The Sarbanes-Oxley Act assigns the following corporate responsibilities regarding internal controls that must accompany financial reports:
CEO & CFO must certify the following for annual and quarterly reports:
- The officers are responsible for establishing and maintaining internal controls.
- Internal control is designed to ensure that material info is provided to internal & external users.
- Internal controls have been evaluated within 90 days prior to the report.
- The officers’ conclusiosn regarding internal control effectiveness as of the evaluation date
The SOX Act specifically prohibits improper influence on the conduct of audits defined as follows
No officer or director may take any action to fradulently influence, coerce, manipulate, or mislead an independent CPA engaged in an audit of the F/S of an issuer for the purpose of rendering the F/S materially misleading
The SOX Act imposes certain financial penalties on officers who are responsible for material misstatements resulting from their misconduct. Penalties include:
- Refund to the issuer of any bonus or other incentive-based or equity-based compensation during the 12-month period following the first public issuance of the financial document.
- Refund any profits realized from the sale of securities of the issuer during the 12-month period following the first public issuance of the financial document.
Title IV of the Sarbanes Oxley Act, Enhanced Financial Disclosures, includes the following topics:
Disclosures in periodic reports
Enhanced conflict-of-interest provisions
Dislcosures of transactions involving management and principle stockholders
Mgmt assessment of internal controls
Certain exemptions
Code of ethics for senior financial officers
Dislcosure of audit committee financial expert
Enhanced review of periodic disclosures by issuers
The Sarbanes Oxley Act requires certain disclosures in periodic reports. Those disclosures include:
- All adjusting entries identified by the public accounting firm reporting on the F/S.
- The F/S disclose all material off-balance sheet transactions including operating leases, contingent obligations, and relationships with unconsolidated subsidiaries.
- Pro forma F/S shall include all relevant info and shall not include misleading or untrue info
The Sarbanes Oxley Act includes certain enhanced conflict-of-interest provisions. Those provisions include:
Prohibitions on personal loans to executives with some exceptions
The Sarbanes Oxley Act includes provisions for disclosure of transactions involving management and principle stockholders. Those provisions include:
Reporting by persons with ownership of 10% or more.
Statements are filed at the time of registration, when a person achieves 10% ownership, and when there has been a change in ownership.
The Sarbanes Oxley Act includes provisions for management assessment of internal controls. Those provisions includes a report showing:
- Management’s assertion that it is responsible for adequate internal control structure.
- Management’s conclusions regarding its assessment of the effectiveness of the internal control structure and procedures for financial reporting
- The auditor’s attestation regarding management’s assessment of internal control
The Sarbanes Oxley Act includes provisions for audit committee disclosures. Those disclosures include:
The issuer must disclose the existence of a financial expert on the committee or the reasons why the committee does not have a member who is a financial expert.
For purposes of service on the audit committee, what qualifies an individual for classification as a financial expert?
A financial expert qualifies through education, past experience as a public accountant, or past experience as a finance officer for an issuer.
Knowledge of the financial expert should include:
- Understanding of GAAP
- Experience in the preparation or auditing of F/S for comparable issuers
- Application of GAAP
- Experience with internal controls
- Understanding of audit committee functions
Title VIII of the Sarbanes-Oxley Act considers what topics?
Criminal penalties for altering documents
Statute of limitations for securities fraud
Whistle-blower protection
Criminal penalties for securities fraud
Title IX of the Sarbanes-Oxley Act considers what topics?
Title IX, White Collar Crime Penalty Enhancements, includes the following:
- Attempt and conspiracy
- Amended sentencing guidelines for white-collar offenses
- Failure of corporate officers to certify financial reports
An issuer periodic report containing financial statements filed with the SEC must include the following written certifications:
Each certified financial report must include a written statement:
- That the periodic report complies with the Securities Exchange Act of 1934.
- That info in the report fairly presents, in all material respects, the financial condition and operating results of the issuers.
- Which must be signed by the CEO & CFO of the issuer, who bear responsibility for these statements.
Title XI of the Sarbanes Oxley Act considers what topics?
Title XI, Corporate Fraud Accountability, includes the following:
- Tampering with a record or impeding an official proceeding
- Temporary freeze of authority for the SEC
- Authority of the SEC to prohibit persons from serving as officers or directors
- Retaliation against informants
Under Title XI, Corporate Fraud Accountability, what are the penalties for tampering with a document used in an official proceeding or retaliating against an informant providing information to the SEC?
Document tampering will result in fines and/or a prison term of not more than 20 years.
Retailiation against informants providing information to the SEC will result in fines and/or prision term of not more than 10 years
How does the principles-based approach support an effective system of internal control under the COSO framework?
An effective system of internal control requires the use of judgement in determining the sufficiency of controls, applying the proper controls, and assessing the effectiveness of the system of internal controls.
The principles-based approach of the COSO framework emphasizes the importance of management judgment.
What are the components of the Committee on Sponsoring Organization’s (COSO) Internal Control Integrated Framework?
- Control Environment
- Risk assessment
- Information and communications
- Monitoring
- Existing control activities
What are the five principles associated with the control environment component of the COSO Internal Control Integrated Framework?
- Committement to ethics and integrity (E)
- Board independence and oversight (B)
- Organizational structure (O)
- Commitment to competence (C)
- Accountability (A)
What are the four principles associated with the risk assessment component of the COSO Internal Control Integrated Framework?
- Specify objectives
- Identify and analyze risks
- Consider potential for fraud
- Identify and assess changes
What are the three principles associated with the (existing) control activities component of the COSO Internal Control Integrated Framework?
- Select and develop control activities
- Select and develop technology controls
- Deploy through policies and procedures
What are the three principles associated with the info and communications component of the COSO Internal Control Integrated Framework?
- Obtain and use information
- Internally communicate info
- Communicate with external parties
Name and describe the three objectives within the COSO framework
- Operating objectives pertain to the effectiveness and efficiency of the entity’s operations
- Reporting objectives pertain to the reliability, timeliness, and transparency of an entity’s reporting
- Compliance objectives are necessary to ensure the entity is adhering to all laws and regulations.
What is the purpose of the COSO cube?
To show a graphical 3-dimensional depiction of the relationship between an entity’s 3 objectives, its 5 integrated conrol components, and the entity’s organizational structure
What is necessary for the 5 components of the COSO framework to create an effective internal control environment for an entity?
In order to have an effective internal control environment for an entity, the 5 components and 17 related principles must be both present and functioning.
Additionally, the 5 components must operate together as an integrated system, to reduce the risk to an acceptable level, that the entity will not achieve its objectives.
