Some internal auditors often avoided financial auditing issues in past years. They
took pride in their skills as operational auditors and reserved financial auditing
tasks to their external audit firm. Those external auditors reviewed financial controls
and records leading up to the issuance of annual financial statements along
with their auditor’s reports on the fairness of those financial statements. Given
their operational audit and internal controls skills, many internal auditors supported
their external auditors over the years. This arrangement began to change
somewhat during the 1990s. The major public accounting firms up through about
the year 2002—then called “the Big 5”—began to take responsibility for organizational
internal audit functions through what was called outsourcing. Through an
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
22
arrangement with the audit committee, many internal auditors at that time found
themselves to be employees of their external audit firms continuing to perform
internal audits but under the management of their external auditors.
These outsourcing arrangements offered advantages to some internal auditors.
Reporting to a large external audit firm, many outsourced internal auditors
found greater opportunities for access to continuing education or the possibility to
make promotional career transfers to other organizations. Outsourcing somewhat
changed the tone of many of these internal audit functions. The public accounting
firms managing an internal audit group tended to focus the attention of their
internal audit resources more on audits in support of financial controls rather than
operational issues. Although not every internal audit function was outsourced,
this trend continued through the late 1990s in many major corporations.
As the 1990s ended, businesses were faced with predictions of computer
systems and other process-related disasters as part of the Y2K millennium
change to the year 2000. Although the millennium arrived with no major problems,
the following year, 2001, brought with it some real disasters for U.S.
accountants, auditors, and business in general. The long-running stock market
boom, fueled by “dot-com” Internet businesses, was shutting down with many
companies failing and with growing ranks of unemployed professionals. Those
same boom years spawned some businesses following new or very different
models or approaches. One that received considerable attention and investor
interest at that same time was Enron, an energy trading company. Starting as a
gas pipeline company, Enron developed a business model based on buying and
selling excess capacity first over their and competitor’s pipelines and then moving
on to excess capacity trading in many other areas. For example, an electrical
utility might have a power plant generating several millions of excess kilowatt
hours of power during a period. Enron would arrange to buy the rights to that
power and then sell it to a different power company who needed to get out of a
capacity crunch. Enron would earn a commission on the transaction.
Enron’s trading concept was applied in many other markets such as telephone
message capacity, oil tankers, water purification, and in many other
areas. Enron quickly became a very large corporation and really got the attention
of investors. Its business approach was aggressive, but it appeared to be profitable.
Then, in late 2001, it was discovered that Enron was not telling investors the
true story about its financial condition. Enron was found to be using off-balance
sheet accounting to hide some major debt balances. It had been transferring significant
financial transactions to the books of unaffiliated partnership organizations
that did not have to be consolidated in Enron’s financial statements. Even
worse, the off-balance sheet entities were paper-shuffling transactions orchestrated
by Enron’s chief financial officer (CFO) who made massive personal profits
from these bogus transactions. Such personal transactions had been
prohibited by Enron’s Code of Conduct, but the CFO requested the board to formally
exempt him from related code violations. Blessed by the external auditors,
the board then approved these dicey off-balance sheet transactions. Once publicly
discovered, Enron was forced to roll these side transactions back in to
Enron’s consolidated financial statements and forcing a restatement of earnings.
Certain key lines of credit and other banking transactions were based on its
3.1 BACKGROUND: CHANGES IN FINANCIAL AUDITING STANDARDS
23
pledge to maintain certain financial health ratios. The restated earnings put
Enron in violation of these agreements. What once had looked like a strong,
healthy corporation, Enron was soon forced to declare bankruptcy.
Because Enron was a prominent company, there were many “how could this
have happened?” questions raised in the press and by government authorities.
Another troubling question was, “where were the auditors?” Commentators felt
that someone would have seen this catastrophe coming if they had only looked
harder. The press at the time was filled with articles about Enron’s fraudulent
accounting, the poor governance practices of Enron’s board, and the failure of its
external auditors. The firm Arthur Andersen had served as Enron’s external auditors
and had also assumed responsibility for its internal audit function through
outsourcing. With rumors that the SEC would soon be on the way to investigate
the evolving mess, Andersen directed its offices responsible for the Enron audit to
“clean up” all records from that audit. The result was a massive paper shredding
exercise, giving the appearance of pure evidence destruction. The federal government
moved quickly to indict Andersen for obstruction of justice because of this
document shredding, and in June 2002, Andersen was convicted by a Texas jury
of a felony, fined $500,000 and sentenced to five years’ probation. With the conviction,
Andersen lost all public and professional trust and soon ceased to exist.
At about the same time, the telecommunications firm WorldCom disclosed
that it had inflated its reported profits by at least $9 billion during the previous
three years, forcing WorldCom to declare bankruptcy. Another telecommunications
company, Global Crossing, also failed during this same time period when
its shaky accounting became public. The cable television company Adelphia
failed when it was revealed that its top management, the founding family, was
using company funds as a personal piggy bank, and the CEO of the major conglomerate
Tyco was both indicted and fired because of major questionable financial
transactions and personal greed. Only a few examples are mentioned here;
in late 2001 and through the following year, 2002, many large corporations were
accused of fraud, poor corporate governance policies, or very sloppy accounting
procedures. Exhibit 3.1 highlights some of these financial failures. The press, the
SEC, and members of Congress all declared that auditing and corporate governance
practices needed to be fixed.
