Describe the internal control principle of “Risk Assessment” as presented in COSO’s 2013 Framework, SOX 2002 Sections 404 & 302, and PCAOB’s AS 5.
Compare the internal control effectiveness of the Internal Control-Integrated Framework issued by COSO, the Sarbanes-Oxley Act of 2002, Section 404 “Internal Control over Financial Reporting Requirements”, and PCAOB’s AS 5 “an Audit of Internal Control over Financial Reporting that is integrating with an Audit of Financial Statements.”
Part 2
Read the article “Sarbanes-Oxley and Public Reporting on Internal Control: Hasty Reaction or Delayed Action?”. Do you agree with the authors that the COSO 1992 Framework and SOX 2002 Section 404 succeeded in changing the ways companies thought of internal controls over risk assessment? Why or why not?
Requirements: 2 Pages
Please separate the two parts.1PAGE EACH
Answer preview
The COSO, SOX Section 404, and PCAOB’s AS 5 have demonstrated equal effectiveness in providing internal control structure and procedures needed for financial reporting. According to Lawson et al. (2017), the SOX law, in general, emphasizes organizations use the COSO framework for conducting internal controls to achieve the required standards for risk assessments and auditing. This also aligns with the PCAOB’s AS 5, whereby the standardized procedure helps identify the highest risks in financial information. However, a significant difference is that the COSO offers a framework for the organizational managers to use when creating their control environment (Lawson et al., 2017). On the other hand, the SOX 404, which acts as a compliance program, requires managers to sign off on the designed internal controls based on their financial reporting (Leech, 2003). Further, the PCAOB’s AS 5, compared to the COSO, SOX Section 404, acts as a prompt warning system for spotting the highest risks in financial reports (Goelzer, 2008).
[798 Words]