本文是留學會計專業的Essay代寫范例，題目是“The Sarbanes-Oxley Act: Evaluation of Section 103（薩班斯-奧克斯利法案:對第103條的評估）”，薩班斯-奧克斯利法案是對內部和外部審計師、高管和董事會的重大改變之一。內部審計員對其審計委員會和外部審計員負有更大的責任。內部審計可以創建道德規范程序，執行適當的內部控制，以評估風險，并有助于發現和預防欺詐。審計師不能接受管理層對公司內部控制有效性得出結論的責任。管理層不能根據審計人員的測試結果來斷言設計和操作的有效性。最終，審計師和管理層共同工作，但獨立確定內部控制過程是準確平衡的。該公司確保更好的控制程序可以減少欺詐行為。
The Sarbanes-Oxley Act was one of major change for internal and external auditors, executives and boards of directors. Internal auditors have greater responsibilities to their audit committees and external auditors. Internal auditing can create ethics programs and perform proper internal control to assess risk as well as be instrumental in detecting and preventing fraud. Auditors cannot accept management’s responsibility to reach conclusions on the effectiveness of the company’s internal controls. Management cannot base its assertions about design and operating effectiveness on the results of the auditor’s tests. Ultimately, auditors and management work together but independently to determine the internal controls process is accurately balanced. The company ensuring better control processes could reduce fraud.
Auditing, Quality Control, and Independence
Standards and Rules
Business fraud is a major concern in the accounting profession and in the business community. The current audit process emphasizes the independent auditor’s responsibility for detecting and deterring fraud. Executives of public companies are subject to new fraud prevention measures enacted under the Sarbanes-Oxley Act of 2002 and administered by the Securities and Exchange Commission (SEC). Congress enacted the Sarbanes-Oxley Act of 2002 in response to highly publicized business failures, allegations of corporate fraud and financial statements restatements. “It is the most extensive overhaul of securities law since the 1930’s, and was the result of corporate and accounting scandals, including, Enron, Worldcom, Tyco, Xerox, Sunbeam, Adelphia and Arthur Anderson” (Linsley, 2003). If management has the ability to manipulate the financials in order to affect stock prices, then opportunities give them the incentive to do so. Large grants of stock options give large incentives to management and the risk of manipulation increases. The interest of management in their own personal wealth was more intense and lead to manipulating the financials to ensure their own profit was maximized.
Cynthia Glassman, Commissioner of the Security and Exchange Commission, in a speech given in Washington D.C., on September 27, 2002 specifically includes the requirement that the CEO and the Board put in place procedures to “ensure that they hear bad news,” and “not to create an environment in which senior officials are afraid to discuss or act on potentially serious misconduct that comes to their attention.” (Linsley, 2003).
The law changes the behavior of those in charge to reduce risk exposure in a number of ways. One of the most important ways is the risk that is created directly by their behavior; basically, the management, the board, and the auditors could themselves be a major source of the risk.
There is no doubt thatthe Sarbanes-Oxley Act was one of the major changes for internal and external auditors as well as the board of directors and executives of companies. The corporate world is dependent on high-quality and high-functioning Chief Financial Officers; The reports that Chief Financial Officers are now required to prepare and submit will take time and effort and a fair amount of cost. A company that has proper internal controls in place will ultimately say that it is worth every penny due to the rules and regulations that are now required for the Sarbanes-Oxley Act. Internal auditors are in the best position to alert senior management to potential issues before they become larger problems. Sarbanes-Oxley Act has ensured that the Chief Financial Officer is either more knowledgeable or at the very least wants to be more knowledgeable about the internal controls within the company. If there is a particular control that is not gaining the needed result then a change can be made prior to the end of the year when a negative opinion from an outside auditor could make things worse. Many companies started out by taking a short-term approach to the compliance standards and now are struggling to maintain compliance with the regulations. “Meeting these regulatory requirements is the new reality, but the running of a better business over the long-term should be the objective” (Heffes, 2004).
