Master of Business Administration – MBA

Semester 3

Name: Rahul Sharma

Roll No.: 520961340

Subject: Internal Audit & Control

Subject code: MF0004

Learning Centre: 01822

Assignment No: Set 1 and 2

Sign :

Submitted by: Rahul Sharma

Dated : 4th Dec, 2010
 Assignment Set- 1
Q.1
Discuss Is Auditing is a luxury
Ans:
The general definition of an audit is an evaluation of a person, organization, system, process,
enterprise, project or product. The term most commonly refers to audits in accounting, but
similar concepts also exist in project management, quality management, and energy
conservation.
Auditing is actually a part of Accounting. It is a specialized area that deals with the
examination and review of the accounting records mainly, to find out the effectiveness of
the accounting internal control systems and procedures and also, management policies and
practices. In short not only finding errors and fraud, but to effectively assist management to
avoid or reduce such occurrences. We have internal auditors (co. employees ) and external
auditors ( generally CPA's ) with the objective of forming an independent opinion as to the
fairness, and consistency of the Statements of operation and condition of the company.
Based on above informations, we can therefore conclude that Accounting, with Auditing
systems is necessary in business and guides management in the effective implementation of
its policies and procedures for the success of the company.
Accounting is the language of business used to display an entity's (person or company)
financial status through various financial statements and analysis reports.
Auditing is the evaluation of the above mentioned statements and reports within order to
ensure that they are fair and no overstatements hold been made.
Auditing is a "luxury" because it is with the sole purpose a "double-check" of sorts, making
sure that the accounting has been done correctly and honestly. That's why only a few select
people/companies will be audited each year... it is not needed and would consume way too
much time and money if EVERYONE were to be audited.
Ex. Fred owns a trunk company. An accountant goes through his records and creates
different financial statements and reports exhibiting his worth, his assets, his profitability,
etc. (this is the process of accounting) Then, these statements and reports are submitted to
banks, referred to in import tax reports, handed out to shareholders, etc. SOMETIMES, after
these decisions enjoy been made, an audit may be issued. If so, an auditor would contact
Fred and ask for the records that his accountant used and ensure that his chronicles do not
contradict what he reported on his statements and reports.

Audits are performed to ascertain the validity and reliability of information; also to provide
an assessment of a system's internal control. The goal of an audit is to express an opinion on
the person / organization / system (etc) in question, under evaluation based on work done
on a test basis.
Due to practical constraints, an audit seeks to provide only reasonable assurance that the
statements are free from material error. Hence, statistical sampling is often adopted in
audits. In the case of financial audits, a set of financial statements are said to be true and fair
when they are free of material misstatements - a concept influenced by both quantitative
(numerical) and qualitative factors.
Auditing is a vital part of accounting. Traditionally, audits were mainly associated with
gaining information about financial systems and the financial records of a company or a
business (see financial audit). However, recent auditing has begun to include non-financial
subject areas, such as safety, security, information systems performance, and environmental
concerns. With nonprofit organizations and government agencies, there has been an
increasing need for performance audits, examining their success in satisfying mission
objectives. As a result, there are now audit professionals who specialize in security audits,
information systems audits, and environmental audits.
In financial accounting, an audit is an independent assessment of the fairness by which a
company's financial statements are presented by its management. It is performed by
competent, independent and objective person(s) known as auditors or accountants, who
then issue an auditor's report based on the results of the audit.
In cost accounting, it is a process for verifying the cost of manufacturing or producing of any
article, on the basis of accounts measuring the use of material, labour or other items of cost.
In simple words the term, cost audit, means a systematic and accurate verification of the
cost accounts and records, and checking for adherence to the cost accounting objectives.
According to the Institute of Cost and Management Accountants of Pakistan, a cost audit is
"an examination of cost accounting records and verification of facts to ascertain that the
cost of the product has been arrived at, in accordance with principles of cost accounting."[1]
An audit must adhere to generally accepted standards established by governing bodies.
These standards assure third parties or external users that they can rely upon the auditor's
opinion on the fairness of financial statements, or other subjects on which the auditor
expresses an opinion.
The Definition for Auditing and Assurance Standard (AAS) 1 by ICAI - "Auditing is the
independent examination of financial information of any entity, whether profit oriented or
not, and irrespective of its size or legal form, when such an examination is conducted with a
view to expressing an opinion thereon."

