Внутренний контроль, соответствие требованиям закона Сарбейнса — Оксли

В данной работе мы сфокусировали свое внимание на эффективности внутреннего контроля, или точнее, закона Сарбейнса-Оксли (SOX). Мы рассмотрим эту проблему в контексте закона Сарбейнса-Оксли для корпоративного управления. В настоящем документе рассматривается, каким образом статьи 302 и 404 закона SOX раскрывают информацию о системе внутреннего контроля, влияют на рынок корпоративного контроля и как эти разделы могут быть реализованы на практике.

In this paper, we focus on the benefit of effective internal controls, or more precisely, the Sarbanes-Oxley Act (SOX). We examine this issue in the context of the Sarbanes-Oxley Act for corporate control. This paper examines how SOX 302 and 404 disclosures on the internal control environment affect the market for corporate control and how these sections may be implemented on practice.

Keywords: SOX, internal control, financial reporting reliability, internal control deficiency.

Introduction

Compliance with the requirements of the Sarbanes — Oxley act has become a worldwide practice of business, and many companies, including Russian companies, apply its provisions. The Sarbanes-Oxley act was enacted in 2002 after a number of corporate scandals in the United States, connected with disturbances in corporate governance and financial reporting in the case of Enron, Tyco International, Peregrine Systems, World-Com, which has led to million dollar losses investors of these corporations. The Sarbanes-Oxley Act of 2002 also known as the Public Company Accounting Reform and Investor Protection Act, and commonly called ”SOX” or ”Sarbox.

The law has 11 sections, which address the issue of auditor independence, corporate responsibility, full financial transparency, conflicts of interest, corporate financial reporting, etc. According to the Law, every public company must be listed by the audit Committee. The Sarbanes — Oxley act is mandatory for all companies whose securities are registered with the securities and exchange Commission (U. S. SEC), residents and non-residents of the USA, whose shares are listed on the American stock exchanges (NYSE or NASDAQ). Even Russian companies apply the provisions of SOX mandatory such as VympelCom, MTS, Mechel, as well as numerous subsidiaries of foreign issuers registered with the SEC.

Sarbanes Oxley Audit Requirements

The Sarbanes Oxley Act requires all financial reports to include an Internal Controls Report. It means that a company's financial data accurate and adequate controls are in place to safeguard financial data. Year-end financial reports are also a requirement. A SOX auditor is required to review controls, policies, and procedures according to a Section 404 of the law. SOX auditing requires that internal controls and procedures can be audited using a control framework. In accordance with the Sarbanes-Oxley act, each public company should establish an audit Committee, whose members are independent and are part of the Board of Directors. In this case, to ensure the independence of the members, the audit Committee may not receive from the company any payments for advice and to have any relationship with the company or its subsidiaries, except to perform the functions of members of the Board of Directors. The audit Committee must have at least one financial expert with knowledge of generally accepted accounting standards (GAAP) and financial statements, as well as with experience of auditing financial statements. The duties of the audit Committee include the appointment, control, payment services internal auditors, who report directly to the Committee, as well as all audit and other services provided by the company's external auditors.

Financial statements of the listed companies and submitted to the Securities and Exchange Commission, shall be signed by the CEO and CFO. The information in the financial statements should be in all material respects, provide an accurate view of the financial position and results of operations. In case of reissuing financial statements in connection with the failure to coincide with the requirements for its preparation, the CEO and CFO should lose the bonus and any additional payments, and income from the sale of securities of their company, in their possession, which are received within 12 months after the publication of the financial statements, containing inaccurate data.

Perhaps the most controversial parts of SOX is its additional requirements on internal controls (Sections 302 and 404).

Section 302 requires CEOs and CFOs personally to certify the accuracy of preparing of the financial statements and the effectiveness of internal controls. In addition to management’s evaluation and certification. Three conditions must exist for a registrant to disclose an internal control deficiency under Section 302. First, an internal control deficiency must exist; second, management or the independent auditor must discover the deficiency; and third, management, perhaps after consultation with its independent auditor, must conclude that the deficiency should be publicly disclosed. Under the provisions of Section 302, the review of internal control is subject to less scrutiny by both management and the auditor and the disclosure rules are less specific than subsequently exist under Section 404 [Hollis Ashbaugh-Skaifea, Daniel W. Collinsb, William R. Kinney Jr, 2007].

Section 404 requires independent auditors to certify management's assertion of the effectiveness of its internal controls [Ge, W., McVay, S., 2005]. Section 404 requires top management to assess the effectiveness of internal controls over financial reporting and the external auditor to attest and report on management’s assessment. The dispute surrounds the costs and benefits of the required disclosures. Direct benefits seem to be elusive [e.g., Ogneva, Subramanyam, and Raghunandan, 2007]. Costs appear to be high: empirical evidence suggests that SOX imposed net costs on shareholders [Zhang, 2007, Ashbaugh-Skaif et al., 2009] and bondholders [DeFond, Zhang, 2007].

