Congress had to enact the Sarbanes-Oxley Act of 2002 as a way of responding to a high rise of many business failing and allegations of improprieties in the co-operations and restatements of financial statements. Section of this Act entails that the management acknowledge the responsibility given in establishing as well as maintaining enough internal controls, as they include the declaration in their effectiveness of writing. The auditor of the financial statements must in turn make a report on the assertion of the management about its internal control effectiveness as the year of the company ends. The provision applied to entities that had a market capitalization of 75 dollars as at 15th June, 2004 (BANKS).
Following this provisions, most businesses will be time-consuming and also costly. And, for CPAs who carry out auditing in public companies, will be greatly affected as to how they implement their job. As guidance, the Auditing Standards Board (AICPA) issued two drafts of exposure namely: “Auditing and Entity’s Internal Control over Financial Reporting in Conjunction with the Financial Statement Audit and Reporting on an Entity’s Internal Control over Financial Reporting (SSAE ED).” Therefore, the aim is to elaborate the impact the internal control certification had on the process of audit, in addition to the management responsibilities as well as external auditors had in meeting the requirements of the Act (BANKS).
The change of auditing will depend on the two drafts which described audit as an activity consisting of financial statements and internal controls audit. Thus the auditor has to perform procedures in order to obtain enough evidence which can express opinion on both. In internal controls auditing, the auditor has to offer an opinion whether the maintained entity in effectual internal control is of point based on “control criteria.” Control Criteria definition as outlined in “Integrated Control Framework” which was issued by the “Committee of Sponsoring Organizations of the Treadway Commission (COSO)” consisted of five related components which have to be present so as an entity can acquire internal control that are effective. The components are: environmental control, control activities, risk assessment, monitoring, communication and information. The frame work also put into consideration the three categories of control that is, financial reporting reliability, compliance with regulations and laws and efficiency and effectiveness of operations (BANKS).