Integrated audits
In the US, audits of publicly traded companies are governed by rules laid down by the Public
Company Accounting Oversight Board (PCAOB), which was established by Section 404 of the
Sarbanes-Oxley Act of 2002. Such an audit is called an integrated audit, where auditors, in
addition to an opinion on the financial statements, must also express an opinion on the
effectiveness of a company's internal control over financial reporting, in accordance with
PCAOB Auditing Standard No. 5.
There are also new types of integrated auditing becoming available that use unified
compliance material (see the unified compliance section in Regulatory compliance). Due to
the increasing number of regulations and need for operational transparency, organizations
are adopting risk-based audits that can cover multiple regulations and standards from a
single audit event. This is a very new but necessary approach in some sectors to ensure that
all the necessary governance requirements can be met without duplicating effort from both
audit and audit hosting resources
Assessments
The purpose of an assessment is to measure something or calculate a value for it. Although
the process producing an assessment may involve an audit by an independent professional,
its purpose is to provide a measurement rather than to express an opinion about the
fairness of statements or quality of performance.

As a general rule, audits should always be an independent evaluation that will include some
degree of quantitative and qualitative analysis whereas an assessment infers a less
independent and more consultative approach.
Types of auditors
Auditors of financial statements can be classified into two categories:
 External auditor / Statutory auditor is an independent Public accounting firm
engaged by the client subject to the audit, to express an opinion on whether the
company's financial statements are free of material misstatements, whether due to
fraud or error. For publicly-traded companies, external auditors may also be
required to express an opinion over the effectiveness of internal controls over
financial reporting. External auditors may also be engaged to perform other agreed-
upon procedures, related or unrelated to financial statements. Most importantly,
external auditors, though engaged and paid by the company being audited, are
regarded as independent auditors.
The most used external audit standards are the US GAAS of the American Institute of
Certified Public Accountants; and the ISA International Standards on Auditing developed by
the International Auditing and Assurance Standards Board of the International Federation of
Accountants
 Internal auditors are employed by the organization they audit. They perform various
audit procedures, primarily related to procedures over the effectiveness of the
company's internal controls over financial reporting. Due to the requirement of
Section 404 of the Sarbanes Oxley Act of 2002 for management to also assess the
effectiveness of their internal controls over financial reporting (as also required of
the external auditor), internal auditors are utilized to make this assessment. Though
internal auditors are not considered independent of the company they perform
audit procedures for, internal auditors of publicly-traded companies are required to
report directly to the board of directors, or a sub-committee of the board of
directors, and not to management, so to reduce the risk that internal auditors will
be pressured to produce favorable assessments.
The most used Internal Audit standards are those of the Institute of Internal Auditors.
 Consultant auditors are external personnel contracted by the firm to perform an
audit following the firm's auditing standards. This differs from the external auditor,
who follows their own auditing standards. The level of independence is therefore
somewhere between the internal auditor and the external auditor. The consultant
auditor may work independently, or as part of the audit team that includes internal
auditors. Consultant auditors are used when the firm lacks sufficient expertise to
audit certain areas, or simply for staff augmentation when staff are not available.
 Quality auditors may be consultants or employed by the organization.
Q.2
What is the position of the Auditor in relation with Internal Control?
Ans:
In accounting and auditing, internal control is defined as a process effected by an
organization's structure, work and authority flows, people and management information
systems, designed to help the organization accomplish specific goals or objectives.[1] It is a
means by which an organization's resources are directed, monitored, and measured. It plays
an important role in preventing and detecting fraud and protecting the organization's
resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or
intellectual property such as trademarks). At the organizational level, internal control
objectives relate to the reliability of financial reporting, timely feedback on the achievement
of operational or strategic goals, and compliance with laws and regulations. At the specific
transaction level, internal control refers to the actions taken to achieve a specific objective
(e.g., how to ensure the organization's payments to third parties are for valid services
rendered.) Internal control procedures reduce process variation, leading to more predictable
outcomes. Internal control is a key element of the Foreign Corrupt Practices Act (FCPA) of
1977 and the Sarbanes–Oxley Act of 2002, which required improvements in internal control
in United States public corporations. Internal controls within business entities are also
referred to as operational controls.

