to help the IRS identify tax returns for examination. This was the beginning of the tax form revisions-the IRS has now revised similar forms for partnerships, S corporations and other tax payers that do not use Form 1120. The majority of tax payers are now facing similar reporting burdens to ensure that the company meets compliance standards set forth from the Sarbanes-Oxley Act.
According to the article in the Journal of Accountancy, cycle rotation was used as a way to test controls prior to Sarbanes-Oxley Act; this involved testing controls in several of a company’s transaction cycles while doing a sample transaction to confirm the absence of control changes in the remaining cycles (2003). Now auditors must report on the effect of internal control over financial reporting. Auditors will need to obtain more evidence about the effectiveness of controls and perform substantive procedures due to the limitations of internal controls and risk of management override.
Regardless of the reason, numerous or repeated deficits may lead to a significant issue; although, individually insignificant, numerous control deficits having a common feature or aspect may also lead to significant issue. A large misstatement that the auditor finds, but the company does not find, usually is a material weakness in controls. A material weakness prevents an unqualified opinion that controls are effective. Inadequate company documentation of controls could result in a material weakness. According to the article in Practical Accountant, the Public Company Accounting Oversight Board’s (PCAOB) monitoring revealed that some audits performed under certain circumstances were not as effective or efficient as intended, and as the board expects they can be in the future given the benefits of experience, adequate time, and resources (2006).
According to Epps and Messier, engagement quality review is an important part of the audit process that is designed to provide quality control for audit engagements and to serve as an evaluation of the performance of the audit engagement partner and engagement team (2007). The Securities and Exchange Commission (SEC) has stated frustration with the performance of engagement quality reviewers on audit engagements. The SEC has increased the responsibility level on the engagement quality reviewer where financial statements have been issued with material misstatements.
The importance of engagement quality reviews is identified in Section 103 of the
Sarbanes-Oxley Act of 2002 which mandated that the Public Company Accounting
Oversight Board (PCAOB) develop an auditing standard to address engagement quality
review. The PCAOB noted that inclusion of Section 103 in SOX “signals Congressional
intent that existing requirements for such reviews be evaluated” (PCAOB 2004, 2).
One of the objectives of this research is to determine the consistency of engagement quality partner guidance included in the audit manuals of the major public accounting firms. This analysis will be helpful to the PCAOB and the auditing profession moving forward with developing and auditing standard for engagement quality review. Another objective is to conduct a task analysis of engagement quality reviews in order to develop a series of questions and concerns for future research. Better task descriptions will provide improvement for judgement research and increased understanding of the profession. There are differences between firms in the assignment of engagement auditors, the level of participation of the concurring partner in audit planning, the content and comprehensiveness of the audit, and the level of involvement of the concurring partners during the audit engagement.
In the past, the SEC allows companies to establish their own policies and procedures related to the qualifications of the concurrent reviewers; the nature, extent and timing of the review; and the required documentation to evidence compliance with company policy and procedures for engagement quality reviews. However, now the SEC has established guidance on the responsibilities of the concurring partner as an objective reviewer of the audit engagement. This guidance states that the concurring partner should provide negative assurance to the firm that audit complies with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS). Therefore, the concurring partner serves as a final quality control instrument.
Independence Standards and Rules独立标准与规则
Prior to the Sarbanes-Oxley Act, risk management was considered to be an optional business activity, which a company could implement if it thought that the benefits outweighed the cost. It is the responsibility of the company to set expectations by policies and procedures that drive people to do the right thing, communicate to ensure that expectations are known throughout the company, proper training to ensure that employees are comfortable with their day-to-day tasks, and being able to hold people accountable for meeting the expectations that have been set forth. Most companies have several forms of controls documentation such as policy and accounting manuals, flowcharts and decision tables to ensure proper authorization. Companies often believe that it is usually more efficient to prevent rather than to detect and correct a material misstatement. However, a well-run control system should have a good mix of both controls. “To ensure a comprehensive and consistent process, many auditors are recommending clients establish project teams reporting directly to the Chief Executive Officer or Chief Financial Officer; The Chief Financial Officer, Controller or Internal Audit Director should head the team, which should consist minimally of adequately trained personnel from accounting, internal audit, information systems, finance, operations, legal and human resources” (McConnell, Banks, 2003).
在萨班斯-奥克斯利法案(Sarbanes-Oxley Act)出台之前，风险管理被认为是一种可选的业务活动，如果公司认为收益大于成本，就可以实施风险管理。公司有责任通过政策和程序来设定期望，以推动员工做正确的事情，沟通以确保整个公司都知道期望，适当的培训以确保员工适应他们的日常工作，能够让员工为达到既定的期望而负责。大多数公司都有几种形式的控制文件，如政策和会计手册、流程图和决策表，以确保适当的授权。公司通常认为，预防而不是发现和纠正重大错报通常更有效。然而，一个运行良好的控制系统应该很好地混合这两种控制方式。“为了确保一个全面和一致的过程，许多审计师建议客户建立项目团队，直接向首席执行官或首席财务官报告;首席财务官，财务总监或内部审计主任应该领导这个团队，这个团队应该由最低限度的受过充分培训的人员，从会计，内部审计，信息系统，财务，运营，法律和人力资源”(McConnell, Banks, 2003)。
The auditor’s assessment and management’s assertion should be kept separate and should not be based upon each other to ensure that the audit is objective. Auditors may help to gather or prepare information, but management is responsible for documenting controls. Auditors may also help clients evaluate controls effectively. Management must accept responsibility for the effectiveness of its internal controls, support this evaluation with sufficient evidence and present a written assertion about the effectiveness to be included with the auditor’s findings report as a representation letter or as a separate report to accompany the auditor’s report. Management must also document antifraud programs and controls over significant non-routine and non-systematic transactions, as well as, controls over the period-end financial reporting process. Management’s failure to allow the auditor enough time to properly assess any changes that have been made in the control process could lead to a negative opinion being listed in the auditor’s report. “Management has the responsibility to catch their own frauds, and if they don’t catch themselves they are culpable because they didn’t catch themselves” (Linsley, 2003).
Many companies have complained about that the extraordinary requirements of Sarbanes-Oxley involving documentation and testing of internal controls. Prior to Sarbanes-Oxley, documentation was typically not extensive and neither the company nor the auditor was required to test controls. With the implementation of Sarbanes-Oxley many companies were forced to put into place new controls, provide a narrative about all controls, indicate in written form anytime a control is performed and then test whether the controls are working. However, Sarbanes-Oxley was enacted to reduce fraud and audit failures related to fraud and directly affects three audit performance measures: expected fraud, audit risk, and expected undetected fraud. Expected fraud is the amount of fraud multiplied by the probability that the manager is dishonest. Audit risk is the probability that a material misstatement occurs and is not detected by the audit process. Expected undetected fraud is the amount of fraud committed in balance multiplied by audit risk. For the same reason that expected fraud decreases, audit risk increases. Sarbanes-Oxley affects the amount of expected undetected fraud only if there is a corresponding increase in the auditor’s liability parameter. If the auditor’s liability increases under Sarbanes-Oxley, the probability of undetected fraud goes up while the amount of fraud goes down at a greater rate.
UKthesis provides an online writing service for all types of academic writing. Check out some of them and don't hesitate to place your order.
How to write a descriptive essay？If your college professor e...
代写essay专区提供代写essay价格信息,MBA Essay范文,MBA Essay代写,申请大学essay,MBA...
How to write a narrative essay outline？When writing a narrat...
How to start an informative essay？As the name suggests, inf...