Internal Controls and Sox
Essay by review • April 29, 2011 • Research Paper • 2,327 Words (10 Pages) • 1,826 Views
I. Introduction
a. Overview of Paper
This paper will first take a brief look into what internal controls and the Sarbanes Oxley Act are. Then it will proceed to show the relationship, or interrelatedness, of the two. It will then give an International perspective and possible future of the Act, as felt by the author and finally sum up with a brief conclusion of the author's thoughts on the Act as a whole. Afterwards the reader should have a general understanding of the concepts of internal controls and the Sarbanes Oxley Act as well as important factors of them both.
II. Internal Control Systems
a. What is an Internal Control System and What is its Purpose.
Internal control over financial reporting has always been a major area in the governance of an organization, and this importance has been magnified in recent years. Before one is able to understand this importance one must first understand what an internal control is and what it does. An internal control is a series of procedures and policies that have been designed to protect assets, ensure reliable accounting, promote efficient operations, and urge adherence to company policies. (Chiappetta, 262)
Most internal controls can be classified as preventive or detective. Preventive controls are designed to discourage errors or irregularities. An example of a prevenitive control is a computer application which checks validity of the information entered, i.e preventing the entry of an invalid account number. Detective controls, on the other hand, are designed to identify an error or irregularity after it has occurred. A manager reviewing phone bills to detect improper or personal calls that should not be charged to account would be an example of such. There are also corrective controls which designed to prevent the recurrence of errors. They come into effect when improper outcomes occur and are detected. They keep a "spotlight" on the problem until management can solve the problem or correct the defect. Quality circle teams and budget variance reports are examples of corrective controls. (http://www.aucegypt.edu/auc/internalaudit/internalcontrols.htm)
Despite the various categories of controls, internal control systems have their limitations, the biggest of which are human error and human fraud. Human error includes aspects like negligence, fatigue, misjudgment, and confusion while, human fraud deals with the intention to purposely defeat internal controls for personal gain. (http://www.mcgrawhill.ca/college/larson9/olc/olc/graphics/larson9fa_s/ch09/slideshows/sld005.htm)
b. What are the Principles of ICS.
The principles of an Internal Control System include:
* Establishing responsibilities.
* Maintaining adequate records.
* Insuring assets and bond employees.
* Separate recording keeping and custody over assets.
* Dividing responsibility for related transactions.
* Apply technological controls to help reduce processing errors, allow more extensive testing of records and help with the separation of duties.
* Performing regular and independent reviews.
(http://www.mcgrawhill.ca/college/larson9/olc/olc/graphics/larson9fa_s/ch09/slideshows/sld003.htm)
* Qualified Personnel
* Having sound, written procedures for authorizing, recording, and reporting transactions.
(http://www.courts.state.tx.us/pubs/cities_cfm_hbk/internal_control/Basic_Principles.pdf)
c. Strengths and Weaknesses of ICS.
If internal controls are properly in place and effectively used, it is more likely that a firm's financial information will be reliable and accurate. They help to ensure that government regulations are being met and that the organization's policies are followed. Equally important, is that internal controls discourage the theft or misuse of company assets and records. (www.labyrinthine.com/sharedContent/singleFaq.asp?faqid55)
However, it is crucial to remember that, as important as an internal control structure is to an organization, an effective system is not a 100% guarantee that the organization will be successful its operations. Nor is it an absolute assurance to management and the board about the organization's achievement of its finacial objectives, such as achieve a certain profit level. Rather it can only provide reasonable assurance that the methods set out are being properly follwed by making.
Many internal controls can even be circumvented by collusion or by a management override. This basically means that since management designs and implements the internal controls over finance reporting, they can also "override" or bypass these controls. Many financial statement frauds have been executed by an intentional override by senior management of what might otherwise have appeared to be effective internal controls. (http://www.aicpa.org/audcommctr/download/achilles_heel.pdf)
In addition, the design of the internal control system is a function of the resources available, which means that there must be a cost-benefit analysis in the design of the system. (http://www.aicpa.org/audcommctr/toolkitsnpo/Internal_Control.htm) and the funds available to implement it. This is because the cost of implementing a specific control should not exceed the expected benefit of the control. For example, the potentional loss of a computer printer my justify the cost of a door lock but not an alarm system even though the alarm system may be more effective in preventing theft.
III. Sarbanes Oxley Act
a. History
The Sarbanes-Oxley Act, which will henceforth also be reffered as the Act and SOX, was signed into law on 30th July 2002, and introduced highly significant legislative changes to financial practice and corporate governance regulation. It introduced stringent new rules with the stated objective: "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws".
The
...
...