Role of auditor in internal control

The internal auditors and external auditors of the organization also measure the
effectiveness of internal control through their efforts. They assess whether the controls are
properly designed, implemented and working effectively, and make recommendations on
how to improve internal control. They may also review Information technology controls,
which relate to the IT systems of the organization. There are laws and regulations on internal
control related to financial reporting in a number of jurisdictions. In the U.S. these
regulations are specifically established by Sections 404 and 302 of the Sarbanes-Oxley Act.
Guidance on auditing these controls is specified in PCAOB Auditing Standard No. 5 and SEC
guidance, further discussed in SOX 404 top-down risk assessment. To provide reasonable
assurance that internal controls involved in the financial reporting process are effective, they
are tested by the external auditor (the organization's public accountants), who are required
to opine on the internal controls of the company and the reliability of its financial reporting.

Internal auditing activity is primarily directed at improving internal control. Under the COSO
Framework, internal control is broadly defined as a process, effected by an entity's board of
directors, management, and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives in the following internal control categories:
 Effectiveness and efficiency of operations.
 Reliability of financial reporting.
 Compliance with laws and regulations.
Management is responsible for internal control. Managers establish policies and processes
to help the organization achieve specific objectives in each of these categories. Internal
auditors perform audits to evaluate whether the policies and processes are designed and
operating effectively and provide recommendations for improvement.
In the United States, internal auditors may assist management with compliance with the
Sarbanes-Oxley Act (SOX).

Relationship between Statutory Auditor and internal Auditor:

The function of an internal auditor being an integral part of the system of internal control, it
is obligatory for a statutory auditor to examine the scope, independence and effectiveness
of the work carried out by the internal auditor. CARO, 2004 also requires the statutory
auditor to comment on the internal audit system.
Though the roles and primary objectives of internal and statutory audit differs, some of their
means of achieving their respective objectives are similar. Thus, much of the work of the
internal auditor may be useful to the statutory auditor in determining the nature, timing and
extent of his audit procedures. Depending upon such evaluation, the statutory auditor may
be able to adopt less extensive procedures.
If the statutory auditor is satisfied on an examination of the work of the internal auditor,
that the internal audit has been efficient and effective, he may accept the
checking/evaluation carried out by the internal auditor in the area of internal control,
verification of assets and liabilities etc.
It must however be mentioned that the area of co-operation between the statutory and
internal auditor is limited by the fact that both owe their allegiance to separate authorities,
the shareholders in the case of statutory auditor and the management in the case of internal
auditor.
Internal auditor should check if there are any proper internal control is in place within the
organization. This is a continous activity since the business environment changes. The
internal controls varies for each department e.g. Procurement, sales, collections, payables,
accounting, financial, recruitment etc.
The auditor should review there are sufficient control in all the areas of the organization and
if there are insufficient controls, the same needs to reported in the audit report. If the
internal control is weak and affects the financial position of the organization then the
auditor can qualify the report also.

