Today’s business environment has been evolving quickly due to rapid technological innovation, presenting companies with problems they haven’t encountered before.
In this increasingly connected world, internal controls have become critical—not only to ensure operational effectiveness and efficiency, but also to fortify the reliability of financial reporting, compliance with laws and regulations, and the preservation of data integrity.
SOX Section 404 requires that management of large, publicly traded companies, such as accelerated filers, must take responsibility for establishing and maintaining adequate internal controls.
Also, external auditors must evaluate and report on the effectiveness of internal controls over financial reporting.
So we asked: Could automated internal control testing strategies help external auditors rely more on internal auditors?
For example, let’s say internal auditors had failed to detect significant problems.
Although SOX requires that external auditors only identify material weaknesses in internal controls over financial reporting, the Public Company Accounting Oversight Board (PCAOB) requires an external auditor to notify, in writing, both the board and management of any material weaknesses or significant deficiencies. 2201, “An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements,” defines a significant deficiency as less severe than a material weakness but important enough to merit attention by those in charge of corporate governance.
When SOX was first being proposed and then implemented, one objection was the increased costs that these kinds of changes would add to audits.
But today, the fast pace of technological innovation gives companies new problems to handle.
With the advent of Big Data and the ability to collect massive quantities of data, companies have turned to computerized internal control testing options that don’t limit testing to particular samples.