Friday, May 24, 2019
Accounting Information Systems Research Paper Essay
Abstr bringThe Sarbanes-Oxley Act of 2002 (SOX) was enacted into law in 2002 in the wake of corporation pecuniary reporting scandals involving large publicly held companies. SOX instituted new strict monetary regulations with the intent of improving score practices and protecting investors from integrated misconduct. SOX requires corporate executives to vouch for the truth of pecuniary statements, and to institute and monitor effective midland controls over pecuniary reporting. The cost of implementing an effective congenital control structure atomic number 18 onerous, and SOX inflicts opportunity costs upon an enterprise as executives have become more risk unfavorable payable to fears of incrimination.The Public Company write up Oversight circuit board (PCAOB) was created by SOX to do the accountancy process and dictate independence requirements for auditors and auditing committees. The PCAOB proposed regulations moldiness be pass by the SEC before they are enacted. Since the passage of SOX, the IT department has become critical in designing and implementing the congenital controls in companionship be breeding strategys. The nurture Technology Governance Institute (ITGI) created a framework called Control Objectives for Information and Related Technology (COBIT) to provide guidance for companies to implement and monitor IT governing body. accountancy Information Systems Research PaperThe Sarbanes-Oxley Act of 2002 changed the landscape of corporate fiscal reporting and auditing. In the wake of corporate reporting scandals, Congress decided the account profession was unable to self-regulate, and The Sarbanes-Oxley Act of 2002 was signed into law. The law addresses corporate greed and dishonesty by requiring companies to implement extensive inwrought control procedures to deter craft and hold corporate executives accountable. The Public Company Accounting Oversight Board is the enforcement arm of the legislation, and is under the asce ndance of the SEC to oversee story and auditing processes. Public companies are requiredintegrate internal controls in their invoice information systems to ensure data validity and security. The Sarbanes-Oxley Act of 2002In the aftermath of several corporate financial reporting scandals involving large publicly held companies such as Enron, WorldCom, and Tyco, the United States Congress passed the Sarbanes-Oxley Act of 2002 and enacted it into law on July 30, 2002. The Sarbanes-Oxley Act (SOX) takes its name from its two primary congressional sponsors, Representative Michael Oxley (R-OH) and Senator Paul Sarbanes (D-MD) (Hoffman, 2005, p. 3). SOX instituted new strict financial regulations with the intent of improving accounting practices and protecting investors from corporate misconduct. The law is intended to protect stakeholders from corporate greed, fraud, and lead astray financial reporting. SOX legislation tackles several important concerns including corporate responsibili ty, internal controls, auditor independence, financial disclosures, criminal and fraud liability, conflicts of interest, and corporate tax returns (Moffett and Grant, 2011, p. 3).Under the law, independent auditors and corporate police officers of publicly traded companies must affirm both the accuracy of the financial statements and their supporting processes and data (Hoffman, 2005, p. 3). The law requires corporate officers to vouch for the effectiveness of the federations internal controls and to be honest and transparent in financial reporting. SOX is organized under eleven titles, with the majority of the compliance principles written under sections 302, 401, 404, and 409 (A Guide to the Sarbanes-Oxley Act, 2006). Section 302 requires company officers to certify the truthfulness and completeness of quarterly and annual reports. Additionally, the signing officers are responsible for establishing and maintaining the internal controls, and must have evaluated the effectiveness of the controls within 90 days preceding to certifying the financial statements (Hoffman, 2005, p. 4). Section 401 of SOX requires corporations to issue financial statements that are complete and accurate and include all material off-balance sheet obligations or liabilities (A Guide to the Sarbanes-Oxley Act, 2006).This regulation was instituted to block public corporations from hiding liabilities from investors, and thus artificially inflating stock prices. Section 404 requires public companies to establish internal controls and report annually on their effectiveness over financialreporting. The CFO and CEO are held personally responsible for the internal controls via the requirement to sign a statement certifying the adequacy of the internal control system (Moffett and Grant, 2011, p. 3). Additionally, the companys independent auditor must issue an attestation regarding managements assessment of the internal structure as part of the companys annual report (Bloch, 2003, p. 68). M aterial changes to a companys financial condition or operations must be disclosed to the public in a timely manner under the provisions of Section 409. Rapid disclosure applies to all types of company information i.e. product recalls, personnel changes, or handout of a major customer (Hoffman, 2005, p. 4). Internal ControlsEffective internal controls protect a companys assets, maintain compliance, improve operations, prevent fraud, and promote accuracy in financial reporting. In 1992 the Committee of Sponsoring Organizations of the Treadway Commission (COSO) designed an internal control framework of five components