Q.3
Write the Guidelines for internal check for Sales Counter?
Ans:
Internal Check is an arrangement of staff duties whereby no one person is allowed to carry
through and record every aspect of transactions so that without collusion between two or
more persons, fraud is prevented and at the same time the possibilities of errors is reduced
to a minimum.
Internal Check is a system or method introduced with defined instructions given to staff as
to their sphere of work with a view to control and verification of their work and also
maintenance of accurate records as the ultimate aim.
 To allocate duties and responsibilities to every clerk in such a way that he may be
held responsible for a particular error or fraud.
 To minimise the possibilities of errors, frauds or irregularities.
  To detect errors or frauds if they are already committed by the clerks.
 To enhance the efficiency of clerks in a business.
 To distribute work in such a way that no business transaction is left unrecorded.
 To ensure that the accounts produce reliable and adequate information.
 To exercise moral pressure over staff
Accounting procedure or physical control to safeguard assets against loss due to fraud or
other irregularities. Internal check is an element of Internal Control. Weak internal check
mechanisms mandate a greater degree of auditing procedures. An example of internal
control is segregating the record keeping for an asset and its physical custody, such as in the
case with inventory and cash. No one individual should have complete control over a
transaction from beginning to end. Internal checks make it difficult for an employee to steal
cash or other assets and concurrently cover up by entering corresponding amounts in the
accounts. An example of internal check is the establishment of input and output controls
within a data processing department. A group or person has the responsibility of checking
control totals provided by the user department with those generated during the processing
of the data. Examples of physical controls are guards and gates to restrict access.
The internal audit committee is required to maintain a file which will include the following as
evidence of the work: -
 Copy of financial statements – including the breakopen schedule, canteen gross
schedule, and notes to the financial statements.
 Copy of the budget
 Copy of trial balance
 Copies of the December bank reconciliation for every bank account
 Accounts receivable listing that agrees to the financial statements
 Copy of inventory working paper that agrees to the financial statements
 Copy of working papers that shows prepaid expenses (including early bird per
capita) that agrees to the financial statements
 Copy of accounts payable listing that agrees to the general ledger
 Copy of working paper that shows the deferred per capita that agrees to the general
ledger
 Copy of PST reconciliation and GST reconciliation – verification that the formulas
were reviewed. This is key as GST changed this year to 6%
 Copy of wage reconciliation agreement to T4 Summary
 A copy of invoices of capital asset purchases with a copy of the general meeting
minutes approving the purchase
 A copy of any renovation expenditures that totalled over $5,000 with a copy of the
Branch Advisory approval.

Guidelines for Internal Check

1. Sufficient Staff
The principle of internal check is sufficient staff. The employees can be appointed according
to the workload. The management can determine the amount of work, which is distributes
among the departments. The persons are hired to perform their duties. The overloading can
creates trouble for management.
2. Division of Work
Division of work is a principle of internal check. The management can determine the total
amount of work. The whole work is divided among departments. The heads of such
department are responsible for completion of work according to timetable.