These financial failures helped to introduce some major changes to what had
been well-established financial auditing standards and practices. They caused
government regulators as well as the investment community to question and then
reform the financial auditing standards setting process and a wide range of public
accounting firm practices. Many organizations’ CEOs and CFOs were characterized
as being more interested in personal gain than in serving shareholders, audit
committees were often characterized as not being sufficiently involved in organizational
transactions, and external auditors and their professional organization,
the American Institute of Certified Public Accountants (AICPA) received major
criticism. Outsourced internal auditors caught this criticism as well; they were
viewed as being tied too closely to their external audit firm owners. Many other
previously accepted practices, such as the self-regulation of public accounting
firms, were seriously questioned. By self-regulation, we refer to the AICPA’s peer
review process, where public accounting firm A would be given the responsibility
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
24
to review standards and practices for firm B. Knowing that firm B might be
assigned to come back and review A a few years into the future, few firms ever
found that much critical to say about their peers.
These financial scandals caused many changes with the passage in 2002 of the
Sarbanes-Oxley Act (SOA) as the most significant event. SOA establishes regulatory
rules for public accounting firms, financial auditing standards, and corporate
governance. Through SOA, the public accounting profession has been transformed,
the AICPA’s Auditing Standards Board (ASB) has lost its authority for
setting auditing standards, and the rules have changed for corporate senior executives,
boards of directors, and their audit committees. A new entity, the Public
Corporation Accounting Overview Board (PCAOB) has been established, as part
of SOA and under the SEC to set public accounting auditing standards and to
oversee individual public accounting firms. Although not directly covered in the
legislation, SOA also has very much affected internal auditors as well.
This chapter discusses this very significant public accounting standards setting
and corporate governance legislation, the Sarbanes-Oxley Act (SOA), with an
emphasis on its aspects that are most important to internal auditors. SOA and the
PCAOB represent the most major change to public accounting, financial reporting,
and corporate governance rules since the SEC was launched in the 1930s.
SOA represents the most important set of new rules for auditing and internal
auditing today. The effective internal auditor should have a good understanding
of these new rules and how they apply to today’s practice of internal auditing.
took pride in their skills as operational auditors and reserved financial auditing
tasks to their external audit firm. Those external auditors reviewed financial controls
and records leading up to the issuance of annual financial statements along
with their auditor’s reports on the fairness of those financial statements. Given
their operational audit and internal controls skills, many internal auditors supported
their external auditors over the years. This arrangement began to change
somewhat during the 1990s. The major public accounting firms up through about
the year 2002—then called “the Big 5”—began to take responsibility for organizational
internal audit functions through what was called outsourcing. Through an
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
22
arrangement with the audit committee, many internal auditors at that time found
themselves to be employees of their external audit firms continuing to perform
internal audits but under the management of their external auditors.
These outsourcing arrangements offered advantages to some internal auditors.
Reporting to a large external audit firm, many outsourced internal auditors
found greater opportunities for access to continuing education or the possibility to
make promotional career transfers to other organizations. Outsourcing somewhat
changed the tone of many of these internal audit functions. The public accounting
firms managing an internal audit group tended to focus the attention of their
internal audit resources more on audits in support of financial controls rather than
operational issues. Although not every internal audit function was outsourced,
this trend continued through the late 1990s in many major corporations.
As the 1990s ended, businesses were faced with predictions of computer
systems and other process-related disasters as part of the Y2K millennium
change to the year 2000. Although the millennium arrived with no major problems,
the following year, 2001, brought with it some real disasters for U.S.
accountants, auditors, and business in general. The long-running stock market
boom, fueled by “dot-com” Internet businesses, was shutting down with many
companies failing and with growing ranks of unemployed professionals. Those
same boom years spawned some businesses following new or very different
models or approaches. One that received considerable attention and investor
interest at that same time was Enron, an energy trading company. Starting as a
gas pipeline company, Enron developed a business model based on buying and
selling excess capacity first over their and competitor’s pipelines and then moving
on to excess capacity trading in many other areas. For example, an electrical
utility might have a power plant generating several millions of excess kilowatt
hours of power during a period. Enron would arrange to buy the rights to that
power and then sell it to a different power company who needed to get out of a
capacity crunch. Enron would earn a commission on the transaction.
Enron’s trading concept was applied in many other markets such as telephone
message capacity, oil tankers, water purification, and in many other
areas. Enron quickly became a very large corporation and really got the attention
of investors. Its business approach was aggressive, but it appeared to be profitable.