毫無疑問，薩班斯-奧克斯利法案是公司內部和外部審計師以及董事會和高管的主要變化之一。企業界依賴于高質量、高功能的首席財務官;現在要求首席財務長編寫和提交的報告將花費時間和精力和相當多的費用。一家擁有適當內部控制的公司最終會說，由于薩班斯-奧克斯利法案(Sarbanes-Oxley Act)現在要求的規則和規定，它的每一分錢都是值得的。內部審計員是在潛在問題變成更大的問題之前提醒高級管理層的最佳人選。薩班斯-奧克斯利法案確保了首席財務官對公司內部控制的了解或至少希望了解得更多。如果有一個特定的控制沒有獲得所需的結果，那么可以在年底之前做出改變，因為來自外部審計師的負面意見可能會使事情變得更糟。許多公司開始時采取了遵從性標準的短期方法，現在正努力保持對法規的遵從性?！皾M足這些監管要求是新的現實，但長期經營更好的業務應該是目標”(Heffes, 2004)。
Another issue that Chief Financial Officers are tasked with is achieving lean operations through aggressive cost-cutting, which sometimes means that cutting costs may jeopardize compliance or cause a material breakdown in controls and can result in the company’s competitiveness being diminished. One approach to this issue is to identify the most effective and efficient controls that are needed to achieve compliance. Risk-based considerations are used to drive efficiently and realizes that not all accounts, transaction and risks are equally important. Another approach would be a balanced control design and basically treat each control as an equal regardless of the risk consideration. However, both of these approaches are a continuous process and should be integrated into the regular routines of the business.
The Sarbanes-Oxley internal control provisions impose significant responsibilities on both the management and the auditor. Management will be forced to take ownership of the process of identifying, documenting, and evaluating significant controls. Management will also need to determine the areas of the company that need to be evaluated. Auditors providing an opinion on the effectiveness of the company’s internal controls is a significant responsibility. Both management and auditors recognize that the internal control process will be valuable for several reasons. The Sarbanes-Oxley Act places legal restraints on certain behaviors, makes responsibilities more obvious, and requires that certain information be made public. Some of this affects external auditors; however, the majority affects both internal and external auditors. Thus, auditors have been drawn into a greater risk management role as a result of Sarbanes-Oxley. Basically, the management designs and implements the system of internal controls and the auditor review and make suggestions for improving the controls and process. Strong internal controls make fraud difficult to commit and make fraud discovery likely. However, managers who are intent on committing fraud have an incentive to design weaknesses into the system of controls because the benefits to fraud are more enticing to dishonest managers when the system of controls is weak. The possibility of management override potentially alters the auditor’s testing and evaluation because the evaluation of internal controls provide information about the manager’s incentives and opportunity to commit fraud because a weaker system of internal control makes fraud less difficult to commit.
Certified Public Accountants who audit public companies, usually as an external auditor, jobs have been significantly impacted due to the Sarbanes-Oxley Act. There are now specific rules for key proposals on responsibilities to test controls and evaluate internal control deficiencies and the extent that auditors can be involved. Other areas of concern for external auditors include their role to detect fraud, the retention of records, registering with the PCAOB, audit partner rotation to ensure objectiveness, and the restrictions on non-audit services that the auditor can provide to the company. One of the goals of Sarbanes-Oxley is to remove the conflict of interest where revenue from non-audit services may provide an incentive to give unjustified assertions for fear of losing the revenue. According to Heffes and Gimpert, internal auditors should be able to define and identify errors, omissions and/or process failures before they get out of hand and no area of the business should be exempt from some sort of independent assessment; while, external auditors are looking at materiality and processes that are financial statement-related (2006). Internal auditors are mostly concerned with operational activities which are the real risk to the company; while, external auditors are more concerned with financial risks which are also important to a company. Internal audit departments vary in size from five to 10 people for a Fortune 500 company to possibly 50 internal auditors at a Fortune 100 company.
The lack of sufficient internal controls can cause companies to be exposed to fraud, error and even misappropriation of company funds. These issues could potentially represent a substantial cost to the company. Internal auditors should use their knowledge to help put into place the kinds of policies and procedures that are going to drive employees to the right kinds of behaviors. Oftentimes the internal auditors assist in training about risk assessment and ethical behavior leading to getting involved and helping to structure the training. However, the internal auditor is an independent, objective assessor of the results, activities and processes of the company and should be an excellent source of information to the audit committee and management. As the audit committee and management are required to take more responsibility and to provide more documentation with limited time, they will want more assurance from the internal auditors that their statements are free of misstatements and that internal controls are suitable. The auditor must attest to management’s assessment of the effectiveness of a company’s internal controls using standards that the Public Company Accounting Oversight Board (PCAOB) issued. The auditor’s assessment and management’s assertion should be kept separate and should not be based upon each other to ensure that the audit is objective. Auditors must determine whether the control is properly designed to prevent or detect material misstatements on a timely basis, see how the control was applied and who applied it, and form an opinion of the effectiveness of the company’s internal controls. The auditor may consider the results of management’s tests of controls but should never rely on them solely. Third parties and internal auditors should adhere to this method as well.