3. Co-Ordination
Coordination is a principle of internal check. All departmental managers are bound to
coordinates with other in order to achieve organization objectives. When there is fault in
one department, the work of other department suffers. The objectives cannot be achieved.
Internal check determines the degree of coordination among the managers.
4. Rotation of Duties
Rotation of duties is a principle of internal check. The workers feel bore by doing the same
work from year to year. There is a need of rotation of duties. It is in the interest of concern
as well as employees. The efficiency is improved due to changes is duties.
5. Recreation Leave
The recreation leave is a principle of internal check. The employee can check recreation
leave. It is necessary for mental health. He can commit fraud as the new employee in his
place can disclosed teh matter. The internal check system can work in the interest of
business. The weakness is of one person is disclosed due to leave.
6. Responsibility
The responsibility is a principle of internal check. The employee can enjoy recreation leave. It
is necessary for mental health. He can enjoy recreation leave. It is necessary for mental
health. He cannot commit fraud as the new employee in his place can disclose the matter.
There internal check system can work in the interest of business. The weakness in of one
person is disclosed due to leave.
7. Automatic Machines
The principles of internal check is that machines must be used to do accounting work if
permissible. The machines can do a lot work without delay. The changes of fraud and error
are reduced to a minimum. The working of machines improves efficiency of accounting staff.
8. Checking
The principle of internal check is to check the work of other employees. Many persons
perform the work. The officers can put his signatures to verify the work done by his
subordinate. In this way one work passes many hands. The changes of error and fraud are
minimized due to checking and counter checking.
9. Simple
The principle of internal check is simples in working the employees can understand the
working of internal check system. A person can work under the supervision of other
employees. The line of authority moves from top to bottom level. All workers can
understand their duties in the organization.
10. Documents Classification
The classification of documents is the principles of internal check. The business documents
are prepared, collected, recorded and placed in proper files. The index is prepared to
compile the data. The filing system is useful to place the latter. In case of need the
documents are traced at once.
11. Dependent Work
Dependent work is a principle of internal check. The work of one employee is dependent
upon others. One work passes in the hand of two or three persons till it is complete. Another
person checks the passes done by one person. No person is all in all to start and complete
the transactions.
12. Harmony
The principles of internal check are harmony among the employees and departments. The
understanding is essential for business goals. The management is to achieve other social and
national objectives. The harmony is basis for successful internal check.
 Assignment Set- 2
Q1.
Explain the meaning of flow chart. Explain different types of flow chart
Ans:
A flowchart is a type of diagram, that represents an algorithm or process, showing the steps
as boxes of various kinds, and their order by connecting these with arrows. This
diagrammatic representation can give a step-by-step solution to a given problem. Data is
represented in these boxes, and arrows connecting them represent flow / direction of flow
of data. Flowcharts are used in analyzing, designing, documenting or managing a process or
program in various fields.
A flow chart is a graphical or symbolic representation of a process. Each step in the process
is represented by a different symbol and contains a short description of the process step.
The flow chart symbols are linked together with arrows showing the process flow direction.
Examples

A simple flowchart for computing factorial N (10!)

A flowchart for computing factorial N (10!) where N! = (1*2*3*4*5*6*7*8*9*10), see image.
This flowchart represents a "loop and a half" — a situation discussed in introductory
programming textbooks that requires either a duplication of a component (to be both inside
and outside the loop) or the component to be put inside a branch in the loop. (Note: Some
textbooks recommend against this "loop and a half" since it is considered bad structure,
instead a 'priming read' should be used and the loop should return back to the original
question and not above it

Uses
Flowcharts are used in mapping computer algorithms. However, with computer
advancement in the 1970s, physical flowcharts lost some significance because programming
languages made the process easier. It is common for a business to use a flowchart in the
development of new systems or software, but most often it’s via flowchart software. A good
example is Draw Anywhere that can be used online without downloading software. You can
also buy software such as Visio or Smart Draw, which offer more options.

Types of Flow Chart

Stern Eckert (2003) suggested that flowcharts can be modelled from the perspective of
different user groups (such as managers, system analysts and clerks) and that there are four
general types:

