Question

Do you think that Section 404 of the Sarbanes-Oxley Act of 2002 has been a success or do you think that the requirements are not worth the cost? Pease explain in detail

Answer 1

First, there are significant benefits associated with the control identification, documentation, and testing process. The evaluation process has led to improvements in basic internal controls such as reconciliations and segregation of duties. There were substantial improvements in the control environment that came about as a direct result of the process. Many companies recognized they have vulnerabilities in the Information Technology (IT) area and will be devoting more resources to improving and evaluating IT controls as they move forward. Companies have more confidence in their control structure and are evaluating accounting risks, which should enable investors to have more confidence in the reliability of unaudited data furnished to the securities market.

Second, the prognosis is that the future costs associated with Section 404 will decrease substantially as we look forward. Much of the initial cost came about because controls had not been systematically documented or evaluated prior to the Section 404 requirements. CAEs see the process as becoming more systematized. The authors believe companies will see significant efficiencies as they fully implement the information, communication, and monitoring concepts embedded in COSO’s Internal Control – Integrated Framework.

Third, there is uncertainty about the future role of internal auditing with respect to Section 404 work. The majority of CAEs want to maintain a strong presence in the risk and control arena, and recognize the need to perform more operational auditing that continues to add value to the organization. The majority of the respondents recognize a need to invest resources in IT auditing. Most CAEs see themselves playing a major role in ongoing monitoring and testing activities associated with Section 404 work.