Then, in late 2001, it was discovered that Enron was not telling investors the
true story about its financial condition. Enron was found to be using off-balance
sheet accounting to hide some major debt balances. It had been transferring significant
financial transactions to the books of unaffiliated partnership organizations
that did not have to be consolidated in Enron’s financial statements. Even
worse, the off-balance sheet entities were paper-shuffling transactions orchestrated
by Enron’s chief financial officer (CFO) who made massive personal profits
from these bogus transactions. Such personal transactions had been
prohibited by Enron’s Code of Conduct, but the CFO requested the board to formally
exempt him from related code violations. Blessed by the external auditors,
the board then approved these dicey off-balance sheet transactions. Once publicly
discovered, Enron was forced to roll these side transactions back in to
Enron’s consolidated financial statements and forcing a restatement of earnings.
Certain key lines of credit and other banking transactions were based on its
3.1 BACKGROUND: CHANGES IN FINANCIAL AUDITING STANDARDS
23
pledge to maintain certain financial health ratios. The restated earnings put
Enron in violation of these agreements. What once had looked like a strong,
healthy corporation, Enron was soon forced to declare bankruptcy.
Because Enron was a prominent company, there were many “how could this
have happened?” questions raised in the press and by government authorities.
Another troubling question was, “where were the auditors?” Commentators felt
that someone would have seen this catastrophe coming if they had only looked
harder. The press at the time was filled with articles about Enron’s fraudulent
accounting, the poor governance practices of Enron’s board, and the failure of its
external auditors. The firm Arthur Andersen had served as Enron’s external auditors
and had also assumed responsibility for its internal audit function through
outsourcing. With rumors that the SEC would soon be on the way to investigate
the evolving mess, Andersen directed its offices responsible for the Enron audit to
“clean up” all records from that audit. The result was a massive paper shredding
exercise, giving the appearance of pure evidence destruction. The federal government
moved quickly to indict Andersen for obstruction of justice because of this
document shredding, and in June 2002, Andersen was convicted by a Texas jury
of a felony, fined $500,000 and sentenced to five years’ probation. With the conviction,
Andersen lost all public and professional trust and soon ceased to exist.
At about the same time, the telecommunications firm WorldCom disclosed
that it had inflated its reported profits by at least $9 billion during the previous
three years, forcing WorldCom to declare bankruptcy. Another telecommunications
company, Global Crossing, also failed during this same time period when
its shaky accounting became public. The cable television company Adelphia
failed when it was revealed that its top management, the founding family, was
using company funds as a personal piggy bank, and the CEO of the major conglomerate
Tyco was both indicted and fired because of major questionable financial
transactions and personal greed. Only a few examples are mentioned here;
in late 2001 and through the following year, 2002, many large corporations were
accused of fraud, poor corporate governance policies, or very sloppy accounting
procedures. Exhibit 3.1 highlights some of these financial failures. The press, the
SEC, and members of Congress all declared that auditing and corporate governance
practices needed to be fixed.
These financial failures helped to introduce some major changes to what had
been well-established financial auditing standards and practices. They caused
government regulators as well as the investment community to question and then
reform the financial auditing standards setting process and a wide range of public
accounting firm practices. Many organizations’ CEOs and CFOs were characterized
as being more interested in personal gain than in serving shareholders, audit
committees were often characterized as not being sufficiently involved in organizational
transactions, and external auditors and their professional organization,
the American Institute of Certified Public Accountants (AICPA) received major
criticism. Outsourced internal auditors caught this criticism as well; they were
viewed as being tied too closely to their external audit firm owners. Many other
previously accepted practices, such as the self-regulation of public accounting
firms, were seriously questioned. By self-regulation, we refer to the AICPA’s peer
review process, where public accounting firm A would be given the responsibility
INTERNAL AUDIT IN THE TWENTY-FIRST CENTURY: SARBANES-OXLEY AND BEYOND
24
to review standards and practices for firm B. Knowing that firm B might be
assigned to come back and review A a few years into the future, few firms ever
found that much critical to say about their peers.
These financial scandals caused many changes with the passage in 2002 of the
Sarbanes-Oxley Act (SOA) as the most significant event. SOA establishes regulatory
rules for public accounting firms, financial auditing standards, and corporate
governance. Through SOA, the public accounting profession has been transformed,
the AICPA’s Auditing Standards Board (ASB) has lost its authority for
setting auditing standards, and the rules have changed for corporate senior executives,
boards of directors, and their audit committees. A new entity, the Public
Corporation Accounting Overview Board (PCAOB) has been established, as part
of SOA and under the SEC to set public accounting auditing standards and to
oversee individual public accounting firms. Although not directly covered in the
legislation, SOA also has very much affected internal auditors as well.
This chapter discusses this very significant public accounting standards setting
and corporate governance legislation, the Sarbanes-Oxley Act (SOA), with an
emphasis on its aspects that are most important to internal auditors. SOA and the
PCAOB represent the most major change to public accounting, financial reporting,
and corporate governance rules since the SEC was launched in the 1930s.
SOA represents the most important set of new rules for auditing and internal
auditing today. The effective internal auditor should have a good understanding
of these new rules and how they apply to today’s practice of internal auditing.
No comments:
Post a Comment