 Document flowcharts, showing controls over a document-flow through a system

A document flowchart traces the movement of a document, such as internal memos,
payroll information and interoffice mail, through a system. The chart is columns that
are divided by vertical lines. Each column represents a section, employee,
department or unit in a company. The flowchart shows how a document passes
from one part of the company to another. Usually, document flowcharts contain
minimal detail, just the route the document takes from one place to another.
 Data flowcharts, showing controls over a data flows in a system
A data flowchart illustrates how data pass through a system. Symbols connote
operations involved in the flow of data and the storage, input and output materials
needed to keep the flow going. This is a good way to track where data originates and
where it ends up. Data flowcharts are more concerned with the movement of the
data than how the data is processed.
 System flowcharts showing controls at a physical or resource level
A system flowchart shows how an entire system works by demonstrating how data
flows and what decisions are made to control this event. Symbols that connote
decisions, processes, inputs and outputs and data flow are the most important
elements of a system flowchart. These differ from data flowcharts because they
show decisions, which are more detailed. System flowcharts are used in fields such
instances as aircraft control, central heating and automatic washing machines.
 Program flowchart, showing the controls in a program within a system
A program flowchart demonstrates how a program works within a system. These
flowcharts show any and all user-interaction pathways by using boxes and arrows.
These arrows and boxes form hierarchical menus. Program charts can be large and
complex. However, they are useful for mapping an entire program. One example of
program flowchart is storyboarding for a film. With all intentions mapped, people
can see exactly how a program functions.
Notice that every type of flowchart focuses on some kind of control, rather than on the
particular flow itself.
However there are several of these classifications. For example Andrew Veronis (1978)
named three basic types of flowcharts:
 the system flowchart,
 the general flowchart, and
  the detailed flowchart.
That same year Marilyn Bohl (1978) stated "in practice, two kinds of flowcharts are used in
solution planning:
 system flowcharts and
 Program flowcharts...".
More recently Mark A. Fryman (2001) stated that there are more differences:
 "Decision flowcharts,
 logic flowcharts,
 systems flowcharts,
 product flowcharts, and
 Process flowcharts are just a few of the different types of flowcharts that are used in
business and government".
High-Level Flowchart
A high-level (also called first-level or top-down) flowchart shows the major steps in a
process. It illustrates a "birds-eye view" of a process, such as the example in the figure
entitled High-Level Flowchart of Prenatal Care. It can also include the intermediate outputs
of each step (the product or service produced), and the sub-steps involved. Such a flowchart
offers a basic picture of the process and identifies the changes taking place within the
process. It is significantly useful for identifying appropriate team members (those who are
involved in the process) and for developing indicators for monitoring the process because of
its focus on intermediate outputs.
Most processes can be adequately portrayed in four or five boxes that represent the major
steps or activities of the process. In fact, it is a good idea to use only a few boxes, because
doing so forces one to consider the most important steps. Other steps are usually sub-steps
of the more important ones.
Detailed Flowchart
The detailed flowchart provides a detailed picture of a process by mapping all of the steps
and activities that occur in the process. This type of flowchart indicates the steps or activities
of a process and includes such things as decision points, waiting periods, tasks that
frequently must be redone (rework), and feedback loops. This type of flowchart is useful for
examining areas of the process in detail and for looking for problems or areas of inefficiency.
For example, the Detailed Flowchart of Patient Registration reveals the delays that result
when the record clerk and clinical officer are not available to assist clients.
Deployment or Matrix Flowchart
A deployment flowchart maps out the process in terms of who is doing the steps. It is in the
form of a matrix, showing the various participants and the flow of steps among these
participants. It is chiefly useful in identifying who is providing inputs or services to whom, as
well as areas where different people may be needlessly doing the same task. See the
Deployment of Matrix Flowchart.

Q.2
What are the mandatory standards of ICAI?
Ans:
Types of Standards issued by ICAI Auditing and Assurance Standards issued by the ICAI
include the following Standards:
 Auditing and Assurance Standards(AAS)
 Statements on Auditing
 General Clarifications on AAS
 Guidance Notes
 Technical Guides
Each of them has different scope and authority attached to them.

Authority Attached to Standards Authority attached to AAS, Statements on Auditing and

General Clarifications on AAS Auditing and Assurance Standards, Statements on Auditing and
General Clarifications on AAS are mandatory in nature. AAS codify the existing best practices
in the area of auditing. AASs are critical for the proper discharge of functions as auditor.
Statements on Audit are issued for compliance by Members. General Clarifications to AAS
are also issued in matters where doubts exist. Accordingly, while discharging their attest
function, it will be the duty of the members of the ICAI to ensure that these are followed in
the audit of financial information covered by their audit reports.
The nature of these Standards requires members to exercise professional judgment in
applying them, for example, a member may judge it necessary to depart from an essential
procedure laid down in these Standards to achieve more effectively the objective of the
engagement.
If, for any reason, a member has not been able to perform an audit in accordance with such
Standards, his report should draw attention to the material departures there from.
Authority Attached to Guidance Notes
Guidance Notes are designed primarily to provide guidance to members on matters which
may arise in the course of their professional work and on which they may desire assistance
in resolving issues which may pose difficulty.