the control environment, risk assessment, control activities, information and communication, and observe (Moffett et al, 2011, p. 3). Companies use this framework to implement internal control systems tailored to their own needs. No internal control system is infallible, however, effective controls provide sane self-assurance company assets are protected and financia l reporting is accurate.Section 404 compliance. Section 404 mandates that Securities and Exchange Commission (SEC) registered companies implement and maintain adequate internal control procedures for financial reporting, and also appropriately assess and report on the internal controls effectiveness (Conway, 2003, p. 19). Company executives and audit committees are expected to take an active role in defining and evaluating the internal control structure and procedures. The COSO internal control framework is widely accepted as the best criteria for evaluation of a companys internal control structure. Documentation of internal control procedures is essential to the evaluation process. Documentation provides evidence that controls have been identified and can be monitored. All pertinent financial statement assertions and each of the five COSO internal control components should be documented. Whendocumentation is lacking or nonexistent, independent auditors exit report either a momen tous deficiency or material weakness in internal control (Conway, 2003, p. 19).Furthermore, documentation provides evidence that management applies wisdom to protecting company assets and instills unity in financial reporting in a way that is pleasing to the Lord, as affirmed in Proverbs 243, By wisdom a melodic phrase firm is built, and through understanding it is established (New International Version). Internal controls should be evaluated to determine whether they are operating effectively and to substantiate managements assertion on the adequacy of the controls. Internal control testing and results should be documented, with deficiencies noted and remediation plans identified (Conway, 2003, p. 19). Upon completion of the evaluation process, management prepares its assertion on the effectiveness of internal control over the financial reporting process. As part of the independent audit, the external auditor will test and evaluate the internal control system, and afterward att est to managements assertion regarding internal controls.Section 404 impact on small business. One of the biggest concerns to small firms is the onerous cost of implementing Section 404 on internal controls. Companies have seen audit fees increase by as much as 30% due to tougher accounting and auditing standards required by SOX (Solomon & Bryan-Low, 2004). In humanitarian to external auditing expenses, the cost of hiring employees to create, implement and monitor Section 404 compliant internal controls can be bear downsome to small businesses.In addition to the financial burden created by SOX compliance, SOX imposes significant opportunity cost on corporations by making executives more risk-adverse by instilling in managers a fear of incrimination (Vakkur, McAfee, & Kipperman, 2010, p. 19). SOX inflicts passing punitive measures on corporate executives to include penalties, incrimination, private litigation, and potential labor market penalties (Ahmed, McAnally, Rasmussen & Weav er, 2010, p. 354). When managers time is consumed with regulatory compliance, they are not focused on new-product discipline or growing the business, resulting in lower profits and reduced marketplace competitiveness. The PCAOBThe Public Company Accounting Oversight Board (PCAOB) was created by the Sarbanes-Oxley Act to oversee the accounting process and dictate independence requirements for auditors and auditing committees (Kim, 2003, p. 236). In order to curb the system of accountants self-regulation, only two of the five members of the PCAOB may be current or former certified public accountants. The PCAOB conducts annual quality inspections of accounting firms that audit more than one hundred companies and triennial inspections of all other accounting firms (Kim, 2003, p. 241). The PCAOB has the authority to conduct special inspections of accounting firms at any time, and can impose sanctions on an accountant or accounting firm if the Board finds unreasonable tribulation to sup ervise any person associated with auditing or quality control standards (Kim, 2003, p. 241). The SEC maintains authority over the PCAOB, and must approve PCAOB proposed regulations in order for them to become effective. PCAOB PronouncementsPronouncements link to accounting information systems. studying Standard No. 12, Identifying and Assessing essay of Material Management, addresses the auditors requirement to understand the companys information system, including colligate business processes, relevant to financial reporting. This includes understanding proceedings that are significant to the financial statements, and the procedures by which these proceeding are initiated, authorized, processed, recorded, and reported. The auditor is to obtain understanding of related accounting records, supporting information, and specific accounts that are used to initiate, authorize, process and record transactions. The auditor should understand how the information system captures events and conditions that are important to the financial statements and how information engineering science affects the companys flow of transactions. Additionally, the auditor should become knowledgeable about(predicate) the companys period end financial reporting process, including general playscript