Introduction
Investors and entrepreneurs face numerous challenges in their quest to achieve their investment goal (Whittington & Delaney 2011). Examples of such challenges include corporate mismanagement and prevalence of fraud. Whittington and Delaney (2011) are of the opinion that fraud is one of the major challenges that organizations have to deal with despite its ancient nature. Therefore, the relevance of fraud detection and prevention with regard to financial statements has increased significantly.
The prevalence of fraud has motivated organizational management teams and industry regulators in different economies to implement diverse internal and external control mechanisms such as laws. Some of the formulated laws aim at promoting effective reporting. The US government formulated and enacted the Sarbanes-Oxley Act in 2002 to promote optimal financial reporting practices in organizations.
The involved parties formulated the act following the stupendous accounting fraud experienced by most US corporations such as Enron among others (Fletcher & Plette 2008). The enactment act has affected both large and small enterprises that use information systems in their financial monitoring and reporting (Clarke & Klettner 2002).
In a quest to understand the impact of the Act, this paper evaluates different aspects. It starts by giving a brief definition and objective of the Act before undertaking a comprehensive discussion of section 404 of the Act to develop a better understanding of how the Act has affected businesses in their financial reporting.
In addition, the paper discusses the requirements for SMEs that use information systems in their financial reporting and monitoring as stipulated by Section 404 coupled with evaluating the proposed Sarbanes-Oxley Act implementation guidelines as stipulated by professional bodies such as KPMG, ISACA, PWC, and other professional publications. The paper closes by outlining recommendations on how an online store can implement the Act successfully.
Definition of the Sarbanes-Oxley Act
This Act is also known as the Public Company Accounting Reform and Investor Protection Act. As aforementioned, a number of events necessitated the formulation of the Sarbanes-Oxley Act. Some of these events relate to boardroom failures, increase in a conflict of interest amongst auditors and in the securities industry, and an increase in internet investing.
Congressman Michael Oxley and Senator Paul Sarbanes formulated the Act. On 30 July 2002, the US government approved the Sarbanes-Oxley Act and signed it into law. The formulation of the Act arose from the escalated financial scandals especially in large and well-established organizations such as WorldCom and Enron. The scandals led to an acute decline in the level of public trust with regard to reporting and accounting practices. Additionally, financial markets in the US were also affected through a reduction in the level of public confidence.
The Act specifically aimed at protecting investorsâ wealth by promoting reliability and accuracy during disclosure of their financial performance as stipulated by the various securities laws (Whittington & Delaney 2011). The Act has been regarded as the most important and sustainable type of market reform in the US since the enactment of the securities legislation during the 1930s (Fletcher & Plette 2008).
The Act is broad in nature for it carries eleven main titles. Title IV outlines succinctly the requirements regarding disclosure of financial information. According to Title IV, organizations should guarantee a high level of accuracy in their financial reporting. Section 401 of the Act stipulates that firms should ensure that their financial statements are in accordance with the Generally Accepted Accounting Principles (GAAP).
The objective of the Act
As aforementioned, the Act was formulated due to the recognition of the frequent corporate failures that emanated from fraud and corporate mismanagement. According to Fletcher and Plette (2008), the Act aimed at restoring investor confidence in addition to ensuring that investorsâ funds are protected. Its architects are of the opinion that the Act will achieve its intended objective by promoting ethical practices such as accuracy, transparency, and reliability. Additionally, the proponents of the Act except that the Act will promote good reporting and disclosure practices.
The accomplishment of these objectives is very critical in reinforcing ethical standards in organizations. The Act intends to promote high ethical standards within organizations by facilitating high levels of accountability and awareness. Some of the parties required to portray a high level of accountability include the auditors, directors, corporate executives, firm regulators, corporate executives, and directors (Fletcher & Plette 2008, p.64).
Zegarowski (2006) asserts that it is important for firmsâ management teams to promote investor and public confidence in their financial reporting process. Additionally, the promotion of ethical standards is very important in the operation of capital markets. Public companies irrespective of their size carry the responsibility of adhering to all requirements of the Sarbanes-Oxley Act (Fletcher & Plette 2008).
The Act has had long-term effects with regard to how listed companies undertake activities such as financial reporting, implementing internal controls, and managing their auditors. Additionally, the Act requires public firm management teams to disclose the effectiveness and efficiency of the implemented internal controls. Moreover, the Act requires organizational Chief Executive Officers and Chief Financial Officers to certify financial reports in a bid to promote accuracy.
Most relevant Section of the Act
Section 404 is the most relevant section of this discussion. The Section deals with ensuring effective internal control in organizationsâ reporting processes. The Section specifically concerns with âmanagement assessment of internal controlsâ (Fletcher & Plette 2008). The Section requires firms to adhere to two main rules. The first rule asserts that firmsâ management teams assume the responsibility of ensuring that they undertake effective establishment and maintenance of internal control procedures to improve financial reporting.
The second rule outlines a requirement for firmsâ management teams to include an assessment of the firmsâ effectiveness in controlling financial reporting (Congress: Public law 2004). The second part of Section 404 postulates that an external auditor must assess a particular organization. According to Zegarowski (2006), managing internal control is one of the most taxing aspects of the Sarbanes-Oxley Act. Section postulates that publicly registered firms should disclose to investors and the public regarding their effectiveness in implementing the internal control mechanism thus improving financial reporting.