The auditor incurs costs for performing audit work and could also face potential litigation and reputation harm if fraud occurs and is not detected during the audit process. The auditor chooses the amount of control tests and the amount of substantive tests to minimize total costs, which include the cost to perform the audit work and the expected cost of an audit failure. The costs of performing audit work are the costs of internal control testing and the substantive testing. If the manager commits a fraud that goes undetected by the auditor, the auditor suffers a penalty comparable to the amount of the fraud which could be substantial.
The IRS revised Schedule M-3 form for C corporations to increase the transparency between financial statement income and tax return income and ultimately to help the IRS identify tax returns for examination. This was the beginning of the tax form revisions-the IRS has now revised similar forms for partnerships, S corporations and other tax payers that do not use Form 1120. The majority of tax payers are now facing similar reporting burdens to ensure that the company meets compliance standards set forth from the Sarbanes-Oxley Act.
According to the article in the Journal of Accountancy, cycle rotation was used as a way to test controls prior to Sarbanes-Oxley Act; this involved testing controls in several of a company’s transaction cycles while doing a sample transaction to confirm the absence of control changes in the remaining cycles (2003). Now auditors must report on the effect of internal control over financial reporting. Auditors will need to obtain more evidence about the effectiveness of controls and perform substantive procedures due to the limitations of internal controls and risk of management override.
Regardless of the reason, numerous or repeated deficits may lead to a significant issue; although, individually insignificant, numerous control deficits having a common feature or aspect may also lead to significant issue. A large misstatement that the auditor finds, but the company does not find, usually is a material weakness in controls. A material weakness prevents an unqualified opinion that controls are effective. Inadequate company documentation of controls could result in a material weakness. According to the article in Practical Accountant, the Public Company Accounting Oversight Board’s (PCAOB) monitoring revealed that some audits performed under certain circumstances were not as effective or efficient as intended, and as the board expects they can be in the future given the benefits of experience, adequate time, and resources (2006).
According to Epps and Messier, engagement quality review is an important part of the audit process that is designed to provide quality control for audit engagements and to serve as an evaluation of the performance of the audit engagement partner and engagement team (2007). The Securities and Exchange Commission (SEC) has stated frustration with the performance of engagement quality reviewers on audit engagements. The SEC has increased the responsibility level on the engagement quality reviewer where financial statements have been issued with material misstatements.
The importance of engagement quality reviews is identified in Section 103 of the
Sarbanes-Oxley Act of 2002 which mandated that the Public Company Accounting
Oversight Board (PCAOB) develop an auditing standard to address engagement quality
review. The PCAOB noted that inclusion of Section 103 in SOX “signals Congressional
intent that existing requirements for such reviews be evaluated” (PCAOB 2004, 2).
One of the objectives of this research is to determine the consistency of engagement quality partner guidance included in the audit manuals of the major public accounting firms. This analysis will be helpful to the PCAOB and the auditing profession moving forward with developing and auditing standard for engagement quality review. Another objective is to conduct a task analysis of engagement quality reviews in order to develop a series of questions and concerns for future research. Better task descriptions will provide improvement for judgement research and increased understanding of the profession. There are differences between firms in the assignment of engagement auditors, the level of participation of the concurring partner in audit planning, the content and comprehensiveness of the audit, and the level of involvement of the concurring partners during the audit engagement.
In the past, the SEC allows companies to establish their own policies and procedures related to the qualifications of the concurrent reviewers; the nature, extent and timing of the review; and the required documentation to evidence compliance with company policy and procedures for engagement quality reviews. However, now the SEC has established guidance on the responsibilities of the concurring partner as an objective reviewer of the audit engagement. This guidance states that the concurring partner should provide negative assurance to the firm that audit complies with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS). Therefore, the concurring partner serves as a final quality control instrument.