procedures, application of accounting principles, procedures used to process and record journal entries and adjustments, and procedures for preparing financial statements and related disclosures (Auditing Standard No. 12, 2010).Pronouncements related to internal controls. Auditing Standard No. 5, An Audit of Internal Control over Financial Reporting thatis Integrated with an Audit of Financial Statements, establishes requirements and provides direction for audit engagements of managements assessment of the effectiveness of internal control over financial reporting that is part of a financial statement audit. Effective internal control over financial reporting provides reasonable assurance r egarding the reliability of financial reporting and related financial statements. The auditor is required to plan and perform the audit to obtain appropriate evidence about whether material weaknesses exist in the internal control over financial reporting. General standards apply in the audit, including technical proficiency as an auditor, independence, due headmaster care, and professional skepticism.The auditor prepares and signs a report expressing whether the company maintained effective internal control over financial reporting that is dated and issued in federation with the report on the audited financial statements (Auditing Standard No. 5, 2007). Auditing pronouncements. SOX authorized the PCAOB to establish auditing and professional practice standard to be employed by registered public accounting firms. Auditor compliance is mandatory. On an interim basis, the PCAOB has espouse the generally accepted auditing standards as described in the American Institute of Certified Public Accountants Auditing Standards Boards Statement on Auditing Standards No. 95, Generally Accepted Auditing Standards, in existence on April 16, 2003 (Auditing, 2003). Ethics and independence pronouncements. In accordance with Rule 3520, the registered accounting firm and auditors must be independent of the firms audit client throughout the audit and the engagement period.In accordance with Rule 3500T, the registered accounting firm and auditors shall comply with ethics standards as written in AICPAs Code of Professional Conduct Rule 102, and interpretations and rulings as in existence on April 16, 2003 (Ethics & Independence, 2003). Quality control pronouncements. In April 2003 the PCAOB adopted as interim quality control standards the AICPAs Auditing Standards Boards Statements on Quality Control Standards, as in existence on April 16, 2003. The section requires that certified public accounting firms shall have a system of quality control for its accounting and auditing pract ice that ensures go are completely delivered and adequately supervised. Firm personnel are to comply with applicable professional standards and the firms standards of quality (Quality Control, 2003).Attestation pronouncements. In April 2003 the PCAOB adopted as interim attestation standards the AICPAs Auditing Standards Boards Statements on Standards for Attestation Engagements, related interpretations, and statements of position as in existence on April 16, 2003.The practitioner shall have adequate training and proficiency in the attest function and the subject matter. The practitioner shall maintain independence in mental attitude, and exercise due professional care in the engagement. Work shall be adequately planned and supervised, and sufficient evidence shall be obtained to support a reasonable basis for the induction expressed in the report (Attestation, 2003). Future PCAOB pronouncements. The PCAOB is considering including an Auditors Discussion and Analysis (AD&A) with an auditors report. The AD&A could include information related to the audit, including audit risks, audit procedures and results. It could also include discussion related to the auditors views of managements judgments and estimates, accounting policies and practices, and difficult issues. (Current Activities, 2013). SOX and PCAOB Impact on Accounting Information SystemsThe SOX requires that companies evaluate the effectiveness of both the design and operation of internal controls (Holmes & Neubecker, 2006, p. 25). Because of the reliance on accounting information systems for financial transactions and reporting, internal controls must be built into in the accounting system infrastructure in order to provide reasonable assurance that financial reporting is valid, complete, and free of fraud. Damianides (2005) stresses, IT will be crucial to achieving this objective and establishing the foundation for a sound internal control environment. Prior to SOX, there were no definitive requireme nts on the extent of accounting system information technology controls a company was expected to implement. Prior to SOX, wise managers and companies that placed high importance on integrity had already instituted internal control procedures. The bible speaks to this concept of being good stewards of the property entrusted to us. As noted in Proverbs 2723, Be sure you know the condition of your flocks introduce special attention to your herds (New International Version).Once SOX became law, more attention was given to internal controls that should be inherent in accounting information systems. Accountingtransactions from inception to disposition are automated, resulting in a direct relationship between IT effectiveness and operational effectiveness in companies (Holmes et al., 2006, p. 25). The chief information officer plays a critical role in SOX internal control compliance. IT professionals are tasked to provide accurate, visible, and timely information