SARBANES-OXLEY ACT OF 2002

- Came as a result of several financial frauds

- Passed on July 30, 2002
- Supports efforts to increase public confidence in capital
markets by seeking to improve corporate governance,
internal controls and audit quality
- Requires management to implement an adequate
system of internal controls over their financial reporting
process

SECTION 302
- Requires that corporate management (including CEO)
certify their organization’s internal controls on a quarterly
& annual basis

- External auditors must perform the ff procedures

quarterly to identify any material modifications in
controls that may impact financial reporting:
Interview management regarding any
significant changes in the design/operation of
internal control (occurred subsequent to the
preceding annual audit or prior review of
interim financial info)
Evaluate the implications of misstatements
identified by the auditor as part of the interim
review
Determine whether changes in internal
controls are likely to materially affect internal
control over financial reporting
SARBANES-OXLEY ACT OF 2002

SECTION 404
- Requires the management of public companies to assess the
effectiveness of their organization’s internal controls
- An annual report must:
Understand the flow of transactions, including IT aspects, in sufficient
detail to identify points at which a misstatement could arise
Using a risk-based approach, assess both the design and operating
effectiveness of selected internal controls related to material accounts
Assess the potential for fraud in the system and evaluate the controls
designed to prevent or detect fraud
Evaluate and conclude on the adequacy of controls over the financial
statement reporting process
Evaluate entity-wide (general) controls that correspond to the
components of the COSO framework

AUDIT IMPLICATIONS OF SOX

Expands the role of external auditors -> must issue a separate
audit opinion on the internal controls in addition to the opinion on the
fairness of the financial statements
Auditors -> permitted to simultaneously render a qualified opinion on
internal controls and an unqualified opinion on the financial
statements

PCAOB Standard No 5
Requires auditors to understand transaction flows, including the controls pertaining to how
transactions are initiated, authorized, recorded and reported
Evaluate entity-wide (general) controls that correspond to the components of the COSO
framework

Responsibility of Auditors & Management

SOX places responsibility on auditors to detect fraudulent activity and
emphasizes the importance of controls designed to prevent or detect
fraud
Management -> responsible for implementing such controls
Auditors -> expressly required to test them