Business Services Industry

Assessing new responsibilities - internal and external auditors

Internal Auditor, Feb, 2003 by Sheila Mullan

U.S. accounting reforms are changing the way businesses think about financial reporting. Although some auditors have taken swift action to help their organizations comply with new legal requirements, many questions remain as to the challenges that Lie ahead.

BOTH INTERNAL AND EXTERNAL auditors these days are scurrying to make sense of the Sarbanes-Oxley Act of 2002, which tightens accounting controls and expands the responsibilities of corporate officers. The sweeping changes within the new legislation, along with its evolving interpretation by the U.S. Securities and Exchange Commission (SEC), are raising the bar on corporate accountability and, in turn, raising many questions among auditors charged with helping to ensure compliance with the act's requirements.

The legislative changes are designed to protect investors from the sort of alleged accounting fraud that surfaced at Enron Corp. But the act has caused some confusion about auditor duties and relationships. For example, some auditors are questioning whether the high-minded legal requirements can, in fact, be audited and are trying to determine the best approach to their review work. In addition, audit practitioners are uncertain about how the requirements will impact their relationships with audit committees and management, as well as fellow audit professionals.

Although many auditors are burning the midnight oil to familiarize themselves with the new regulations and to prepare for their role in the compliance process, the scope and complexity of change has made the learning process a significant challenge. In response to growing concerns, several internal and external audit practitioners recently gathered to discuss how the new legislation will impact the audit profession and to share their experiences with compliance efforts so far.

PROACTIVE MEASURES

"Companies must make sure that the internal audit function is an active and proactive participant in the process of setting up corporate governance safeguards outlined in Sarbanes-Oxley," said Basil Woller, a senior vice president and general auditor at Texas-based energy firm El Paso Corp. He explained that his audit group is helping the organization develop a due diligence process to ensure compliance with the act and to provide support for its certification requirements.

The company's internal auditors worked on the due diligence process with El Paso's legal group. But officials found they needed not only to have such safeguards on the books, but also to ensure that the controls were practical, as well as testable, rather than just serving as a set of high-minded legalistic suggestions. "Basically we did it from the perspective of making sure that the due diligence process that was put into place was not only complete, but that it was auditable," Woller said.

"We found that there was a lot of legalese built into the initial drafts of the due diligence process that really was not auditable," he continued. "There was no way we would be able to ascertain whether or not a particular step was complete. So one thing that internal auditors might consider is going back to the organization's due diligence checklist and making sure that they can audit it."

El Paso also took proactive steps by asking internal auditors, including Woller, to serve in an ex officio capacity on the company's disclosure committees, as suggested in the Sarbanes-Oxley Act. "I am present at all discussions that relate to disclosures for our different registrants," Woller said. "I'm not a voting member, but I'm able to be a part of that process, a part of that discussion. I think that is very healthy and a meaningful way that internal auditors can interact with senior financial management and business unit heads."

The general auditor explained that he personally will provide certification to the CEO and CFO that the due diligence process was completed and that all supporting documentation is in order. "I will be the last person to sign the supporting certification in the presence of the CEO and CFO," Woller said. "They, in turn, will sign in my presence so that I can witness."

In addition, El Paso's audit group uses a self-assessment tool, which is patterned after all of the components embedded in The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) internal control framework, to facilitate evaluations of the company's internal controls. After a company official fills out the assessment survey, he or she is asked whether the three objectives of internal controls defined within COSO -- effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations -- have been met.

"We think that by going through a process that requires the individuals to at least review the language, we will have had an opportunity to drive an awareness of what internal control means and what the components of internal controls are across the organization," Woller said. "We think that's a very healthy thing."


 

BNET TalkbackShare your ideas and expertise on this topic

Please add your comment:
  1. You are currently: a Guest |
  4.  

Basic HTML tags that work in comments are: bold (<b></b>), italic (<i></i>), underline (<u></u>), and hyperlink (<a href></a)

advertisement
advertisement
  • Click Here
  • Click Here
  • Click Here
advertisement
Click Here

Content provided in partnership with Thompson Gale