Page 162 - Accounting Information Systems
P. 162
CHAPTE R 3 Ethics, Fraud, and Internal Control 133
confidentiality of company and customer data, honesty in dealing with internal and external audi-
tors, and membership on external boards of directors.
Establish an independent audit committee. The audit committee is responsible for selecting and
engaging an independent auditor, for ensuring that an annual audit is conducted, for reviewing
the audit report, and for ensuring that deficiencies are addressed. Large organizations with
complex accounting practices may need to create audit subcommittees that specialize in specific
activities.
Compensation committees. The compensation committee should not be a rubber stamp for man-
agement. Excessive use of short-term stock options to compensate directors and executives may
result in decisions that influence stock prices at the expense of the firm’s long-term health. Com-
pensation schemes should be carefully evaluated to ensure that they create the desired incentives.
Nominating committees. The board nominations committee should have a plan to maintain a fully
staffed board of directors with capable people as it moves forward for the next several years. The
committee must recognize the need for independent directors and have criteria for determining in-
dependence. For example, under its newly implemented governance standards, General Electric
(GE) considers directors independent if the sales to, and purchases from, GE total less than 1 per-
cent of the revenue of the companies for which they serve as executives. Similar standards apply
to charitable contributions from GE to any organization on which a GE director serves as officer or
director. In addition, the company has set a goal that two-thirds of the board will be independent
nonemployees. 21
Access to outside professionals. All committees of the board should have access to attorneys and con-
sultants other than the corporation’s normal counsel and consultants. Under the provisions of SOX,
the audit committee of an SEC reporting company is entitled to such representation independently.
Risk Assessment
Organizations must perform a risk assessment to identify, analyze, and manage risks relevant to financial
reporting. Risks can arise or change from circumstances such as:
Changes in the operating environment that impose new or changed competitive pressures on the firm.
New personnel who have a different or inadequate understanding of internal control.
New or reengineered information systems that affect transaction processing.
Significant and rapid growth that strains existing internal controls.
The implementation of new technology into the production process or information system that impacts
transaction processing.
The introduction of new product lines or activities with which the organization has little experience.
Organizational restructuring resulting in the reduction and/or reallocation of personnel such that
business operations and transaction processing are affected.
Entering into foreign markets that may impact operations (that is, the risks associated with foreign cur-
rency transactions).
Adoption of a new accounting principle that impacts the preparation of financial statements.
SAS 78/COSO requires that auditors obtain sufficient knowledge of the organization’s risk assessment
procedures to understand how management identifies, prioritizes, and manages the risks related to financial
reporting.
Information and Communication
The accounting information system consists of the records and methods used to initiate, identify, analyze,
classify, and record the organization’s transactions and to account for the related assets and liabilities.
21 Rachel E. Silverman, ‘‘GE Makes Changes in Board Policy,’’ The Wall Street Journal (November 8, 2002).
