Study Notes on Sarbanes-Oxley, Internal Controls, Cash Management, Auditing

Sarbanes-Oxley (SOX) Overview

  • Enacted by Congress in 2002.

  • Requires public companies to evaluate and publish results of their internal controls.

  • Section 404 places management responsible for establishing and maintaining adequate controls over financial reporting.

Internal Controls Definition

  • Internal Controls: Policies and procedures to provide reasonable assurance that enterprise objectives are accomplished.

COSO's Components of Internal Control

  1. Control Environment: Represents the tone and environment of the organization.

  2. Risk Assessment: Management’s process of identifying potential risks to the organization’s financial statements and developing actions to address those risks.

  3. Control Activities: Various internal controls designed to mitigate risks and achieve objectives.

  4. Information & Communication: Internal and external reporting processes as well as the technology environment ensuring all stakeholders are informed.

  5. Monitoring: Process of assessing internal controls over time and adjusting them to assess new risks.

Internal Control Activities

  1. Separation of Duties:

    • Ensures checks and balances within the organization.

    • Functions dealing with assets should be performed by separate individuals to reduce fraud opportunities.

    • If separation of duties is not possible, at least two duties should be assigned to separate individuals.

    • Designed to safeguard company assets and ensure reliable accounting records.

  2. Quality of Employees: Employees must be properly trained.

    • Job rotation can alleviate monotony and reduce the risk of fraud.

  3. Bonded Employees:

    • Require references and background checks prior to employment.

    • Fidelity Bonds protect a company from losses caused by dishonest employees.

  4. Required Absences:

    • Employees should take regular vacations so their responsibilities cannot be covered indefinitely, reducing fraud potential.

    • Duties should be rotated periodically to prevent complacency.

  5. Procedures Manual:

    • Outlines a standard way of accounting for items.

    • Procedures must be tested periodically to ensure compliance.

  6. Authority & Responsibility:

    • Defines a clear chain of command, establishing responsibility and accountability within the organization.

  7. Pre-numbered Documents:

    • Such as checks, purchase orders, and invoices to track all forms issued during a period, facilitating audit trails.

  8. Physical Controls:

    • Implementation of physical inventories and serial numbers for assets.

    • Secure storage for cash and inventory, potentially monitored by surveillance cameras.

  9. Performance Evaluations: Regular assessments to measure the effectiveness of internal controls.

    • Controls can be circumverted by collusion among employees, emphasizing the need for vigilance.

    • A good internal control system reduces temptation and increases detection likelihood of illegal or unethical activities.

Cash Management and Its Importance

  • Finding the Balance:

    • Essential to maintain sufficient cash for payments to employees, suppliers, and creditors.

    • Excess cash is detrimental as it is idle and could earn returns.

  • Cash and Cash Equivalents: Includes currency and items payable on demand (e.g., checks, money orders, bank drafts).

    • Highly susceptible to theft or embezzlement.

  • Accounting Records: Critical for tracking cash balances, including:

    • Cash on hand in the cash account.

    • Future cash receipts (accounts receivable).

    • Future cash disbursements (accounts payable).

    • Internal controls are necessary to prevent theft and fraud.

Internal Controls for Cash Management

  • Examples of Internal Controls for cash management include:

    • Regular counting of cash on hand.

    • Cash payments via pre-numbered documents.

    • Minimizing cash reserves.

    • Recording cash receipts immediately and depositing them daily.

    • Utilizing deposit tickets for all deposits.

    • Engaging an independent party to prepare bank reconciliations.

  • Bank Reconciliation: A process using internal records (cash account balance) and external records (bank statements) to verify the actual cash balance at a point in time, such as the end of the month.

    • Discrepancies due to timing differences or errors.

    • Bank statements are considered external documents, while bank reconciliation is an internal document.

Understanding Bank Statements

  • Credits and Debits in Statements:

    • Bank statement credits (transaction increasing balance):

      • Accounts receivable collections.

      • Interest earned.

    • Bank statement debits (transaction decreasing balance):

      • Bank service charges.

      • Non-sufficient funds (NSF) checks.

Bank Reconciliation Template and Exercise

  • Adjustments in bank reconciliation recognize differing items impacting the true cash balance (adjusting for services charges, NSF checks, etc.).

  • Example items for adjustments include:

    • Bank service charges.

    • Outstanding checks.

    • Deposits in transit.

    • Any discrepancy adjustments must be documented accurately.

Auditor's Role in Financial Reporting

  • To ensure public companies adhere to Generally Accepted Accounting Principles (GAAP) through independent audits.

  • Independent auditors must be Certified Public Accountants (CPAs).

Auditor Responsibilities

  1. Perform a Materiality Test: Assess the financial statements and supporting documents for material correctness and compliance with GAAP.

    • Material defined as any error/reporting issue affecting an average prudent investor’s decisions.

  2. Test the Accounting System: Verify the integrity of the accounting processes.

  3. Issue an Audit Opinion: Types of opinions include:

    • Unqualified Opinion: Indicates full compliance with GAAP without exceptions.

    • Qualified Opinion: Indicates mostly compliant but has reservations.

    • Adverse Opinion: Indicates serious departures from GAAP.

    • Disclaimer: Lack of sufficient financial information to issue an opinion.

Confidentiality Rules

  • Auditors are bound to confidentiality regarding not-yet-public information obtained during audits but can testify legally when required.

  • The AICPA Code of Professional Conduct outlines principles of professional judgment, public service, integrity, independence, and due care for CPAs.

The SEC's Role in Accounting Regulations

  • The SEC is a government agency responsible for establishing and enforcing accounting rules for public companies.

    • Delegates the creation of accounting rules to the Financial Accounting Standards Board (FASB).

    • “Public” companies are those with stock listed on exchanges, mandated to adhere to SEC reporting requirements alongside GAAP.

Oversight of Auditors

  • The SEC also regulates auditing standards.

  • SOX established the Public Company Accounting Oversight Board (PCAOB) post major audit failures, enforcing auditing standards for CPA firms auditing public companies.

Fraud Triangle

  • Annual Report: Integral part of communication between companies, analysts, and other stakeholders.

    • Composed of:

    1. Financial Statements.

    2. Notes to the Financial Statements.

    3. Management’s Discussion and Analysis.

    4. Auditor's Report.

  • The Fraud Triangle components generally include:

    • Opportunity, pressure, and rationalization – elements commonly associated with fraud or misconduct.