Comprehensive Internal Controls

Fortification of companies by strengthening their internal controls is one of the most important instruments that Sarbanes Oxley uses to improve governance. Any material weakness in the internal controls, consequently a company's vulnerability to risk, has to be reported to the shareholders. Under its Section 302, Sarbanes Oxley requires that the CEO and the CFO of the company report and certify the internal controls established over financial reporting so that external reporting to shareholders and others is reliable. In addition, the financial reports should disclose any changes in internal controls with a material effect on financial reporting. The independent auditors are expected to establish procedures, as required by Public Company Accounting Oversight Board (PCAOB) Auditing Standard 2 that will enable them to attest the management's report on internal controls for financial reporting. They are also required to assess any material change in internal controls affecting the quality of financial reporting as well as report on the implications of any misstatements.

Furthermore, the Sarbanes Oxley, under Section 404, requires that a management affirm its responsibility for establishing and maintaining adequate internal control over financial reporting. Managements are also required to assess the effectiveness of internal controls over financial controls each year. The statement of the management has to be also attested by an external public accounting firm. Finally, Section 404 and the PCOAB Auditing Standard 2,requires the independent auditor of the company to attest to the management's assessment of the internal controls and the management is expected to provide all the relevant documents including results of the testing procedures.

PCOAB Auditing Standard 2 also stresses the role Information Technology plays in determining the quality of the control environment since a great deal of reporting is done with information systems which also have controls built into them and are more likely to do so in the future. Internal auditors are required to attest to the management's report on the effectiveness of these systems in financial reporting.

Featured Links: