Corporate Compliance Report
Essay by 24 • April 17, 2011 • 1,517 Words (7 Pages) • 1,430 Views
Running head: Corporate Compliance Report
Introduction
Technological advancements, an increase in the number of business failures and the widely publicized corporate scandals which have rocked the nation's confidence have forced companies to place more emphasis on internal control systems and audits. Section 404 of the Sarbanes Oxley Act requires public companies to include a report about the effectiveness of controls in their annual form 10-k. Internal controls consist of procedures used by management to ensure accuracy and reliability in performing certain business functions such as financial reporting. Furthermore, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as "a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives" (COSO, 2006).
The context of this paper will expound upon the importance of the Sarbanes-Oxley Act, discuss the importance of internal controls, identify effective internal control techniques, and conclude with implementing internal controls and ehics.
Sarbanes Oxley Act
The Sarbanes Oxley Act was enacted in 2002 in response to the corporate scandals which rocked the nation's confidence. The intention of SOX is to help restore the confidence of investors by enhancing corporate governance, improving the oversight of auditors, focusing the attention of companies and auditors on internal controls, and strengthening the penalties for noncompliance (Deloitte, 2004).
Section 302 and 404 emphasize the importance of internal controls and mandate disclosures related to internal control effectiveness and changes. Section 302 of Sarbarnes Oxley "mandates a set of internal procedures designed to ensure accurate financial disclosure" (Wikipedia, 2007) and company's officers are required to certify they are responsible for establishing and maintaining internal controls. Section 404 of Sarbanes Oxley requires auditors to perform an audit of financial statements as well as report on the effectiveness of internal controls. According to this section, internal controls should convey management responsibilities to establish and maintain adequate internal control over financial reporting and the framework used as criteria to evaluate the effectiveness of the company's internal control.
To address internal control issues, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued control guidelines called the Internal Control-Integrated Framework in September of 1992. COSO helps to emphasize the understanding of a good internal control system and provides guidelines for establishing criteria to assess the adequacy and effectiveness of a companies internal control system.
Importance of Internal Controls
Effective internal controls are a critical component to the foundation of a safe, sound and successful organization and function at different levels of effectiveness. An effective internal control system is one which provides reasonable protection of assets, reliability of financial information, and compliance with laws and regulations. Additionally, a properly designed and consistently enforced internal control system helps the organization not only achieve their goals and mission, but also helps the organization promote more effective operations, safeguards resources and reduces the possibility of asset loss.
The three primary objectives of an internal control system are to ensure 1) efficient and effective operations, 2) accurate financial reporting, and 3) compliance with laws and regulations" (Applegate, 1999). Internal control programs can help management measure performance, make decisions, evaluate progress, and limit risks. However, effective and well designed internal control systems are still subject to execution risk. Meaning, human beings still must execute most control systems and even with trained personnel with the best of intentions can become distracted, careless, tired, or confused. Therefore, employees at all levels of an organization have a responsibility for maintaining internal control compliance.
Effective Internal Control Techniques
Internal control techniques are the mechanisms by which control objectives are achieved and must be monitored regularly to assess the quality of the system's performance over time. The internal control process consists of the following five interrelated components:
Ð'* Control environment refers to the "atmosphere in which people conduct their activities and carry out their control responsibilities" (University of California, 2007). Control environment consists of a number of factors including the integrity and ethical values of employees; management's philosophy and standards of behavior; organizational structure; the way management assigns authority and responsibility; human resource policies and procedures; the attention and direction given by the board of directors; and audit committee. The control environment provides the basis for assessing the effectiveness of controls and the ability to provide reliable information on financial statements and is the foundation for the other components.
Ð'* Risk assessment helps management to be in control and involves identifying and investigating internal and external risks. Being in control requires the ability to identify, prioritize and react in a timely manner to events and assess risks to the organizations operational, financial and compliance objectives.
Ð'* Control activities refer to the policies and procedures which help ensure the necessary actions are taken to achieve the organizations objectives, address risks and carry out management directives. Control activities are divided into three categories financial information controls, operational controls and compliance controls. Financial controls are designed to ensure reliability of financial statements. Operational controls activities are gear towards directing managing the company's operations. Compliance control is designed to make sure that company actions are in accordance with the law and ethical principles. These controls can be preventive or detective. Preventive controls are defined as being proactive and include written policies and procedures, approvals, limits to authority and supporting documentation. Detective controls do not prevent undesirable acts but help detect them and include reconciliations, verifications, and reviews.
Ð'* Information and communication refers to the identification, capture and communication of pertinent
...
...