Sarbanes-Oxley Control environment
|
The control environment is one of 5 interrelated elements of internal controls for ensuring accurate financial reporting. Testing for the existence and effectiveness is essential in securing Sarbanes-Oxley compliance. A major part of the control environment is that senior management set an "appropriate tone" for the behaviour of the company. Essentially this is covered by the ethics and integrity. The figure of 5 elements of internal control comes from the Committee Of Sponsoring Organisations (COSO) of the Treadway Commission. Section 404 of the Sarbanes-Oxley Act 2002 is the reason that internal controls are examined so closely. American public companies must determine that internal controls ensuring accuracy in financial reporting exist and that they are effective. On filings to the SEC, the company has to report on their findings. Auditors also have to attest to the effectiveness of the controls. Ethics and integrity and the effectiveness therein, have been dealt with elsewhere on this site. This article deals with other pieces in the control environment. Management's philosophy. The outlook of management in pursuance of running the company can have a significant impact on the control environment. Indicators of the philosophy include the approach to assessing and monitoring risk, attitudes to financial reporting and tax, emphasis on meeting financial goals. Testimony from Scott Sullivan, former WorldCom CFO, painted a picture of a boardroom that was obsessed about "hitting the numbers". It was this obsession, he claims that prompted the massive fraud to take place. Activities to plan, execute, control and monitor, for achieving company-wide objectives need to be done within a framework. This frameworks is the organisation of the company. As a rule of thumb, the larger the company, the more complex an organisation it is. This can cause problems due to complexity. However small companies might need a smaller organisation structure. Commitment to competence Are employees and management competent to do their job in terms of knowledge and skills. The commitment should come from senior management. IT considerations as IT is so pervasive and so many reporting functions are automated, they are an important component of the control environment. In fact they are so important they merit a separate, in depth assessment of their effectiveness, by an IT audit specialist. Some considerations of IT are:
* IT can introduce additional or increase risks that require new control measures in themselves. * They may need specialized skills * IT is mistaken as a separate control environment. * IT may be outsourced, which place a reliance for control environment on third parties. Human resource policies Even before a staff member has joined the company, he can get a feeling for the "tone" of the compan, through the way he is recruited. An emphasis on recruiting quality people with the appropriate skillset for the job in conjunction with education, ethics, integrity and experience, demonstrates a commitment to trust and and competence. HR policies do not necessarily have to be written. Indeed in many smaller companies, they can be communicated verbally. However they have to exist and be effective. Management's actions are more important than its words. Possibly included in a HR policy are:- recruitment, training, counselling, promoting, compensation and dismissal, and related processes and procedures.
|
Related Articles
Similar Areas Selected Books Keywords
|