Primary navigation:

QFINANCE Quick Links
QFINANCE Topics
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Auditing Best Practice > Compliance and Corporate Audit

Auditing Best Practice

Compliance and Corporate Audit

by Helen Roybark

Executive Summary

  • Some of the regulatory roles and responsibilities under the Sarbanes–Oxley Act, 2002, and Securities and Exchange Commission (SEC) regulations of the chief executive officer and chief financial officer, the audit committee, the internal audit department, and the organization’s external auditor.

  • The key provisions of Sarbanes–Oxley and the regulatory requirements of the SEC.

  • An assessment of the pre- and post- Sarbanes–Oxley environments.

  • A case study that considers PepsiCo’s handling of its regulatory requirements.

Introduction

Every public company must have an annual integrated audit completed by an external auditor that is registered with the Public Company Accounting Oversight Board (PCAOB), so how does an organization ensure regulatory compliance? The independent audit is the cornerstone of public confidence in the US capital market (Sutton, 2002). The significance of the public audit was identified in United States v. Arthur Young & Co. (1984), when the US Supreme Court described the independent audit as a “‘public watchdog’ function.” This has been the legal foundation of the auditing of public companies for the past 27 years.

Following the sharp decline in technology stocks (2000) and the Enron (2001) and WorldCom (2002) failures, the utility of the public audit was called into question by society (Carmichael, 2004). Congress responded by passing the Sarbanes–Oxley Act of 2002, which was signed into law on July 30, 2002. Section 101 of the Act established the PCAOB to oversee the audit of public companies that are subject to the securities laws and related matters. The US Securities and Exchange Commission (SEC) has oversight and enforcement authority over the PCAOB as specified in Section 107 of the Act.

The Sarbanes–Oxley Act has been called the most significant regulatory reform since the Great Depression. “The Act is extremely important in its implications for boards and managements of public companies, for the accounting profession, and for the capital markets system in the United States” (Messier, Glover, and Prawitt, 2010, p. 35). It applies to all US public companies. While the Act does not apply directly to privately held companies, it may have indirect effects should such companies wish to raise capital, be acquired by a public company or become a public company, or work with customers or other partners who may require Sarbanes–Oxley compliance from their suppliers and vendors. The Act includes a broad range of provisions dealing with corporate governance, so it affects how business is conducted. It created legal responsibilities associated with the chief executive officer (CEO), chief financial officer (CFO), the audit committee, the internal audit personnel, and the external auditor. Given the legal mandates and expanded regulatory requirements, the organization must ensure that these individuals and groups clearly understand their roles and responsibilities in the post-Sarbanes–Oxley world.

Good governance demands that an organization’s board of directors ensures that the highest ethical behavior is maintained throughout the organization and that its public disclosures are reliable, timely, and satisfy all legal mandates. This sends a clear message to the public, stakeholders, and regulators about the board of directors’ and management’s role and responsibilities (IIA, AICPA, and ACFE, 2008). Stakeholders want to know how all actors—the CEO and CFO, the audit committee, internal auditors, and the external auditor—are responding to heightened regulations and their oversight and leadership roles and responsibilities.

Back to Table of contents

Further reading

Book:

  • Messier, William F., Steven M. Glover, and Douglas F. Prawitt. Auditing and Assurance Services: A Systematic Approach. 7th ed. New York: McGraw-Hill/Irwin, 2010.

Articles:

  • Beasley, Mark S., Joseph V. Carcello, Dana R. Hermanson, and Terry L. Neal. “The audit committee oversight process.” Contemporary Accounting Research 26:1 (Spring 2009): 65–122. Online at: dx.doi.org/10.1506/car.26.1.3
  • Carcello, Joseph V. “Governance and the common good.” Journal of Business Ethics 89:S1 (May 2009): 11–18. Online at: dx.doi.org/10.1007/s10551-008-9904-z
  • Carmichael, Douglas R. “The PCAOB and the social responsibility of the independent auditor.” Accounting Horizons 18:2 (June 2004): 127–133. Online at: dx.doi.org/10.2308/acch.2004.18.2.127
  • Geiger, Marshall A., and Porcher L. Taylor, III. “CEO and CFO certifications of financial information.” Accounting Horizons 17:4 (December 2003): 357–368. Online at: dx.doi.org/10.2308/acch.2003.17.4.357
  • Information Systems Audit and Control Association (ISACA). “COBIT framework for IT governance and control.” Version 4.1. May 2007. Online at: www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx [registration required].
  • PepsiCo. “Corporate governance.” 2011a. Online at: www.pepsico.com/Company/Corporate-Governance.html
  • PepsiCo. “1992 milestones.” 2011b. Online at: www.pepsico.com/Company/Our-History/1992.html
  • Ramamoorti, Sridhar. “The psychology and sociology of fraud: Integrating the behavioral sciences component into fraud and forensic accounting curricula.” Issues In Accounting Education 23:4 (November 2008): 521–533. Online at: dx.doi.org/10.2308/iace.2008.23.4.521
  • Roybark, Helen M. “An analysis of the accounting and audit enforcement releases issued by the Securities and Exchange Commission in 2011.” Unpublished. 2011a.
  • Roybark, Helen M. “Are audit firms with public disclosure of Section 104 quality control criticisms different from audit firms with no such public disclosure?” Unpublished. 2011b.
  • Sutton, Michael H. “Financial reporting at a crossroads.” Accounting Horizons 16:4 (December 2002): 319–328. Online at: dx.doi.org/10.2308/acch.2002.16.4.319
  • United States v. Arthur Young & Co., 465 U.S. 805 (1984). Online at: supreme.justia.com/us/465/805