Independence Standards and Rules獨立標準與規則
Prior to the Sarbanes-Oxley Act, risk management was considered to be an optional business activity, which a company could implement if it thought that the benefits outweighed the cost. It is the responsibility of the company to set expectations by policies and procedures that drive people to do the right thing, communicate to ensure that expectations are known throughout the company, proper training to ensure that employees are comfortable with their day-to-day tasks, and being able to hold people accountable for meeting the expectations that have been set forth. Most companies have several forms of controls documentation such as policy and accounting manuals, flowcharts and decision tables to ensure proper authorization. Companies often believe that it is usually more efficient to prevent rather than to detect and correct a material misstatement. However, a well-run control system should have a good mix of both controls. “To ensure a comprehensive and consistent process, many auditors are recommending clients establish project teams reporting directly to the Chief Executive Officer or Chief Financial Officer; The Chief Financial Officer, Controller or Internal Audit Director should head the team, which should consist minimally of adequately trained personnel from accounting, internal audit, information systems, finance, operations, legal and human resources” (McConnell, Banks, 2003).
在薩班斯-奧克斯利法案(Sarbanes-Oxley Act)出臺之前，風險管理被認為是一種可選的業務活動，如果公司認為收益大于成本，就可以實施風險管理。公司有責任通過政策和程序來設定期望，以推動員工做正確的事情，溝通以確保整個公司都知道期望，適當的培訓以確保員工適應他們的日常工作，能夠讓員工為達到既定的期望而負責。大多數公司都有幾種形式的控制文件，如政策和會計手冊、流程圖和決策表，以確保適當的授權。公司通常認為，預防而不是發現和糾正重大錯報通常更有效。然而，一個運行良好的控制系統應該很好地混合這兩種控制方式?！盀榱舜_保一個全面和一致的過程，許多審計師建議客戶建立項目團隊，直接向首席執行官或首席財務官報告;首席財務官，財務總監或內部審計主任應該領導這個團隊，這個團隊應該由最低限度的受過充分培訓的人員，從會計，內部審計，信息系統，財務，運營，法律和人力資源”(McConnell, Banks, 2003)。
The auditor’s assessment and management’s assertion should be kept separate and should not be based upon each other to ensure that the audit is objective. Auditors may help to gather or prepare information, but management is responsible for documenting controls. Auditors may also help clients evaluate controls effectively. Management must accept responsibility for the effectiveness of its internal controls, support this evaluation with sufficient evidence and present a written assertion about the effectiveness to be included with the auditor’s findings report as a representation letter or as a separate report to accompany the auditor’s report. Management must also document antifraud programs and controls over significant non-routine and non-systematic transactions, as well as, controls over the period-end financial reporting process. Management’s failure to allow the auditor enough time to properly assess any changes that have been made in the control process could lead to a negative opinion being listed in the auditor’s report. “Management has the responsibility to catch their own frauds, and if they don’t catch themselves they are culpable because they didn’t catch themselves” (Linsley, 2003).
Many companies have complained about that the extraordinary requirements of Sarbanes-Oxley involving documentation and testing of internal controls. Prior to Sarbanes-Oxley, documentation was typically not extensive and neither the company nor the auditor was required to test controls. With the implementation of Sarbanes-Oxley many companies were forced to put into place new controls, provide a narrative about all controls, indicate in written form anytime a control is performed and then test whether the controls are working. However, Sarbanes-Oxley was enacted to reduce fraud and audit failures related to fraud and directly affects three audit performance measures: expected fraud, audit risk, and expected undetected fraud. Expected fraud is the amount of fraud multiplied by the probability that the manager is dishonest. Audit risk is the probability that a material misstatement occurs and is not detected by the audit process. Expected undetected fraud is the amount of fraud committed in balance multiplied by audit risk. For the same reason that expected fraud decreases, audit risk increases. Sarbanes-Oxley affects the amount of expected undetected fraud only if there is a corresponding increase in the auditor’s liability parameter. If the auditor’s liability increases under Sarbanes-Oxley, the probability of undetected fraud goes up while the amount of fraud goes down at a greater rate.
UKthesis provides an online writing service for all types of academic writing. Check out some of them and don't hesitate to place your order.
?How to format a scholarship essay？Writing has always been o...
How to write a good argumentative essay？An argumentative ess...
?How to start a narrative essay？A robust variety of essay ty...
?How to write a conclusion for an essay？Writing an essay is ...
?How to write a scholarship essay?When you’re applying for a...