In: Accounting
Explain the purposes and reasons for public accounting firms to perform an integrated audit. Address the Sarbanes-Oxley Act (SOX). Add references please!
What is an integrated audit ( A small explanation before we go further ) :
An integrated audit involves both the audit by an external auditor of a client's financial statements and its system of controls for financial reporting. It combines financial statement audit with audit of internal controls.
Purposes and Reasons for public accounting firms :
While filing the annual report with SEC, all the public companies should include the internal control report of management. Also for other smaller and private firms ( even though not mandate) when growing or making acquisitions they may prefer to for the integrated audit to know the strength of internal control systems of the acquiring company.
Based on the level of risk on material weakness, the auditor has to select the points to be audited. Some of the examples may be, regulatory frame work, occurences and events that may hit the industry performance, introduction of typical techniques etc.
The testing is based on the management control on CRAs ( Critical Risk Areas). If the management has a strong support and continuously monitoring on the high risk areas and risk is assessed then the testing of the internal control will be less and vise versa. A Top - Down approach may be selected for these type of testings.
The objectives of the audits are not identical, however, and the auditor must plan and perform the work to achieve the objectives of both audits.
SOX ( Sarbanes-Oxley) Act 2002 :
After the financial scandals of Enron and WorldCom, the SOX has been enacted to safegarud the intersets of the share holders on erros and frauds of financial accounts of public companies of more than $75mm public float. As per Sec 404 of SOX act, all the firms who met the above limit should include the management assessment report on internal control systems that are followed, along with the financial statements when submitting the financial results to SEC. This shows the companies financial data is accurate and also it is confident that it follows a strict and stringent internal controls to safe gaurd the financial data.
Examples :
1) While preparing and posting any journal entry, it should be followed by the test result that it is tested for the proper supporting and followed the approval matrix
2) For creating any Asset, the heirarchy is followed for all the budget allocations and proper approvals
3) For any reconciliations, the data is backed up with proper evidences and back ups
etc..