May 25, 2005
The PCAOB and the SEC need to encourage external auditors to heavily scrutinize the systems access and manipulative powers held by the corporate top brass within their clients and also demand client internal controls are put in place to mitigate the risk of such manipulation before signing off on 404.
As a recent college graduate and new Internal Audit Associate in a Big 4 Accounting Firm, I have spent over 1,900 hours working on Sarbanes-Oxley 404 client projects this year.
When considering the tone at the top within various client organizations, I have witnessed a wide array of attitudes ranging from a true desire to enforce internal controls on one end of the spectrum, to the extreme attitude of I dont care what it takes - just get this 404 thing over with
In public accounting, there are many things witnessed in the trenches and on the front lines which are not seen in the command center. As an Internal Audit Associate I have worked on client engagements during which I have seen and heard things that teeter on the edge of the fence, and on occasion, fall to the wrong side. Although this is concerning, even more concerning is the attitude of the corporate top brass to invent a control environment which appears strong enough to be signed off on by their external auditors, but, still allows them the flexibility to manipulate their system if they feel the need arises.
Very little, in fact I would venture to say nothing, with in the Sarbanes-Oxley 404 compliance work being done this year will prevent fraud initiated by top corporate management. This is because the overwhelming majority of internal controls focus on processes conducted by mid-to-lower level employees. While these controls may identify skimming and other types of fraud perpetrated at these levels it has been my experience that they are not designed to prevent system manipulation initiated at the highest corporate levels. If there is one thing we have learned from all of the corporate scandals, bankruptcies and restatements it is that the vast majority of corporate frauds are carried out at the highest levels not the mid to lower ones. Enron and WorldCom are prime examples.
The PCAOB and the SEC need to encourage external auditors to heavily scrutinize the systems access and manipulative powers held by the corporate top brass within their clients and also demand client internal controls are put in place to mitigate the risk of such manipulation before signing off on 404.