The US Securities and Exchange Commission is of the view that complying with Section 404 presents an opportunity to both large and small enterprises by improving their business processes. Organizations can accrue a number of benefits in their internal control processes. Some of the benefits include enhanced investor confidence, provision of better information to investors, and improving the efficiency and effectiveness with which firms undertake internal control processes (Zegarowski 2006).
Despite its effectiveness in promoting financial reporting in organizations, firmsâ management teams faced different challenges in their quest to comply with section 404. Firstly, a firm must allow a substantial amount of resources and time in order to increase its compliance with the rule. The cost of complying with the requirements of Section 404 is dependent on the size of an organization. Additionally, the total cost of compliance is also dependent on whether a firm intends to fulfill the requirements of Section 404 (a) or Section 404 (b) (Zegarowski 2006).
Findings of a study conducted by the US Securities and Exchange Commission revealed that the cost of compliance increases with the size of an organization. In spite of this understanding, there is a high probability of SMEs incurring higher costs in their effort to comply with Section 404 of the SOX (Zegarowski 2006). High auditing fee is one of the cost elements that SMEs have to deal with. In their operation, SMEs mostly experience financial constraints. The US Securities and Exchange Commission asserts that the revenue earned by SMEs caters for a significant proportion of the compliance cost.
This aspect further increases the SMEsâ financial constraints. Consequently, SMEs experience a limitation of resources necessary to enable them to institute, retain, and assess internal controls over their financial reporting. According to the US Securities and Exchange Commission, auditing fees are in most cases high and fixed (Zegarowski 2006).
SMEs also lack the human capital necessary to allow them to analyze their effectiveness in the implementation of internal control. Therefore, they have to rely on external auditors to evaluate their performance in financial reporting. Lack of internal personnel to assess their effectiveness in internal control poses difficulties for SMEs in responding to difficult standards. Consequently, SMEs are forced to seek guidance from larger firms in the industry (Zegarowski 2006).
Secondly, an organization is required to analyze and report annually regarding its efficacy of internal control in relation to financial reporting. Section 404 also requires businesses to evaluate the implication of their financial reporting on the market. Another source of challenge originates from the fact that firmsâ management teams are required to seek the opinion of external auditors on its effectiveness in undertaking internal control.
Proposed Sarbanes-Oxley Act implementation guidelines by professional consultants
Different quarters have conducted numerous studies on the effectiveness of the Sarbanes-Oxley Act in promoting investor confidence and trust. However, little has been done with regard to the implementation of the Sarbanes-Oxley Act. A study conducted by PriceWaterhouseCoopers (PWC) revealed that preparing external audit to undertake internal control with regard to its financial reporting in addition to conducting managementâs assessment requires a substantial amount of time coupled with intellectual and human capital.
Seventy-eight percent of respondents interviewed were of the opinion that implementing Section 404 is expensive (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004). PriceWaterhouseCoopers proposed a number of guidelines that SMEs should consider in their effort to comply with Section 404 of the Sarbanes-Oxley Act. These guidelines include getting started, scoping and planning, outsourcing the service of external organizations, documentation, testing, evaluating possible deficiencies in firmsâ internal control and reporting procedures and structures, and communicating important observations.
Getting started – Implementing Section 404 is relatively complex for SMEs because firms are required to operate beyond their normal accounting and finance activities. For example, SMEs will be required to integrate other functions such as legal, taxation, internal audit, and information technology. Implementing the Act will also require firmsâ management teams to be extensively involved in coordination with third parties such as external auditors and other firms that offer various outsourced services. During the project initiation phase, two main areas, which include project oversight and management, should be taken into account. Project oversight should aim at establishing accountability at every stage and department (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004).
Scoping and planning – When implementing the Act, the involved authorities should undertake proper documentation. Some of the aspects that should be taken into account during scoping and planning include the level of control and disclosure that should be performed.
Scoping is very important when implementing Section 404 because it allows firmsâ managers to identify the most essential accounts, disclosures, and business processes that are subject to financial reporting procedures (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004). This guideline requires a firmâs management teams to use a recognized control framework in assessing the effectiveness of its internal control on its financial reporting. PWC recommends the Committee of Sponsoring Organizationsâ (COSO) as one of the frameworks that should be used.
Using service organizations – When undertaking their financial reporting and disclosure processes, most organizations outsource the services of professionals to assist them in processing financial data. Therefore, in a bid to attain their financial reporting goals, it is important for firmsâ management teams to assess the effectiveness of outsourcing service firms in implementing internal control procedures.
Outsourcing service firms should only occur if the activities of the outsourced firm are an important component of the firmâs financial reporting. Alternatively, firms should only consider outsourcing if operations of the outsourced firm contribute towards the generation of important information that can improve the outsourcing firmsâ financial reporting process (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004).