Guidance Notes are recommendatory in nature. A member should ordinarily follow

recommendations in a Guidance Note except where he is satisfied that in the circumstances
of the case, it may not be necessary to do so.
If the recommendations in a Guidance Note have not been followed, the member should
consider whether keeping in view the circumstances of the case, a disclosure in his report is
necessary. Technical Guides, Studies and Other Papers Published by ASB AASB may also
publish Technical Guides, Studies and Other papers. Technical Guides are ordinarily aimed at
imparting broad knowledge about a particular aspect or an industry to the members. Studies
and other papers are aimed at promoting discussion or debate or creating awareness on
issues relating to quality control, auditing, assurance and related service, affecting the
profession.
They do not establish any basic principles or essential procedures to be followed in audit,
assurance or related services engagements.
CAS 1: Classifications of Costs
CAS 2: Capacity Determination
CAS 3: Overheads
CAS 4: Cost of Production for Captive Consumption
 CAS 5: Determination of Average (Equalized) Cost of Transportation
CAS 6: Material Cost

shall be mandatory with effect from period commencing on or after 1st April 2010 for
being applied for the preparation and certification of General Purpose Cost Accounting
Statements. Since there is no statutory requirement for the application of such Cost
Accounting Standards for the preparation and certification of Cost Accounting Statements,
in case the cost accountant is of the opinion that the aforesaid standards have not been
complied with for the preparation of the Cost Statements, it shall be his duty to make a
suitable disclosure/qualification in his audit report/certificate”

Q.3
What is SOX? Explain the main features of SOX.
Ans:

The Sarbanes–Oxley Act of 2002, also known as the 'Public Company Accounting Reform and
Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and
Responsibility Act' (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX, is a
United States federal law enacted on July 30, 2002, which set new or enhanced standards
for all U.S. public company boards, management and public accounting firms. It is named
after sponsors U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley
(R-OH).
The bill was enacted as a reaction to a number of major corporate and accounting scandals
including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and
WorldCom. These scandals, which cost investors billions of dollars when the share prices of
affected companies collapsed, shook public confidence in the nation's securities markets.
It does not apply to privately held companies. The act contains 11 titles, or sections, ranging
from additional corporate board responsibilities to criminal penalties, and requires the
Securities and Exchange Commission (SEC) to implement rulings on requirements to comply
with the new law. Harvey Pitt, the 26th chairman of the Securities and Exchange Commission
(SEC), led the SEC in the adoption of dozens of rules to implement the Sarbanes–Oxley Act. It
created a new, quasi-public agency, the Public Company Accounting Oversight Board, or
PCAOB, charged with overseeing, regulating, inspecting and disciplining accounting firms in
their roles as auditors of public companies. The act also covers issues such as auditor
independence, corporate governance, internal control assessment, and enhanced financial
disclosure.
The act was approved by the House by a vote of 421 in favor, 3 opposed, and 8 abstaining
and by the Senate with a vote of 99 in favor, 1 abstaining. President George W. Bush signed
it into law, stating it included "the most far-reaching reforms of American business practices
since the time of Franklin D. Roosevelt."
Debate continues over the perceived benefits and costs of SOX. Supporters contend the
legislation was necessary and has played a useful role in restoring public confidence in the
nation's capital markets by, among other things, strengthening corporate accounting
controls. Opponents of the bill claim it has reduced America's international competitive edge
against foreign financial service providers, saying SOX has introduced an overly complex
regulatory environment into U.S. financial markets. Proponents of the measure say that SOX
has been a "godsend" for improving the confidence of fund managers and other investors
with regard to the veracity of corporate financial statements.

