Emerging Auditing Issues

1

Emerging Auditing Issues

By

Companies that comply with all of the internal control provisions in SOX are less likely to issue financial restatements. A November 2009 study published by Audit Analytics found the rate of financial restatements was 46 percent higher for companies that did not comply with all of the SOX internal control provisions. Corporate governance is stronger. Prior to SOX, the process for the selection and assessment of the independent auditor typically was controlled by management. Audit committees now play an essential role in corporate governance framework by overseeing the quality and integrity of company financial statements. (http://www.pcaobus.org/News/Speech/Pages/102912_NASBA.

Assessing the impact of the PCAOB to the accounting profession, given the shift from self-regulation to federally regulated

The passage of SOX 2002 has brought dramatic changes to an already dynamic accounting profession. Sections 101-109 establish the Public Company Accounting Oversight Board (PCAOB) as an independent non-profit body with mandatory power to register public accounting firms that prepare audit reports for issuers; establish, adopt auditing, quality control, ethics, and independence standards for these firms. It prohibits any person or entity not registered as such from participating in the preparation, or issuance of any audit report of a public company. These sections also grant PCAOB the power to adopt standards issued by professional groups like the American Institute of Certified and Public Accountants (AICPA). The PCAOB is ordered under these sections to conduct continuing inspections of public accounting firms to assess their compliance with SOX, PCAOB and SEC laws. PCAOB is authorized to establish fair procedures for investigations and disciplinary actions for public accounting firms and accountants. Under these laws foreign accounting firms auditing U.S. public companies are required to list their securities on American Stock Markets and be subject to the SOX Act. External auditors are also required to check the PCAOB website to be abreast with new rules and regulations.

From 2003, the PCAOB has therefore being meeting its four main statutory obligations of registration, inspection, enforcement, and standard setting for public accounting firms. The Board started with only the four large audit firms (Cohen et, al 2009) and expanded its inspections to cover 99 and 281 audit firms in 2004 and 2005 respectively. It has, as of now, registered over 2300 firms, including foreign firms from 85 jurisdictions, conducted over 1800 inspections in the US and 37 overseas, and established 15 auditing standards (Agrawal & Chadha, 2005). This shows the impact of PCAOB’s regulatory role globally.

Since its inception in earnest in 2003, PCAOB has enhanced the growth and evolution in independent audit regulation with a positive impact on audit quality and protection of investors. Through inspection and other oversight activities, the PCAOB and other regulators have identified and called attention to weaknesses, risks and challenges in the audit profession. The annual and periodic reports of the International Forum of Independent Audit Regulators (IFIAR) continues to draw attention to common inspection findings around the world since 2014. ( https://www.ifiar.org/Members-Inspection-Reports.aspx. ). The PCAOB continues to issue a number of individual and general reports, staff audit practice alerts and other public documents that highlight a range of findings that arise during inspections of registered audit firms. (http://pcaobus.org/Inspections/Pages/PublicReports.aspx). The PCAOB has, in response to the demands of investors and other market participants for improvement in audit practice, revised auditing standards and taken enforcement actions for violations of those standards and related laws and regulations. It is safe to say that the regulatory oversight by the PCAOB has facilitated the much needed improvements in auditor behavior and consequently the integrity of audited financial statements.

Should the PCAOB issue additional regulations regarding the responsibility for corporate officers and auditors of financial statements? What will be the impact on financial statement integrity?

Though several sections of SOX 2002 have increased the responsibilities for corporate officers and auditors of financial statements and greatly enhanced financial reporting and financial statement integrity, with changing times, challenges will come up that might demand the issuing of additional regulations.

Under Section 404, companies were required to establish internal controls and procedures for financial reporting. Effects of compliant costs must be done across different sizes of companies. Small-sized companies will be more negatively impacted as larger companies enjoy economies of scale in auditor fees following increasing audit responsibilities with fixed and variable costs.

Opponents of SOX argue that the cost of implementing SOX far exceeds the benefits. (Jahmani & Dowling, 2008) argue that a 2005 study by the Financial Executives International (FEI) in an attempt to determine the cost of compliance with section 404 shows that large cap firms (those with market capitalization above $750 million) averaged $4.3 million while small cap firms was tagged at $1 million In addition, cumulatively compliance of all publicly companies averaged approximately $7 billion or 1% of their revenue (Koehn & Del Vecchio, 2004). The increasing number of public companies that were privately sold, that relocated to foreign lands and many of such companies relisting on foreign exchanges, especially the London Stock Exchange which has fewer such regulations, attest to growing opposition to SOX compliance costs and loss of investor confidence. It requires both the chief executive and chief financial officer personally attest that they have reviewed the auditors’ report.

