Sarbanes-Oxley Act & Internal Control
What does the SO Act require companies to do?
-Requires companies to maintain effective internal controls over the recording of transactions and the preparing of financial statements. -Requires companies and their independent accountants to report on the effectiveness of the company's internal controls. -Reports are required to be filled with the company's annual 10-K report with the Securities and Exchange Commission.
What are some control procedures?
1. Competent personnel, rotating duties, and mandatory vacations 2. Separating responsibilities for related operations 3. Separating operations, custody of assets, and accounting 4. Proofs and security measures
What are the five elements of internal control?
1. Control environment 2. Risk assessment 3. Control procedures 4. Monitoring 5. Information and Communication
What three factors influence a company's control environment?
1. Management's philosophy and operating style 2. The company's organizational structure 3. The company's personal policies
What is a company's "organizational structure"?
A company's organizational structure is the framework for planning and controlling operations.
What is a company's "personnel policies"?
A company's personnel policies involve the hiring, training, evaluation, compensation, promotion of employees, job descriptions, employee codes of ethics. and conflict-of-interest policies.
What risks might a business have?
All businesses face risks such as changes in customer requirements, competitive threats, regulatory changes, and changes in economic factors.
What companies does the SO Act apply to?
Applies only to companies whose stock is traded on public exchanges.
What can internal control prevent?
Can prevent theft, fraud, misuse, or misplacement.
What are "cost-benefit considerations"?
Cost-benefit considerations recognize that the cost of internal controls should not exceed their benefits. For example, a store might lose customers if they searched their bags before they leave but they can buy and set up cameras that would "prosecute all shoplifters."
What is employee fraud?
Employee fraud is the intentional act of deceiving an employer for personal gain. (Can range from minor overstating of a travel expense report to stealing millions of dollars.)
How does employee fraud affect the accuracy of business information?
Employees stealing from a business often adjust the accounting records in order to hide their fraud and therefore, the accounting records are inaccurate.
When are evaluations often performed?
Evaluations are often performed when there are major changes in strategy, senior management, business structure, or operations.
What do external auditors do?
External auditors also evaluate, similar to internal auditors, and report on internal control as part of their annual financial statement audit.
What did SO Act highlight?
Highlighted the importance of assessing the financial controls and reporting of all companies.
How is information used in internal control?
Information about the control environment, risk assessment, control procedures, and monitoring is used by management for guiding operations and ensuring compliance with reporting, legal, and regulatory requirements. Also uses external information to assess events and conditions that impact decision making and external reporting.
Who set forth the five elements of internal control?
Integrated Framework
What is the standard framework used as the basis for discussing internal controls? (How companies design, analyze, and evaluate internal control.)
Internal Control--Integrated Framework
What do internal auditors do?
Internal auditors usually perform evaluations and are also responsible for day-to-day monitoring of controls.
Why is internal control never guaranteed?
Internal control is never guaranteed due to the human element of controls and cost-benefit considerations.
What should management do about risks?
Management should identify the risks, analyze their significance, asses their likelihood of occurring, and take any necessary actions to minimize them.
What is "Management's philosophy and operating style"?
Management's philosophy and operating style relates to whether or not management emphasizes the importance of internal control. An emphasis on controls and adherence to control policies creates an effective control environment.
What does monitoring the internal control system do?
Monitoring the internal control system is used to locate weaknesses and improve controls. Monitoring often includes observing employee behavior and the accounting system for indicators of control problems.
Why should documents be prenumbered, accounted for, and safeguarded?
Prenumbering of documents helps prevent transactions from being recorded more than once or not at all. Also, accounting for and safeguarding prenumbered documents helps prevent fraudulent transactions from being recorded.
What is control environment?
The control environment is the overall attitude of management and employees about the importance of controls.
What is the "human element"?
The human element recognizes that controls are applied and used by humans. It says that errors can be caused by fatigue, carelessness, confusion, or misjudgment.
What is Internal Control?
The policies and procedures used to safeguard assets, ensure accurate business information, and ensure compliance with laws and regulations.
What is the purpose of the SO Act?
The purpose of the Sarbanes-Oxley is to maintain public confidence and trust in the financial reporting of companies.
Why is control important in business?
They deter fraud and prevent misleading financial statements.
Why should the responsibility for related operations be separated between two or more people?
This decreases the possibility of errors and fraud.
What are the objectives of internal control?
To provide reasonable assurance that: 1. Assets are safeguarded and used for business purposes. 2. Business information is accurate. 3. Employees and managers comply with laws and regulations.
