Which of the following is true regarding the principle of auditor independence

Sarbanes-Oxley 2002

At the beginning of the new century, a plethora of informal recommendations came down from the Securities and Exchange Commission (SEC) about auditor independence after a number of well-publicized cases of false reporting. With the full extent of the Enron case coming to light, the Sarbanes-Oxley Act was introduced.

As an instrument for accounting reform and investor protection, this legislation was intended to reestablish investor confidence. It also was intended to reduce the stranglehold that the Big Six accounting firms had on professional services in larger corporations. Unfortunately, the law resulted in so much process design work, the Big Six didn’t notice any revenue loss.

Key sections of the act include Sections 201, 302, and 404.

SOX

SOX is the Sarbanes-Oxley Act. SOX is a government act enacted in 2002. SOX came about because of the number of corporate accounting scandals that had surfaced. The intent of SOX is to set financial guidelines for publicly traded companies. These guidelines are intended to help ensure that companies are being forthright and meeting their financial obligations to investors. The main goals of SOX are to increase transparency and force accountability.

SOX has 11 titles that define regulations for financial reporting and auditing. They are as follows:

Title I: Public Company Accounting Oversight Board This title establishes an independent board to oversee auditors and auditing.

Title II: Auditor Independence The purpose of this title is to prevent third-party auditors from having conflicts of interests.

Title III: Corporate Responsibility This title assigns corporate executives responsibility for financial documents.

Title IV: Enhanced Financial Disclosures This title establishes enhanced requirements for financial reports.

Title V: Analyst Conflicts of Interest This title defines a code of conduct for financial analysts.

Title VI: Commission Resources and Authority This title gives the Securities and Exchange Commission (SEC) the ability to censure securities professionals.

Title VII: Studies and Reports This title requires the Comptroller General and the SEC to perform various studies related to accounting and financial reporting.

Title VIII: Corporate and Criminal Fraud Accountability This title describes the penalties for altering or destroying financial records.

Title IX: White-Collar Crime Penalty Enhancement This title recommends stronger sentences for white-collar crimes.

Title X: Corporate Tax Returns This title says that the company CEO has to sign the company's tax return.

Title XI: Corporate Fraud Accountability This title states that corporate fraud and records tampering are criminal offenses and specifies penalties for these offenses.

7.7 Sarbanes-Oxley or SOX

Virtually everyone in IT has heard of the Sarbanes-Oxley Act of 2002 or SOX as it is commonly referred to, but relatively few know exactly how it works. Since SOX has an impact on so many applications it’s being briefly covered here. For a complete understanding of the provisions of the Sarbanes-Oxley act there are numerous books on the topic. Chapter 22 will provide additional information on SOX and other ways that the government impacts your application.

The stated purpose of the SOX act is “To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.” Among the many provisions included are:

Higher level of auditor independence

SOX compliance is limited to publicly traded companies

Requires executives of public corporations to sign the auditor report attesting to its accuracy

Increases penalties, both civil and criminal, for securities violations

Works to ensure that financial reporting is done with full disclosure

How does SOX impact IT personnel, specifically Application Administrators? If your application contains financial information for the organization, then you will be affected. Some ways in which an Application Administrator can be impacted include:

Authentication of users

Separations of duties, e.g., the same person can’t change the code and also install the change

Audit trails of who changed what, when a change was made, etc., need to be maintained

Access to the application must be controlled and documented

Activity by IT personnel outside of standardized business practices needs to be monitored

SOX provides a broad overview of what must be achieved, i.e., transparency in account practices, but leaves the details to individual organizations. This is especially true when it comes to how IT technologies are affected. SOX doesn’t dictate that you have to do anything specifically. What it does say is that once you establish an SOX process then you have to adhere to it.

As an Application Administrator you won’t have designed the SOX policies for your organization. The policies will already be in place and it’s your responsibility to follow them. The best advice that I can give you is to get used to them from the beginning. You may not like these policies, they may seem time consuming and pointless to you, but they are the law. Resistance is futile.

IT audit characteristics

Definitions, standards, methodologies, and guidance agree on key characteristics associated with IT audits and derived from Generally Accepted Auditing Standards (GAAS) and international standards and codes of practice. These characteristics include the need for auditors to be proficient in conducting the types of audits they perform; adherence by auditors and the organizations they represent to ethical and professional codes of conduct; and an insistence on auditor independence [7,8]. Proficiency in general principles, procedures, standards, and expectations cuts across all types of auditing and is equally applicable to IT auditing contexts. Depending on the complexity and the particular characteristics of the IT controls or the operating environment undergoing an audit, auditors may require specialized knowledge or expertise to be able to correctly and effectively examine the controls included in the IT audit scope. Codes of conduct, practice, and ethical behavior are, like proficiency, common across all auditing domains, emphasizing principles and objectives such as integrity, objectivity, competency, confidentiality, and adherence to appropriate standards and guidance [9,10]. Auditor independence—a principle applicable to both internal and external audits and auditors—means that the individuals who conduct audits and the organizations they represent have no financial interest in and are otherwise free from conflicts of interest regarding the organizations they audit so as to remain objective and impartial. While auditor independence is a central tenet in GAAS and international auditing standards, auditor independence provisions mandated in the Sarbanes–Oxley Act and enforced by the Securities and Exchange Commission (SEC) legally require independence for audits of publicly traded corporations.

Sarbanes-Oxley (SOX)—2002

The Sarbanes-Oxley Act (SOX)—Public Law 107-204, 116 Statute 745, passed July 2002. This act sets in place the revised standards for risk, operations and accounting reporting, compliance, and governance standards for all US public company boards of directors, management, and public accounting firms. The SOX Act was enacted as a result of several major corporate scandals during the late 1990s including Enron, Tyco, and WorldCom. As a result of SOX, top management must now individually certify the accuracy of financial information. Additionally, penalties for fraudulent financial activity are much more severe, and there is now a requirement for increased oversight by the corporate boards of directors and the independence of the outside auditors who review the accuracy of corporate financial statements.

SOX contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the law. The SOX Act also created a new, quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The SOX Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure as follows:

Addressed specific areas such as:

Top management must individually certify the accuracy of financial information.

It provided for penalties for fraudulent financial activity, which are much more severe than previously listed and legalized.

It increased the independence of the outside auditors who review the accuracy of corporate financial statements.

It increased the oversight role of boards of directors.

SOX Reporting Criteria

Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks;

Understand the flow of transactions, including IT aspects, in sufficient detail to identify points at which a misstatement could arise;

Evaluate company-level (entity-level) controls, which correspond to the components of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework.

What are the principles of audit independence?

Which of the following best describes independent auditing?

What is the independent auditor's principal purpose?

Why is independence the most important characteristics of an auditor?