while ensuring the protec tion and security of information systems (Damianides, 2005, p. 77).IT governance is a process whereby a companys IT system sustains and supports company goals and objectives (Gelinas, Dull, & Wheeler, 2012, p. 264). The Information Technology Governance Institute (ITGI) created a framework called Control Objectives for Information and Related Technology (COBIT) to provide guidance for companies to implement and monitor IT governance. The five key elements of the COBIT framework are strategic alignment, service delivery, resource management, risk management, and movement measurement (Kepczyk, 2012, p. 5).Strategic alignment is the integration of the IT infrastructure into an enterprises strategic plans. Service delivery refers to the IT systems ability to securely provide information system access on any company-approved device from any location, on-site or remote. Resource management is the proactive monitoring and control of IT hardware and software costs, proactively applying cos t-benefit analysis. Risk management encompasses the identification of threats and vulnerabilities to IT infrastructure, with proactive actions taken to mitigate potential impacts. Lastly, performance management is process of determining the acceptable levels of network performance and monitoring bond through such tools as balanced scorecards and benchmarks (Kepczyk, 2012, p. 5).Businesses that apply biblical wisdom to learning and understanding legal requirements and how to implement them will be happy in overcoming the tactical challenges of complying with the law. We are reminding in Proverbs 15, let the wise listen and add to their learning, and let the discerning get guidance. ConclusionThe Sarbanes-Oxley Act of 2002 is the most significant legislation concerning market regulation since the Exchange Acts of 1933 and 1934 (Holmes et al., 2006, p. 27). Public corporations are most impacted by the stringent internal control requirements. The PCAOB oversees accounting processes an d auditing requirements. Companies that are successful in establishing and maintaining effective internal controls automate them within their accounting information systems. As the automation in business processes is continually growing, managers are challenged to ensure transactions are valid, security is strong, and reports are accurate and valid.ReferencesA Guide to the Sarbanes-Oxley Act. (2006). Addison-Hewitt Associates. Retrieved April 30, 2014, from http//soxlaw.com Ahmed, A., McAnally, M., Rasmussen, S. & Weaver, C. (2010). How costly is the sarbanes oxley act? Evidence on the effects of the act on corporate profitability. journal of Corporate Finance, 16, 352-369. Attestation. (2003). Retrieved April 30, 2014, from www.pcaobus.org Auditing. (2003). Retrieved April 30, 2014, from www.pcaobus.org Auditing Standard No. 5. (2007). Retrieved April 30, 2014, from www.pcaobus.org Auditing Standard No. 12. (2010). Retrieved April 30, 2014, from www.pcaobus.org Bloch, G. (2003). Sa rbanes-oxleys effects on internal controls for revenue. The CPA Journal, 73(4), 68-70. Retrieved from http//search.proquest.com/docview/212294542?accountid=12085 Conway, R. (2003). Sarbanes-oxley, section 404 Achieving compliance. Orange County Business Journal, 26(15), 19. Retrieved from http//search.proquest.com/docview/211081168?accountid=12085 Current Activities. (2013). Retrieved April 30, 2014, from www.pcaobus.org Damianides, M. (2005). Sarbanes-oxley and IT governance new guidance on IT control and compliance. Information Systems Management, 22(1), 77-85. Retrieved from http//search.proquest.com/docview/214122540?accountid=12085 Ethics & Independence. (2003). Retrieved April 30, 2014, from www.pcaobus.org Gelinas, U., Dull, R., & Wheeler, P. (2012). Accounting information systems (9 ed.). Mason, OH Cengage/South-Western. Hofman, S. (2005). Beyond sarbanes-oxley requirements. ISeries News, 1-6. Retrieved from http//search.proquest.com/docview/219592654?accountid=12085 Holmes, M. & Neubecker, D. (2006). The impact of the sarbanes-oxley act of 2002 on theinformation systems of public companies. Issues in Information Systems, 7(2), 24-28. Retrieved from http//iacis.org/iis/2006/Holmes_Neubecker.pdf Holy Bible, New International Version, NIV. (1973, 1978, 1984, 2011). Retrieved from http//www.biblica.com Kepczyk, R. (2012). Raising your IT governance awareness. The Practicing CPA (Online), 40(8), 4-5. Retrieved from http//search.proquest.com/docview/1115475024?accountid=12085 Kim, B. (2003). Sarbanes-Oxley Act. Harvard Journal on Legislation, 40, 235-252. Retrieved from http//heinonline.org.ezproxy.liberty.edu2048/HOL/Page?collection=journals&handle=hein.journals/hjl40&type= forecast&id=241 Moffett, R. & Grant, G. (2011). Internal controls and fraud prevention. Internal Auditing, 26(2), 3-12. Retrieved from http//search.proquest.com/docview/863454394?accountid=12085 Quality Control. (2003). Retrieved April 30, 2014, from www.pcaobus.org Roman, H. K. (2012). Raising your IT governance awareness. The Practicing CPA (Online), 40(8), 4-5. Retrieved from http//search.proquest.com/docview/1115475024?accountid=12085 Solomon, D. & Bryan-Low, C. (2004). Companies complain about cost of corporate-governance rules. Wall Street Journal, February 10. Retrieved from http//search.proquest.com/docview/398856653?accountid=12085 Vakkur, N., McAfee, R. & Kipperman, F. (2010). The unintended effects of the sarbanes-oxley act of 2002. Research in Accounting Regulation, 22(1), 18-28. Retrieved from http//dx.doi.org/10.1016/j.racreg.2010.02.001
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment