The Sarbanes-Oxley Act (hereafter SOX) is basically an act passed in 2002 by the United States Congress to safeguard local and international investors from the likelihood of fraudulent activities perpetuated by persons either working for corporations or contracted to undertake specific accounting duties for these entities.
SOX, along with subsequent regulations designed and implemented in 2003 and 2004, authorized stringent reforms aimed at not only improving financial disclosures from corporations but also preventing the loss of investor confidence through financial fraud. The Act was enacted to respond to heightened accounting scandals that shook investor confidence in early 2000s and led to the collapse of high-ranking corporations, including Enron, Tyco, and WorldCom.
It has been demonstrated in the literature that SOX is a fundamental component in the accounting profession as it directly influences the responsibilities of accountants and auditors not only in regards to financial reporting, but also in reference to external auditing and corporate governance issues.
Provisions contained in section 404, in particular, are relevant to the accounting profession as they require auditors to develop principles of control over financial reporting, and also to continually verify that the controls that have been put in place are working.
COSO’s Internal Control Framework
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) identifies five main components, which include “control environment, risk assessment, control activities, information and communication, and monitoring.”
While the control environment sets the tone of an organization to influence the control consciousness of its people, risk assessment deals with the identification and coherent analysis of relevant risks to the accomplishment of the set objectives, hence developing a foundation for determining how risks should be administered.
The control activities component denotes the policies, processes and procedures that guarantee management directives and instructions are implemented, whereas the information and communication component identifies, captures, and communicates in a particular form and time schedule to facilitate people in undertaking their daily activities.
Lastly, the monitoring component implies a process that evaluates the quality and performance of the internal control system overtime to ensure that it is able to assess risks as well as the effectiveness of the continuing monitoring procedure.
Relationship between SOX and COSO
It can be argued that both SOX and COSO are informed by the need to prevent unethical financial reporting, which often leads to financial scandals. COSO provides the internal control framework, which to a large extent assists SOX to achieve its principal objective of improving investor confidence of financial statements availed by corporations by virtue of the fact that internal controls reduce the probability for organizations to undertake biased or unethical financial reporting.
Consequently, it can be deduced that both SOX and COSO are premised on the need to guarantee financial information reliability and comparability because they not only provide guidelines regarding the monitoring of financial reports and financial risk management but also demonstrate commitment to integrity, competence and ethical values in financial reporting as well as addressing perceived weaknesses in internal controls.
Fraud Triangle & Tom’s Gambling Activities
The fraud triangle is basically a model that is used to illuminate the critical components that cause an individual to engage in financial fraud. These factors, which include opportunity, financial pressure and rationalization, must be collectively present for fraud to occur. In Tom’s case scenario, the motivation and pressure to commit fraud is underlined by his addiction to gambling activity.
Tom has also rationalized his gambling activity, arguing that he reads and uses gambling information in his gambling activities the same way an accountant would use accounting information to trade in stocks. The only component missing in Tom’s case scenario is opportunity. Once opportunity is created in terms of weaknesses in controls at Tom’s place of work, he shall be tempted to commit fraud so that he may have more money to quench his gambling behavior.