Compliance With Sarbanes Oxley Act for Companies in United States - Essay Example

1. Project ‘Compliance with Sarbanes Oxley Act for companies in United s’ 2. Topic Overview The proposed dissertation will take a closer look at the Sarbanes Oxley Act (SOX) of 2002 that was passed in United States following Enron, Tyco and other corporate scandals. I will perform a detailed analytical study of the Act itself and its implementation in public limited and listed companies in United States of America (US). The research will be conducted to analyse the requirements of the Act in detail along with the key issues that US companies are facing with regard to implementation of the Act to comply with its terms and clauses. 3. Research Objectives The key research question is to analyse the clauses of SOX act and its implementation problems at US companies. This will be carried out to identify if there are practical limitations to implement the Act as claimed by several US companies. The detailed objectives of the research are stated below: To conduct an analysis of accounting scenario that led to the Sarbanes Oxley Act and to comment on the necessity of the Act itself To perform an evaluation of various clauses and terms of the SOX Act to develop an understanding of its requirements To carry out a survey to obtain views of various companies who are required to comply with SOX Act in order to acquire the practical issues of implementing the Act To undertake a review analysis to point out the limitations of the Act, or the lack of commitment by companies in US towards implementing SOX Act’s requirements. In addition, there might be some realistic concerns that might be surfaces as a result of surveys 4. Literature Review 4.1 Introduction Accounting is a key area in every organization’s business. Correct recording and representation of material financial and operational facts about a company is critical for stakeholders to measure their interests into the company. Several industry standards are available for correct recording, calculation, and representation of this information. In addition, almost every country makes or adopts an accounting and internal control system which is mandatory for all the companies to follow. As time passes by, needs and requirements of new and comprehensive systems emerge that necessitates changes in the way traditional accounting and control systems operate. 4.2 Background The corporate world in United States took severe setbacks when scandals were surfaced about many large and multinational organizations in late 20th century. The companies like Enron, Tyco, and WorldCom were all victims of incorrect, ambiguous, unethical and inappropriate practices which remained hidden for a long period before they were finally identified and brought to the attention of the world. This sequence of events negatively affected shareholders’ and general public’s trust over the reliability and accuracy of financial information as published by companies. A general feeling was that of distrust, disbelieve, doubt and annoyance with the audit and internal controls systems of organizations. This state of affairs triggered a requirement for a regulation that could establish legal requirements for companies to ensure that their systems are controlled and the information they publish conform to the actual status, and is not altered, modified or changed with an intention to deceive anyone. 4.3 The Sarbanes Oxley Act The Sarbanes Oxley Act (also known as known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX or Sarbox (Wikipedia.org, 2007), was implemented in 2002 to regain public’s trust in the accounting and reporting practices of companies in US, to reinforce investment confidence and protect investors by improving the accuracy and reliability of corporate information with regard to finance, operations and information systems. 4.4 Key Sections of the Act The act is divided into multiple sections; eleven in all. A brief description of the sub-sections of the act is provided below: 4.4.1 Establishment of Public Company Accounting Oversight Board (PCAOB). A Public Company Accounting Oversight Board (PCAOB) was established as a result of the passage of the act, to ensure that interests of the investors in public companies are secured, and the audit reports are developed and represent true and fair opinion on the affairs of the company (FindLaw.com, 2002). The key functions and duties of PCAOB as documented in the law are as follow: Register public accounting firms Establish or adopt auditing, quality control, ethics, independence, and other standards Conduct inspection of public companies 4.4.2 Auditor Independence. The ‘independence’ of the auditor is critical for performing any audit related activity for any client. ISACA (Information Systems Audit and Controls Association) (2006) requires auditors to be independent of auditee in both attitude and appearance (professional independence) and the entire audit function to be independent of the area or activity being reviewed to permit objective completion of the audit assignment. The SOX act requires the auditors to be independent. The law states that auditors should not have any operational and/or decision making role for the activity which they are auditing. 4.4.3 Corporate Responsibility. The act requires public companies to certify in their financial reports that a senior manager has reviewed the report and that the report does not have material misstatements. As per section 302 of the act, the senior management is responsible to develop and implement system of internal controls, and compliance systems. The act requires that the corporate financial statements should have following certifications: The signing officers have reviewed the report The report does not contain material misstatement or material omission or is misleading The financial statements and information fairly represent the factual position and health of the company The signing officers are responsible for internal controls and have reviewed internal controls in previous 90 days Significant changes to internal control environment The report should have a list of all deficiencies in the internal controls and information on any fraud involving employees 4.4.4 Enhanced Financial Disclosure. In order to prevent against the risks arising our of non-disclosure and/ or limited disclosure of information by companies like Tyco and Enron, SOX requires the companies to strictly follow Generally Accepted Accounting Principles (GAAP), and adequately disclose off balance sheet and hidden information of material value that can affect shareholders’ money and investment decisions. The section 404 requires a management assessment of internal controls, evaluation and reporting of internal control systems to top management, and to the shareholders through financial reports of the company. 