Section 302 is another section which identifies actual human beings, holds them responsible and puts them on the spot in the event of material misstatements of financial statements. It therefore requires “Chief Executive Officers (CEOs) and Chief Financial Officers (CFOs) to (i) certify that they have reviewed the quarterly and annual reports their companies have filed with the SEC, and that based on their knowledge the reports do not contain any material misstatements and that the financial statements are fairly presented; (ii) certify that they have personally established and maintained their company’s internal financial controls, designed such controls to ensure that relevant material information is made available to them, and that they have recently evaluated the effectiveness of the internal control system and that they have presented their conclusions about the control’s effectiveness; (iii) must also certify that they have reported to their auditors and audit committees all significant deficiencies and material weaknesses in the controls and any fraud, material or otherwise involving any officers of the company who plays a role in the internal controls and finally (iv) indicate whether or not there have been any changes in the internal controls after its evaluation that could significantly affect the controls.

Critics argue that corporate executive might not have the requisite technical knowledge to design such controls personally. As a result such executive allow sub certification by their subordinates. Will that absorb CEOs and CFOs from liabilities in the event of certification of inaccurate documents? Section 301 has far reaching consequences as it places personal responsibilities on these executives. They cannot pass the buck anymore. It is therefore not strange that HealthSouth’s CFO, Winston Smith chose to resign rather than certify the accuracy of HealthSouth’s financial documents in August 2002 (www.uow.edu). This case exemplifies the impact that section 301 has on companies.

As a human institution, PCAOB definitely needs to review its regulations with the passage of time to evaluate and reduce the cost implications of Section 404 of SOX and the technical demands placed on top corporate officers with its far reaching liabilities on CEOs and CFOs. As the debate continues and with the US Congress reevaluating SOX, attention must focus on US capability to compete globally in terms of relative operational costs of U.S. corporate bodies. Care must however be taken not to lose sight of events that led to SOX enactment. There is thus the need for a breakeven point at which cost of SOX implementation will be equivalent to its benefits.

It must be noted however, that Sections 404 and 302 have greatly enhanced the integrity of financial statements as these regulations puts pressure on identified human beings to ensure compliance of the law.

The impact of SOX regulation on the internal control environment and the level of testing necessary to provide assurance of completeness and accuracy for CEOs to certify the company’s financial statements

The Sarbanes-Oxley, 2002 Law has greatly impacted on the effectiveness of the internal control environment. The Act addresses auditor independence and the relationship between auditors and the public companies they audit. The act requires public companies to assess the effectiveness of their internal control over financial reporting and for their external auditors to report on management’s assessment and the effectiveness of internal controls.

The act also contains provisions intended to make chief executive officers (CEO) and chief financial officers (CFO) more accountable, improve the oversight role of boards of directors and audit committees, and provide whistleblower protection. It makes it far more difficult for a repeat of the pre-2000 corporate scandals. The Act created the Public Company Accounting Oversight Board to police the accounting profession and set auditing standards. It shored up the role of the audit committee, making it independent and responsible for hiring, firing and overseeing external auditors, removing that authority from management. Under Section 404, companies were required to establish internal controls and procedures for financial reporting whilst section 302 mandated that both the chief executive and chief financial officer personally attest that they have reviewed the auditors’ report and that it does not contain any material untrue statements or material omission or anything that could be considered misleading.

Before the enactment of SOX 2002, most CEOs and CFOs had signed their annual and quarterly certifications — which are included in the financial statements filed with the SEC on Form 10-Q as required by Section 302 of Sarbanes-Oxley — without a rigorous examination of internal controls. Now that Section 404 is in force, management should be integrating its quarterly and annual assessment processes. Although management is not required to test all its key controls every quarter, they should perform some degree of testing each quarter to support the quarterly Section 302 certification. At a minimum, the Section 302 certification process should include a consideration of the status of the Section 404 project, the results of testing, the severity of any identified control deficiencies, and management’s corrective action plans.

Assessing how the System Design Life Cycle model would impact the emerging issue.

