The recent journal article under consideration is titled, “Internal Control and Audit Program Effectiveness: Empirical Evidence from Jordan”, by Fawzi Al Sawalqa and Atala Qtish. The authors investigate the association between some elements such as control environment, risk assessment, and control activities of the modern internal control system used in organizations and the effectiveness and accuracy of audit procedures in Jordan. The authors use 43 usable questionnaires to get responses from professional auditors across Jordan. The study results indicate that the risk determination through internationally acceptable procedures does not necessarily mean an effective audit program (Al Sawalqa & Qtish 128). The authors also find that control activities and the control environment do not necessarily lead to an effective audit program. The results give a pointer that Jordanian corporations do not have the essential experience to apply the current internal control evaluation tools. Some of the recommendations and applications suggested by the authors for both management of external auditors and companies include the adoption of internal control programs that use internationally recognized standards and retraining of practicing auditors to gain the skills required to use modern tools.
The difference between AS 55 and SAS 78 auditing standards
The SAS No. 78 amendments, which replaced the SAS No. 55, changed the definition and explanation of the internal control structure as earlier provided by COSO report. In addition to a change of the meaning of internal control, it currently requires auditors to improve their understanding of five components of internal control as an addition to the previous three elements. Below is an explanation of the substantive changes, including the guidance on how auditors need to develop and document the new understanding of the core aspects of internal control.
The impact of the SarbanesOxley Act on management and auditors’ responsibilities to study and report on internal controls
The enactment of Serbane-Oxley’s Act in 2002 was a culmination of different corporate scandal that threatened to erode the confidence of investors in the markets. The Act intended to close all the possible avenues through which companies can defraud investors. One of the ways of reducing the cases of company fraud was to impose strict rules on the responsibility of management to study and report on the internal control compliance of organizations. Company directors are mandated by the Act to empower audit committees with the necessary tools to perform internal controls, carry out tests for internal controls, and provide a report of internal controls (Sarbanes 112). To test and report internal controls implies that the managements must employ the services of professional auditors and IT personnel from outside the company. The professionals will produce a manual and automated test of the internal control mechanisms of the company in question. The fact that manual tests of internal control are expensive, the Sarbanes-Oxley’s also made it upon the organization to adopt it to enhance their financial reporting through automated, centralized, and efficient systems that are verifiable.
The major provisions in PCAOB Auditing Standard No. 5
The standard No.5 sets the requirements and direction for an auditor whose role is to assess the effectiveness of an organization’s management in their assessment of the internal control mechanism in financial reporting(Krishnan, Krishnan, & Song 12). The major components of standard No.5 include:
Integrating the audits
The role of risk assessment
Scaling the audit
Addressing the risk of fraud
Using the work of others
Identifying entity-level controls
Identifying account controls and corresponding assertions
Understanding the possible sources of misstatement
Selecting components to test
Testing the effectiveness of control designs
Testing operating effectiveness
Special considerations for subsequent years
Indicators of material weaknesses
Forming an opinion
Obtaining written representations
Communicating certain matters to the management
Strengthening internal controls in small business where ideal separation of duties is not possible
It is quite difficult for small business to separate duties among its employees because they do not have enough revenue and working capital to finance it. Thus, they are likely to have inefficient and effective internal controls. Some of the ways to strengthen internal controls for small businesses include:
Having written procedures so that they are frequently communicated to employees responsible for internal controls
Frequently training the company’s accountants about new procedures for internal controls
A periodic review of internal control procedures.
Entrench a controls culture among employees
It was right for the regulators to exempt nonaccelerated companies from the SOX 404 internal control audit. When a company registers its assets or asset equivalent, their valuation in auditing is based on the amount reflected on their balance sheet as prepared on the date of determination. The outcome of an internal audit report should reflect the reliability of financial statements and the process used to prepare them. Thus, exemption of the non-accelerated filers assumes that their small size reduces the possibility of significant errors in preparing financial statements. Nonetheless, they are still mandated to provide the management’s assessment of internal controls.
Al Sawalqa, Fawzi, and Atala Qtish. "Internal control and audit program effectiveness: Empirical evidence from Jordan." International business research 5.9 (2012): p128.
Krishnan, Jagan, Jayanthi Krishnan, and Hakjoon Song. "The effect of Auditing Standard No. 5 on audit fees." Auditing: A Journal of Practice & Theory 30.4 (2011): 1-27.
Sarbanes, Paul. "Sarbanes-oxley act of 2002." The Public Company Accounting Reform and Investor Protection Act. Washington DC: US Congress. 2002.