Internal controls are in place to protect entities against theft from dishonest workers and outside predators. They are also an accurate series of checks and balances and are in place to find discrepancies.
The Sarbanes-Oxley Act of 2002 (SOX) was named after Senator Paul Sarbanes and Michael Oxley. The Act has 11 titles and there are about six areas that are considered very important. (Sox, 2006) The Sarbanes-Oxley Act of 2002 made publicly traded United States companies create internal controls. The SOX act is mandatory, all companies must comply. These controls maybe costly, but they have indentified areas within companies that need to be protected. It also showed some companies areas that had unnecessary repeated practices. It has given investors a sense of confidence in companies that have complied with the SOX act.
The SOX act section 404 requires that the auditor assess the company’s management of internal controls and report on it. The act requires that a company include a copy of the internal controls in the year end annual report. All financial statements must be certified by a company’s management. (Coustan, 2004)
A company that announces deficiencies in its internal control will more than likely have a fall in their stock prices. Investors will not trust that company’s financial information. The investors know that the company will be hit with fines for not complying with the regulations. No honest investor wants to be involved with a company that defies the government.
There are some limitations of internal controls. One is a person knowing the system. This person knows when everything is done and how it is done he or she can find a loophole and use it to his or her advantage. Another limitation is employees working together to defraud a company. An example is, an employee in the receiving department can purposely not accurately count goods and the next employee pays the invoice short, the last employee takes the goods off the premises and all of them split the merchandise later on.
With technology today hackers can gain access into a company’s system and retrieve information. Theft of company hardware is a limitation. A person can steal a company’s computer hard drives that have valuable information stored on them and retrieve the information off them.
There are four different ways to establish internal control. They are all effective methods. One is establishing responsibility. Establishing...