Question

According to the Sarbanes-Oxley Act of 2002, management is responsible for establishing a control environment, assessing risks it wishes to control, specifying information and communication channels and content (including the accounting system and its reports), designing and implementing control procedures, and monitoring, supervising, and maintaining the controls.

As Internal/Forensic Auditor, I made multiple recommendations to management relative to eliminating inefficiencies in the business process. Some of my recommendations were ignored and the inefficiencies were allowed to continue. Management felt the risk exposure related to the inefficiencies was not significant.

Considering this, do you believe management should be free to make their own judgments about the necessary extent of controls?  

Answer 1

In our opinion, management’s assessment that the Corporation maintained effective internal control over financial reporting as of December 31, 2005, is fairly stated, in all material respects, based on the criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Also in our opinion, the Corporation maintained, in all material respects, effective internal control over financial reporting as of December 31, 2005, based on the criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission.

We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated financial statements and financial statement schedule of the Corporation as of and for the year ended December 31, 2005 and our report dated February 21, 2006 expressed an unqualified opinion on those financial statements and financial statement schedule and included an explanatory paragraph regarding a change in the Corporation’s method of determining conditional asset retirement obligations.

We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, evaluating management’s assessment, testing and evaluating the design and operating effectiveness of internal control, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinions.

A company’s internal control over financial reporting is a process designed by, or under the supervision of, the company’s principal executive and principal financial officers, or persons performing similar functions, and effected by the company’s board of directors, management, and other personnel to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.