Emerging Auditing Issues

Date of submission
The Sarbanes-Oxley Act is an act in the United States of America that was created to fix auditing of Public Companies by Congress on July 25, 2002. The act created a body to oversee and regulate auditing through the Public Company Accounting Oversight Board (PCAOB). The body enlists auditors to enforce laws against theft and fraud by corporate officers.
This body has been very instrumental in improving the reliability of audited financial statements. The body has created standards governing how auditors conduct their audits which also incorporates auditor ethics and independence. For instance from the body identifies potential areas in the field of auditing that need to be addressed. This is effectively done through, review of information obtained from company inspections and also input from its own Standing Advisory Group that has representatives from investor groups, the audit profession and also representatives from public companies. This enables the company to work on such issues and in the long run resolve company issues.
According to The Sarbanes-Oxley Act at 10, the PCAOB has also been very instrumental in issuing practice alerts so as to draw auditor’s attention to emerging issues or risks especially to do with the current economic environment and emerging trends in the market. The body has also enabled inspection of audit quality. The body does annual inspections that ensure auditing is being done to standards. To do this effectively, it inspects registered audit firms at intervals based on the number of companies that the firm handles. This assessment is based on the risks that a public company may contain certain misstatements. These reviews offer an independent review of the quality of auditing being carried out and highlight opportunities for improvement within the firms. At the end of which, PCAOB prepares reports that are usually available to the public for analysis. The reports contain concerns of the body and companies are expected to work on them failure to which, the concerns are made public.
The body also investigates and sanctions audit firms that violate provisions of The Sarbanes-Oxley Act. The body has powers to impose fines on firms and individual auditors, cancel the licence of a company to perform audits and also bar an individual auditor from association with registered audit firms. These disciplinary actions are also made public to prevent individuals from taking up other audit jobs and also to inform the public why disciplinary actions were taken against them.
The PCAOB has impacted the auditing field by enhancing transparency in firms. It has also created executive accountability and investor protection. The body has ensured that the executives clearly know their role in the company and thus make them more accountable. In line with, stiff penalties were proposed. These penalties include SEC enforcement action, criminal penalties that include fines and imprisonment and forfeiture of bonuses and profits. This body has also been mandated to ensure companies provide enhanced disclosures in financial reports for instance the body is entrusted to ensure that material off-balance sheet transactions, arrangements and obligations are well noted and well documented. The body has ensured that executives are not involved in fraud by ensuring that they are prohibited from trading shares especially after specific blackout periods before and after earnings reports. The body has enabled the strengthening of audit committees and corporate governance. These audit committees are solely responsible for oversight of the work of auditors which is away from the norm whereby management was responsible for this. In this committees financial experts were brought on board who have brought expertise in financial reports. This has impacted the quality of audit carried out in companies which has served to create confidence in financial markets.
The PCAOB actions may not be sufficient especially as concerns the responsibility of corporate officers and auditors of financial statements this may be so especially by looking at section 404 of SOX this is because this section is overwhelming for auditors. In reality, auditors should focus on those control that have significant risks as compared to those with less risks then the companies may be in a position to save on costs also the section does not protect corporate officers and auditors from litigation. This is according to David C. John and Nancy M. Marano (2007)
SOX requires public companies to assess how effective their internal controls from time to time. This is especially as concerns their financial statements. This internal control measure need to be maintained annually and the reports made public. This is according to section 404 of the SOX act. The impact of this is that the maintenance of records has been well taken care of which have been done in reasonable detail and which are supposed to reflect the transactions and dispositions of the assets of the issuer. This has also enabled proper recording of company transactions that are necessary for the preparation of financial statements which is in accordance with the stipulated accounting principles this also ensures that expenditure of the issuer are made with the right authorization of management and directors of the registrant. This has also provided some amount of assurance as concerns prevention or on the other hand timely detection of unauthorized acquisitions, use or disposition of the issuer’s assets that may have an effect on the financial statements of the company. I believe that the requirements to conduct such internal controls have worked before and can be credited with improving public companies’ systems of internal controls and has served to improve relations in a company to ensure that the public has confidence in the company. In this case financial reports of a company can be more reliable and also has made the process of preparing financial reports easier since the company adopts a system that keeps the required financial statements this also gives confidence to managers and executives of the company since they are able to address any concerns that may be brought to their attention by either auditors, government or even the general public.