Reports:

  • Beasley, Mark S., Joseph V. Carcello, Dana R. Hermanson, and Terry L. Neal. “Fraudulent financial reporting: 1998–2007. An analysis of U.S. public companies.” Committee of Sponsoring Organizations of the Treadway Commission (COSO), May 2010. Online at: www.coso.org/documents/COSOFRAUDSTUDY2010_001.pdf
  • Committee of Sponsoring Organizations of the Treadway Commission (COSO). “Internal control—Integrated framework.” American Institute of Certified Public Accountants (AICPA), July 1994. Online at: tinyurl.com/6re5jwt [PDF].
  • Institute of Internal Auditors (IIA). “Sarbanes–Oxley Section 404: A guide for management by internal controls practitioners.” 2nd ed. January 2008. Online at: www.theiia.org/download.cfm?file=31866
  • Institute of Internal Auditors (IIA), American Institute of Certified Public Accountants (AICPA), and Association of Certified Fraud Examiners (ACFE). “Managing the business risk of fraud: A practical guide.” April 2008. Online at: tinyurl.com/2csuuz2 [PDF].
  • Public Company Accounting Oversight Board (PCAOB). “Guidance: Staff audit practice alerts.” Main website page for alerts, Q&A, and guidance issued by PCAOB staff on various dates, 2006–11. Online at: pcaobus.org/Standards/Pages/Guidance.aspx
  • Public Company Accounting Oversight Board (PCAOB). “Standards.” Main PCAOB website page for auditing standards and related materials. Online at: pcaobus.org/STANDARDS/Pages/default.aspx
  • Public Company Accounting Oversight Board (PCAOB). “An audit of internal control over financial reporting that is integrated with an audit of financial statements.” Auditing Standard No. 5. July 27, 2007. Online at: pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_5.aspx
  • Public Company Accounting Oversight Board (PCAOB). “Audit risks in certain emerging markets.” Staff Audit Practice Alert No. 8. October 3, 2011. Online at: pcaobus.org/Standards/QandA/2011-10-03_APA_8.pdf
  • US House of Representatives, Committee on Financial Services (USHR). “Public law 107-204.” (Short title: “Sarbanes–Oxley Act of 2002.”) July 30, 2002. Online at: www.sec.gov/about/laws/soa2002.pdf
  • Securities and Exchange Commission (SEC). “Final rule: Certification of disclosure in companies’ quarterly and annual reports.” August 28, 2002, modified August 30, 2002. Online at: www.sec.gov/rules/final/33-8124.htm
  • Securities and Exchange Commission (SEC). “Final rule: Management’s report on internal control over financial reporting and certification of disclosure in Exchange Act periodic reports.” June 5, 2003, modified August 28, 2008. Online at: www.sec.gov/rules/final/33-8238.htm
  • Securities and Exchange Commission (SEC). “Revisions to accelerated filer definition and accelerated deadlines for filing periodic reports.” December 21, 2005. Online at: www.sec.gov/rules/final/33-8644.pdf
  • Securities and Exchange Commission (SEC). “Amendments to rules regarding management’s report on internal control over financial reporting.” Corrected release. June 20, 2007. Online at: www.sec.gov/rules/final/2007/33-8809.pdf
  • Securities and Exchange Commission (SEC). Accounting and auditing enforcement releases (AAER) nos. 3223–3313. January 6–August 15, 2011. Online at: www.sec.gov/divisions/enforce/friactions.shtml

Websites:

  • Association of Certified Fraud Examiners (ACFE): www.acfe.com
  • Committee of Sponsoring Organizations of the Treadway Commission (COSO): www.coso.org
  • Institute of Internal Auditors (IIA): www.theiia.org
  • Public Company Accounting Oversight Board (PCAOB; US): www.pcaobus.org
  • Securities and Exchange Commission (SEC; US): www.sec.gov
  • Wikipedia on “Groupthink”: en.wikipedia.org/wiki/Groupthink

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share