Documentation – The documentation undertaken during the scoping and planning phase forms the foundation on which the management evaluates its efficiency in undertaking internal control on financial reporting. According to PWC, the firmâs management teams carry the responsibility of documenting the various internal control processes and procedures that the firm uses. Documentation is critical in promoting effective internal control.
Testing- In an attempt to ensure effective internal control in their financial reporting, organizations should conduct comprehensive tests to determine whether the implemented control mechanisms are functioning effectively. PWC proposes four main aspects to consider when testing the effectiveness of the control mechanisms. These include identifying the internal controls to be evaluated, identifying the party to carry out the testing, devising and executing test plans, and evaluating test results (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004).
Evaluating internal reporting and control deficiencies- It is important for organizations to evaluate the possible deficiencies that might arise in the process of implementing internal control. Internal control deficiency occurs if a firmâs employees cannot perform their internal control activities or inability to identify misstatements.
Internal control deficiency mainly arises from ineffective designing of the control mechanism. On the other hand, a significant deficiency is experienced if a firmâs management team cannot undertake basic internal control and reporting functions, for example, initiating, recording, authorizing, or processing financial data in line with the GAAP.
Communication- The management should incorporate effective communication mechanism to ensure efficiency in implementing the Sarbanes-Oxley Act. This move will play a critical role in promoting accuracy and accountability in a firmâs financial reporting processes. Some of the parties who should receive proper communication regarding the important observations made in relation to financial reporting and internal control include the management team, internal auditors, and the firmsâ audit committee (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004).
Requirements for SMEs by SOX
SMEs should take into account a number of issues to benefit from the Act. In order to promote efficiency and effectiveness in their financial reporting, SMEs should focus on the most important control mechanisms rather than implementing general controls. In addition, SMEs should implement control structures that contribute towards maximization of their auditing efficiency while at the same time minimizing their compliance cost (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004).
SMEs that have integrated information technology in their financial reporting is also required to integrate their business processes with their IT systems. This aspect should contribute to maximizing the benefits of automation compared to manual controls. Additionally, the Act requires SMEs to focus on internal control and financial reporting areas that are characterized by a high degree of risk. SMEs are also required to focus on significant accounts, locations, and processes in their operation (Congress: Public law 2004).
Implementing the Sarbanes-Oxley Act in an online retail store
Considering the high rate of technological innovation, retail firms should consider investing in information technology in an effort to improve their competitive advantage. Investing in IT, for example by establishing an online retail store, will enable firms to access new market segment.
The Sarbanes-Oxley Act of 2002 recognizes the role of information technology in attaining competitive advantage. Consequently, the Act outlines a number of provisions that aim at promoting and ensuring effective internal control. Section 404 provides an opportunity for online retail stores to nurture accountability, trust, and investor confidence in a number of ways (Seider 2004).
Firstly, the Act provides investors with an opportunity to conduct effective controls thus preventing the occurrence of fraud, leakage, or loss of vital financial data or information. Secondly, online retail stores can implement the Act by incorporating a mechanism that will enable speedy detection of control problems. This move will increase the effectiveness with which online retail stores prevent occurrences of scandals that may negatively influence investor confidence (Seider 2004). Thirdly, online retail stores can also implement the Act by integrating a mechanism that will make it possible to undertake audit trails. Ultimately, online retail firms will take appropriate action in the event of unethical behavior amongst its employees (PriceWaterhouseCoopers: Sarbanes-Oxley Act 2004).
Online retail firms can also implement the Sarbanes-Oxley Act of 2002 by integrating some of the frameworks as advocated by the Act. One of these frameworks is Control Objectives for Information and Related Technology (COBIT). By implementing this framework, online retail stores will develop strong IT controls with regard to their financial reporting. The COBIT framework will significantly enhance the effectiveness of online retail stores in dealing with risk.
Conclusion
The Sarbanes-Oxley Act of 2002 has been very effective in countering fraud in organizations in the United States of America. Its efficiency has allowed the promotion of optimal internal control structures and procedures and thus an improvement in the level of investor confidence and trust. One of the most significant sections of the Act to SMEs is Section 404.
The section has enhanced effective internal control in organizationsâ financial reporting processes. Different professional bodies such as PriceWaterhouseCoopers have proposed guidelines that SMEs should follow in the process of implementing the Act. The Act has also given online retailers an opportunity to attain a competitive advantage through effective internal control and reporting.
Reference List
Clarke, T & Klettner, A 2002, âGovernance issues for SMEsâ, Journal of Business Systems, Governance and Ethics, vol. 4 no. 4, pp. 23-40.
Congress: Public law 2004.
Fletcher, W & Plette, T 2008, The Sarbanes-Oxley Act: implementation, significance and impact, Nova Science Publishers, New York.
PriceWaterhouseCoopers: Sarbanes-Oxley Act: practical guide for management 2004.
Seider, D 2004, Sarbanes-Oxley information technology compliance audit, Sans Institute, New York.
Whittington, R & Delaney, P 2011, Wiley CPA exam review, John Wiley, Hoboken.
Zegarowski, G 2006, âCorporate sustainability after Sarbanes-Oxley linking social-political initiatives and small and medium sized enterprise resourcesâ, International Journal of Disclosure and Governance, vol. 4 no. 1, pp. 52-58.