Section 404 Management Assessment of Internal Controls

Section 404 is the most complicated, and most expensive to implement of all the Sarbanes Oxley Act sections for compliance. All annual financial reports must include an Internal Control Report stating that management is responsible for an internal control structure, and an assessment by management of the effectiveness of the control structure. Any defects in these controls must also be reported. In addition, registered external auditors must attest to the accuracy of the company management assertion that internal accounting controls are in place, operational and effective. Section 404 of the Sarbanes-Oxley act requires that when preparing reports according to the SEC the company executives provide confirmation of the effectiveness of internal control procedures over financial reporting. In this unit, tasked with the implementation of internal control should include in the annual report of the company's own assessment of the work of the management in accordance with accepted standards. This section causes the greatest difficulty in application, because most companies did not use detailed reporting to manage their cash flow. The responsibility of companies is the implementation of internal control systems; test their effectiveness, assessment of their vulnerability. Subject to section 404 of the company faces the challenges of shortage of qualified and experienced personnel, inefficiency of the internal control system, the lack of reliable methodology for financial reporting, the lack of human, technological and financial resources. All this resulted in the need to engage the services of outside advisors and auditors. The need to audit the internal control systems of companies, as required by section 404, has led to the increase in the cost of audit by an average of 30 percent. When conducting research on the effects of Sarbanes-Oxley on the cost of equity results showed that the cost of own capital of the investigated companies fell after the entry into force of the law. However, when small and large firms are considered separately, it was found that the reduction in the cost of capital is typical for small firms.

The Sarbanes-Oxley act has caused many companies need completely change the methods of reporting. These transformations do not occur without cost, but the benefits have repeatedly outweigh the costs. Many companies have benefited from the changes, the accounting standards have become more stringent during the period of validity of the law, the U. S. economy was able to avoid many corporate crises. Nevertheless, there were also plenty of companies that have failed to comply with the law. Many of them are not market participants either were forced to place their shares outside the United States. Currently, according to corporate executives, the cost of internal audit is gradually reduced and are 30–40 % less than when the system of internal financial audit was only introduced. The decrease in expenses is due to the fact that the employees of the companies is constantly on the collection and control of financial information. When American corporations are faced with the need to adapt to the requirements of the new law, they were forced to apply to consulting firms and external auditors to assess the flows of financial intelligence. To date, all necessary procedures have been defined and a number of internal audit of the company can be solved on their own, which reduces the costs of external consultants.

Conclusion

The reliability of financial reporting is claimed to be a function of the effectiveness of a firm’s internal control [PCAOB 2004]. In this paper were used recently available data on the effectiveness of firms’ internal controls coordinated by the Sarbanes-Oxley Act (SOX). We insist that if a firm has weak internal control, managers are less able to determine reliable financial data, and a consequence of these unintentional misrepresentations is that financial information is less reliable. Besides that, managers of firms with weak internal control can more readily override the controls and intentionally prepare biased accrual estimates that facilitate meeting their opportunistic financial reporting objectives.

Opponents of the law believe that the costs of compliance are too onerous for small businesses and it makes it difficult to realize benefits from the use. Supporters, on the contrary, believe that the law has increased the efficiency of small firms by reducing the overall riskiness of their activities and enhance transparency.

References:

1.      Sarbanes-Oxley Act. http://www.sarbanes-oxley-101.com/

2.      U. S. Securities and Exchange Commission. http://www.sec.gov/

3.      Ashbaugh-Skaife, H., Collins, D., Kinney Jr., W., Lafond, R., 2009. The effect of SOX internal control deficiencies on firm risk and cost of equity. Journal of Accounting Research 47, 1–43.

4.      DeFond, M., Hung, M., Karaoglu, E., Zhang, J., 2007. Was the Sarbanes-Oxley Act good news for corporate bondholders? Working Paper, University of Southern California.

5.      Hollis Ashbaugh-Skaifea, Daniel W. Collinsb, William R. Kinney Jr, 2007. The discovery and reporting of internal control deficiencies prior to SOX-mandated audits. Journal of

6.      Accounting and Economics 44: 166–192.

7.      R. LaFond: The effect of SOX internal control deficiencies and their remediation on accrual quality.

8.      Ge, W., McVay, S., 2005. Disclosure of material weaknesses in internal control after the

9.      Sarbanes-Oxley Act. Accounting Horizons, 19(3), 137–158

10.  Ogneva, M., Subramanyam, K., Raghunandan, K., 2007. Internal control weakness and cost of equity: Evidence from SOX Section 404 disclosures. The Accounting Review 82 (5), 1255–1297.

11.  Zhang, I., 2007. Economic consequences of the Sarbanes–Oxley Act of 2002. Journal of

12.  Accounting and Economics 44: 74–115.

13.  MSFO on practice. http://msfo-practice.ru/article.aspx?aid=309346.

14.  PCAOB, Public Company Accounting Oversight Board, 2004 Annual report.