4.5 Issues with Sarbanes Oxley Act Implementation and Remedies Although the act was developed to safeguard interests of the stakeholders in public companies, there has been a constant debate about the practicality of implementation of this act. Some believe the legislation was necessary and useful, others believe it does more economic damage than it prevents. This is because there were no standards and guidelines on how to implement different sections, how to ensure that internal control systems is free from material weaknesses, and that financial statements are accurately entered, analyzed and provide reliable evidence of fair and true presentation of affairs of the company. To resolve these issues, several new standards and guidelines have been developed as a result of SOX implementation. In addition, the existing guidelines were customized to adopt the new requirements of SOX act. These include COSO (Committee of Sponsoring Organizations), IT Control Objectives for Sarbanes Oxley by ISACA, (COBIT) Control Objectives for IT and others. A brief introduction to these is provided. 4.5.1 COSO. COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting (COSO.org, n.d.). COSO provides an integrated enterprise risk management framework that is used by many organizations to carry out effective risk assessment and management (COSO 2004, v); in order to comply with section 404 (management assessment of internal controls) requirements of SOX act. The COSO ERM (Enterprise Risk Management) framework categorizes the entire operations of an organization into five categories, namely Control Environment, Control Activities, Risk Assessment, Monitoring, and Information and Communication. The PCAOB also recommends using COSO to perform audit of a company in order to ensure that it conforms to the requirements of SOX act. 4.5.2 COBIT. In the contemporary world, most of the companies use computerized information systems like Enterprise Resource Planning (ERP) software for book keeping, financial transactions and generating financial statements. This requires a risk assessment of the software package itself and the external controls environment in which the system operates. COBIT has emerged as a benchmark standard for IT related risk assessment and controls. It is used by many auditors as a guide to perform audit of IT based financial and operational controls. COBIT has four domains which are further divided into 34 control objectives that collectively assign a rating to the organization, which shows the level of compliance with COBIT. These four domains are Plan and Organize, Acquire and Implement, Deliver and Support, and Monitoring and Evaluation. These four domains provide guidance to strengthen the internal controls framework of organizations. 4.6 SOX and Accounting The introduction and enactment of SOX act has brought about a revolution in accounting processes around the globe. The accountants are now have to be ever more careful with their record keeping, auditors have to be vigilant in carrying out there duties and top management must ensure an optimally controlled environment which limits the chances of an accounting or financial misappropriation. In addition, the demand for SOX consultants has increased tremendously. This has caused the market to shift focus to SOX based consulting work. This is one of the reasons as to why the companies find it costly and difficult to get their systems in compliance with the requirements of Sarbanes Oxley act. Several accounting, audit and consulting firms operate in market claiming to have solutions for organizations’ problems in implementing internal controls to comply with the requirements of the act. 5. Research Methodology and Data Needs In addition to studying the Sarbanes Oxley Act and to carry out the proposed research, data and information will be obtained using ‘Survey’ as the research method. Quantitative research will be carried out to obtain numbers and statistics of organisations that have implemented SOX requirements and have complied with the Act. In addition, qualitative research will be carried out to identify patterns of responses that will be received from company’s executives who are responsible for implementing SOX requirements. This will provide a comprehensive picture of the issues and problems that organisations face while complying with SOX Act and the steps that they have taken to implement it. In addition, this will provide an insight about the reasons why some of the organisations comply with SOX while others are not so successful. Once all information and data is received through structured questionnaires, interviews and surveys, the analysis will be carried out by grouping the data into size and number of organisations, industry and area in which these operate and other factors. This would enable me to identify the required information to answer my research question. In addition, this might enable me to recommend some strategies that US companies can adopt in order to comply with Sarbanes Oxley Act and its requirements. 6. Chapter Plan The proposed chapter plan for the dissertation is provided below: 1. Introduction a. Introduction b. Presenting problem definition c. Real world target d. Personal theory e. Research question and discussion f. Project aims and objectives 2. Literature Research a. Introduction b. Background c. Sarbanes Oxley Act d. SOX enactment e. Key terms and clauses of the Act f. Compliance requirements for US companies g. Problems faced by companies 3. Research Design a. Research method selection and rationale b. Primary data collection process c. Processing of primary data 4. Results Discussion and Presentation a. Presentation of survey results and statistics b. Discussion of the salient findings 5. Evaluation a. Evaluation of project outcome b. Evaluation of Research Methods used 6. Conclusions a. Generalisation on the research outcome b. Lessons learnt c. The way forward 7. References and Bibliography 8. Appendices a. Project schedule b. Questionnaires c. Surveys d. Interview minutes e. Datasheets / spreadsheets References COSO (2004). Enterprise Risk Management Integrated Framework: Executive Summary. Committee of Sponsoring Organisations. COSO (n.d.). The Committee of Sponsoring Organizations of the Tradeway Commission. Retrieved May 13, 2007 from the World Wide Web: http://www.coso.org/ FindLaw.com. (2004). One Hundred Seventh Congress of the United States of America. Retrieved May 13, 2007 from the World Wide Web: http://fl1.findlaw.com/news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf ISACA. (2006). CISA Review Manual 2006. Information Systems Audit and Control Association. Wikipedia.org (2007). Sarbanes Oxley Act. Wikipedia: the Free Encyclopedia. Retrieved May 13, 2007 from the World Wide Web: http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act Read More