Overview
Sarbanes-Oxley contains 11 titles that describe specific mandates and requirements for
financial reporting. Each title consists of several sections, summarized below:
• TITLE I – “Public Company Accounting Oversight Board (PCAOB)”
Title I establishes the Public Company Accounting Oversight Board (PCAOB), to provide
independent oversight of public accounting firms providing audit services ("auditors"). It also
creates a central oversight board tasked with registering auditors, defining the specific
processes and procedures for compliance audits, inspecting and policing conduct and quality
control, and enforcing compliance with the specific mandates of SOX. Title I consists of nine
sections.
TITLE II - “Auditors Independence”
Title II, which consists of nine sections, establishes standards for external auditor
independence, to limit conflicts of interest. It also addresses new auditor approval
requirements, audit partner rotation policy, conflict of interest issues and auditor reporting
requirements. Section 201 of this title restricts auditing companies from doing other kinds of
business apart from auditing with the same clients.
TITLE III - “Corporate Responsibility”
Title III mandates that senior executives take individual responsibility for the accuracy and
completeness of corporate financial reports. It defines the interaction of external auditors
and corporate audit committees, and specifies the responsibility of corporate officers for the
accuracy and validity of corporate financial reports. It enumerates specific limits on the
behaviors of corporate officers and describes specific forfeitures of benefits and civil
penalties for non-compliance. For example, Section 302 implies that the company board
(Chief Executive Officer, Chief Financial Officer) should certify and approve the integrity of
their company financial reports quarterly. This helps establish accountability. Title III consists
of eight sections.
TITLE IV - “Enhanced Financial Disclosures”
Title IV consists of nine sections. It describes enhanced reporting requirements for financial
transactions, including off-balance sheet transactions, pro-forma figures and stock
transactions of corporate officers. It requires internal controls for assuring the accuracy of
financial reports and disclosures, and mandates both audits and reports on those controls. It
also requires timely reporting of material changes in financial condition and specific
enhanced reviews by the SEC or its agents of corporate reports.
TITLE V - “Analyst Conflicts of Interest”
Title V consists of only one section, which includes measures designed to help restore
investor confidence in the reporting of securities analysts. It defines the codes of conduct for
securities analysts and requires disclosure of knowable conflicts of interest.
TITLE VI - “Commission Resources and Authority”
Title VI consists of four sections and defines practices to restore investor confidence in
securities analysts. It also defines the SEC’s authority to censure or bar securities
professionals from practice and defines conditions under which a person can be barred from
practicing as a broker, adviser or dealer.
TITLE VII – “Studies and Reports”
Title VII consists of five sections. These sections 701 to 705 are concerned with conducting
research for enforcing actions against violations by the SEC registrants (companies) and
auditors. Studies and reports include the effects of consolidation of public accounting firms,
the role of credit rating agencies in the operation of securities markets, securities violations
and enforcement actions, and whether investment banks assisted Enron, Global Crossing
and others to manipulate earnings and obfuscate true financial conditions.
TITLE VIII – “Corporate and Criminal Fraud Accountability”
Title VIII consists of seven sections and it also referred to as the “Corporate and Criminal
Fraud Act of 2002.” It describes specific criminal penalties for fraud by manipulation,
destruction or alteration of financial records or other interference with investigations, while
providing certain protections for whistle-blowers.
TITLE IX – “White Collar Crime Penalty Enhancement”
Title IX consists of two sections. This section is also called the “White Collar Crime Penalty
Enhancement Act of 2002.” This section increases the criminal penalties associated with
white-collar crimes and conspiracies. It recommends stronger sentencing guidelines and
specifically adds failure to certify corporate financial reports as a criminal offense.
TITLE X – “Corporate Tax Returns”
Title X consists of one section. Section 1001 states that the Chief Executive Officer should
sign the company tax return.
TITLE XI – “Corporate Fraud Accountability”
Title XI consists of seven sections. Section 1101 recommends a name for this title as
“Corporate Fraud Accountability Act of 2002” . It identifies corporate fraud and records
tampering as criminal offenses and joins those offenses to specific penalties. It also revises
sentencing guidelines and strengthens their penalties. This enables the SEC to temporarily
freeze large or unusual payments.