Strengthening Corporate Accountability and Responsibility
with Sarbanes-Oxley Act and COSO
Enron, Arthur Andersen, WorldCom. What does these companies and others have in common? They involved audit and corporate governance failures, resulting in the erosion of public confidence. Because of these high-profile corporate and accounting scandals, Congress passed the Public Company Accounting Reform and Investor Protection Act, commonly known as the Sarbanes Oxley Act of 2002 (SOX). SOX mandated reforms to improve financial disclosures from corporations and to prevent accounting fraud.
SOX applies to all public companies in the United States and international companies that have ...view middle of the document...
The Board’s duties include registering, inspecting, and investigating public accounting firms, establish and/or adopt auditing and ethics standards, and enforce compliance with the provisions of SOX, professional standards and securities law.
Section 302 of SOX outlines strict rules to ensure accurate financial disclosures. It requires that senior management certify to the accuracy of the reported financial statements. The signing officers certifies to the following: (1) “reviewed the report;” (2) “the report does not contain any untrue statement of a material fact or omit to state a material fact…;” (3) “the financial statements…fairly present…the financial condition and results of operations;” (4) “responsible for establishing and maintaining internal controls;” and (5) have disclosed all deficiencies in the design or operation and any fraud of internal controls.
Section 404 requires that management and auditors report on the adequacy of the company’s internal control, which can get expensive. Pursuant to Section 404,
management is responsible “for establishing and maintaining an adequate internal control structure and procedures for financial reporting” and assessing “the effectiveness of the internal control structure and procedures.” Consequently, companies can adopt an internal control framework such as in COSO.
COSO, officially named the Committee of Sponsoring Organizations of the Treadway Commission, was organized before the passage of SOX. Its purpose is to provide thought leadership through the development of frameworks to improve corporate governance and reduce fraud. COSO established guidance on internal control, among enterprise risk management and fraud deterrence, for executives to better control the company and help ensure that the company’s objectives are achieved.
The COSO framework contains five control components: control environment, risk assessment, control activities, information and communication, and monitoring. These components must be present to have an effective internal control.
Source: COSO Internal Control-Integrated Framework
The control environment is the tone of the top and establishes the general atmosphere of the company. The control environment includes: integrity and ethical values; commitment to competence; independent oversight by a board of directors or by an audit committee; management's philosophy and operating style; an organizational structure with competent and trustworthy employees; the assignment of authority and responsibility; human resource policies and procedures; and external influences. “An effective control environment is an environment where competent people understand their responsibilities, the limits to their authority, and are knowledgeable, mindful, and committed to doing what is right and doing it the right way.”