According to Jason D. Lannen (2013) System Design Life Cycle (SDLC) are important in any company because there is need to create routine and consistency on company operations, a structure of operation is required. SDLC are important in that they establish a framework for creating, building, interpreting, implementing and enhancing systems that all personnel in a company follow. The SDLC also create accountability for IT and business management by requiring proper documentation in this respect and signoffs. SDLC comply with SOX and also government regulations.
SDLC is geared at ensuring that the operation of a company go on uninterrupted and in the correct sequence of events. Company operations fail due to lack of planning which is based on insufficient data, some materials of information may be missing, lack of details and poor estimates. Also there exists obstacles that prevent recovering of failed operations. Since some stakeholders may be unwilling to accept changes required , poor communication channels, lack of enough resources and which are qualified to handle such cases and also lack of process or methodology that enable in bringing failed operations back on track.
To enable successful operations in a company, there is need for top management support, sound implementation methodology and an IT office that concentrates on Tactical IT management and proper business management.
SDLC is geared at changing how company operations are done by establishing a formal change management process that has certain functionalities of processing errors and adding extra security to the system. This system should be put in place to prevent malicious access to company documents since the system is stored in a secured location. Physical access is also restricted to only systems used for SDLC development and testing and SDLC project documentation. The system is well secured so that it is tamper proof that prevents traceability to change documents this is because a case of fraud may take place and the culprits may be tempted to access the system so as to tamper for example financial statements and books of accounts. The system also has a backup functionality which enables access to past financial reports and in the process reduce the instances of lack of reference points. This may also be important when carrying out an analyses of trends in the company. The management may require to know how audit reports results over a long period of time so as to be able to make analyses and in the process aid in making comparisons with other financial years.
The SDLC system needs to be adopted in companies because through it the emerging issue of fraud cases is in the long run likely to be dealt with. Since the system can be installed with a data conversion and validation system that validates data installed based on completeness and accuracy. The system is also able to understand the business process and thus map controls to business and system requirements. The system also enables management to determine the key financial and operational controls which has emphasis on the regulatory compliance aspect and also impact on business operations. This system also enables risk assess controls and thus in this way companies are better equipped to beat fraud.
This coupled with other aspects discussed under SDLC are very crucial in fully implementing the SOX act. This is because in some scenarios some cases of fraud may go undetected. For example certain operations may enable one to cheat the whole system if one is able to tamper with the source document, then they may be able to change all the documents so as to read information that may not be true. This may be difficult to detect also some transactions may be done and the proper documentation not done this may be difficult to trace but with the help of SDLC such transactions cannot go unnoticed since the system is programmed in such a way that it is able to detect any loophole and prevent tampering of documents. Generally the system is installed in such a way that it has all the aspects of the requirements of SOX thus the business is able to run in relation to the requirements of SOX since the system is programmed to do so. Without adopting SDLC, companies might find it difficult to beat audit failures in the companies.

REFERENCES
– Why SDLC controls are important for a project- Jason D. Lannen CISA, CISM August 21, 2013.
– The Sarbanes- Oxley Act at 10- Enhancing the reliability of financial reporting and audit quality.
– The Sarbanes-Oxley Act: Do we need a regulatory or Legislative Fix? By David C. John and Nancy M. Marano
– The United States of America Securities Exchange act of 1934- section 10 A
– The Cost and Benefits of Sarbanes-Oxley article by Harvard’s Business school Julia Hanna- March 10, 2014
– Kayhan, F. (2023). Internal Audit, Internal Control Systems in Finance Industry in the Changing Business Environment, Evidence From Turkey as an Emerging Economy: Banking Applications, Internal Systems. In Managing Inflation and Supply Chain Disruptions in the Global Economy (pp. 281-292). IGI Global.
Ryle, P. M., Bueltel, B. L., McKnight, M. A., & Beckman, J. K. (2022). Decoding lessons from the Facebook Consent Decree: Does Sarbanes–Oxley foreshadow the future of privacy regulation?. International Journal of Disclosure and Governance, 19(1), 1-10.

Published by
Dissertations
View all posts