The PCAOB has reorganized auditing standards to make the audit process more efficient. It has in addition identified several emerging issues during its November 2015 meeting that needs special attention. One such issue is the need to keep auditing standards relevant in light of technological advancement. http://www.weaver.com . An example of technology is the Systems Development Life Cycle (SDLC), a conceptual model that describes the eight stages of an information system project development. These stages are the systems planning stage, systems analysis stage, conceptual design stage, systems selection stage, detailed design, systems implementation, and program systems maintenance stage. SDLC is of immense significance to accountants and auditors because the “quality of accounting information rests directly on the SDLC activities that produce Accounting Information Systems (Hall, J.A., 2011).

In order to provide an expert opinion regarding the fair presentation of the financial statements, the auditor must perform certain audits. The accuracy and integrity of a client’s database and its application programs directly affect its financial data. A materially flawed financial application can corrupt financial data which are then incorrectly reported in the financial statements. The SDLC‘s systems development and maintenance process establish the accuracy of new applications and preserve their integrity of new applications and preserve their integrity throughout the period under review. The auditor’s objective in testing controls over these process is to establish application and thus limit the tests of application controls and substantive testing that needs to be done. (Hall, J.A., 2011). The SDLC, though efficient in meeting a technological emerging need has as an electronic financial reporting system raised issues of privacy and security that should addressed. Security technologies such as firewalls, encryption, intrusion detection and antivirus software should be implemented to mitigate the privacy and security issues (Kranacher, et al. 2010).

Recommend a strategy for dealing with the emerging issue and determine the types of fraud schemes that might go undetected if your recommendations are not implemented.

Strengthening of internal control systems and implementation of a fraud prevention and detection plan is a potentially effective strategy to deal with the emerging issue of enhancing the integrity of financial reporting using appropriate accounting applications.

Compliance with SOX 2002, SEC, and PCAOB regulations will enhance auditor independence, good corporate governance and responsibility, disclosure requirements and enforce penalties for fraud and other violations which will help strengthen internal control systems. A strong internal control system can eliminate such fraud schemes like asset misappropriation, skimming, cash larceny, billing schemes, check tampering, payroll fraud, , and noncash fraud such as theft or misuse of victim organization’s noncash assets. These fraud schemes can however go undetected if the internal control system and fraud prevention and detection plan are not effective and efficient.

References

Agrawal, A, & Chadhia, S. (2005). Corporate governance and accounting scandals. Journal of Law and Economics, 48(2), 371-406

Cohen, J, Krishnamoorty, G., & Wright, A. (2010). Corporate Governance in the Post-Sarbanes-Oxley Era: Auditor’s Experiences. Contemporary Accounting Research, 27(3), 751-786

Financial Executive International, (FEI) 2004, 2006. Section 404 Cost Survey. Retrieved from http://www.financialexecutives.org, 02/25/2016

Hall, J.A., (2011). Information Technology Auditing and Assurance. 3rd Edition. Mason: South-Western Cengage Learning

HealthSouth: The Richard Scrushy Fraud Trial. Retrieved from https://www.uow.edu.au/~bmartin/dissent/documents/health/healthsouth_scr_trial.html . 01/16/2016

International Forum of Independent Auditing Regulators: International Auditing and Assurance Board Meeting Report, Brussels 03/18/2015.(Retrieved from https://www.ifiar.org/Members-Inspection-Reports.aspx 02/27/2016

Jahmani, Y. & Dowling, W.A., (2008). The Impact of Sarbanes-Oxley Act. Journal of Business & Research-October 2008, Vol. 6, number 10.

Koehn, J. & Del Vecchio, S. (2004). Ripple effects of the Sarbanes-Oxley Act, CPA Journal 74(2), 36-40. Retrieved 02/26/2016 from Source Premier Database.

Student Guide to the Sarbanes-Oxley Act: What Business Needs to Know Now that it is Implemented. Mason: South-Western Cengage Learning. Retrieved from https://blackboard.strayer.edu/bbcswebdav/institution/ACC/574/ACC574_StudentGuideToSOX.pdf . 02/24/2016

The Impact of Financial Regulation: Current Policy Issues Impacting the Audit Profession. 03/14/2007. Retrieved from http://pcaobus.org/News/Pages/03142007_OslonCapitalMarketsSummit.aspx. 02/26/2016.

Weaver. (2016). Audit Update: Sneak, Peake into New Standards and Emerging Issues. Retrieved from http://www.weaver.com/blog/audit-update-sneak-peek-new-standards-and-emerging-issues . 02/27/2016.