CC BY
88
УДК 657.6
Регулирование или этика как ответ на угрозу потери независимости аудитора? Гармонизация правил для общественных и частных компаний применительно к представлению отчетности и аудиту
МАРКО А. МАРИНОНИ,
доктор философии, сертифицированный бухгалтер, факультет экономики и социологии Университета Каттолика Дель Сакро Куоре, Пьяченца, Италия E-mail: marcoangelo.marinoni@unicatt.it
АННОТАЦИЯ
В статье рассмотрены основополагающие принципы развития аудиторской деятельности и ее взаимосвязь с организацией внутреннего контроля, способствующего составлению достоверной, прозрачной и надежной отчетности экономических субъектов. Автор рассматривает независимость аудитора как важнейшую особенность и принцип аудиторской деятельности, определенную нормативными документами (МСА 200). Это полностью соответствует этическим принципам ведения аудиторской деятельности, которые должны соблюдаться в процессе осуществления профессиональной деятельности аудитора. При этом необходимо учитывать потенциальные угрозы независимости аудитора (финансовые, деловые, трудовые и др.) и те обстоятельства, которые приводят к потенциальным рискам независимости. Для того чтобы минимизировать сомнение в беспристрастности и объективности аудитора, автор определяет систему защиты, включая ротацию обязанностей фирмы, ротацию партнеров, перерывы в работе, запрещение совмещения разных услуг. В статье рассматривается ряд европейских и международных правил, позволяющих регулировать требования к независимости аудиторов и этические аспекты их профессиональной деятельности. При этом основное внимание уделяется Кодексу этики профессиональных бухгалтеров, международным стандартам этики для бухгалтеров и аудиторов и Закону Сарбейнса-Оксли (англ. Sarbanes-Oxley Act, SOX).
С точки зрения системы аудита компаний этот закон ввел определенные новшества, которые позволяют оценить и улучшить прозрачность внутреннего контроля, что обеспечит снижение информационного риска. В свою очередь информационная асимметрия может вести к двум проблемам - неблагоприятному отбору и моральному риску аудитора. Как отмечается в статье, действие SOX имеет глобальный характер и влияет на всю экономическую систему поэтому компании необходимо иметь коммуникационную стратегию для устранения противоречий с внешними стейкхолдерами в части конфликта между требованиями раскрытия информации и уровнем ее секретности. Ответственность аудитора, согласно этому закону определяется Советом по надзору за аудитом и бухгалтерским учетом в публичных компаниях. Самостоятельная часть статьи посвящена вопросам анализа компетенций Комитета спонсорских организаций Комиссии Тредвея (COSO), выпустившего документ «Концептуальные основы внутреннего контроля» - COSO Report. Эта концепция постоянно совершенствуется и формируется как модель управления риск-менеджмента на предприятии. Последние изменения системы внутреннего контроля, введенные в 2013 г., основываются именно на этом подходе. Автор рассматривает Кодекс этики профессиональных
бухгалтеров как важную часть регулирования независимости аудиторов. Основная идея Кодекса заключается в том, что аудитор должен действовать в интересах общества, а его поведение должно соответствовать основным этическим принципам, в том числе независимости, чтобы приобрести уверенность и авторитет в глазах общественности. В статье показана возрастающая роль регулирования корпоративного управления ответственности за нарушение этики поведения на финансовых рынках. Распространение закона на вопросы корпоративного управления является существенным ответом на кризис ценностей деловой этики, который привел к многочисленным скандалам в конце XX в. и первом десятилетии XXI в.
Ключевые слова: корпоративное управление, МСА (Международные стандарты аудита), МСУ/МСФО (Международные стандарты учета/Международные стандарты финансовой отчетности), МСФООС (Международные стандарты учета в общественном секторе), подотчетность, этика.
Regulation or Ethics as Response to the Independence Threats? Public and Private Setting Harmonisation in Terms of Auditing and Accountability
Dott. MARCO A. MARINONI,
Ph. D, CPA, Economics and Social Sciences Department, Unicatt, Piacenza, Italy E-mail: marcoangelo.marinoni@unicatt.it
ABSTRACT
The article considers the basic principles of development of auditing and how it is related to the organization of internal control, which contributes to generating fair, transparent and reliable reports of economic entities. The author regards the auditor's independence as one of the most important peculiarities and principles of auditing defined by international standards on auditing (ISA 200). This is in full accordance with the professional ethics of auditing which is to follow by every representative of the profession. At this point it is necessary to take into account the potential threats to auditor's independence (e. g. financial, business, labour, and so on) and the circumstances, which may result in potential risks to independence. To minimize the doubts in fairness and objectivity of an auditor, the author defines the system of protection, which includes the firm's rotation, partner rotation, cooling-off period, prohibited services. The article reviews European and international legislation regulating professional independence of auditors and ethical aspects of their activity, among these, the most important are the Code of Ethics for Professional Accountants issued by IESBA (International Ethics Standards Board for Accountants), the International Standards on Auditing, ISAs, the European Commission Recommendation on May 16,2002, concerning the independence of the auditor and the last but not least, the Sarbanes-Oxley Act (SOX).
From the company's audit viewpoint, the SOX aims to evaluate the independence to improve the transparency of the internal control. The major costs due to the SOX control activities are compensated with the benefits through lower information risk.
In its turn the information asymmetry, namely the lack of information of one of the parties to a contract, determine the occurrence of two followings well-known problems: adverse selection and moral hazard. The article notes that SOX due to its global nature impacts powerfully other economic systems that's why corporations need a communication strategy for dealing with external stakeholders, which address the conflict between disclosure and secrecy. The responsibilities of the auditors in accordance with the SOX were defined by the PCAOB. A separate part of the article deals with the issues of analyzing competences of COSO (Committee of Sponsoring Organizations of the Treadway Commission) which issued a COSO Report«Internal Control-Integrated Framework». This concept is constantly being improved as a model of the Enterprise Risk Management. The recent changes of internal control system are based on this particular approach. According to the author an important regulatory reference on the independence of the auditor is the Code of Ethics for Professional Accountants. This Code is based on the idea that, during the commitment, the auditor must act in the public interest and his behavior must conform
to fundamental ethical principles (including that of independence), to gain confidence and credibility in the public eye.
This paper shows the increasing regulation on corporate governance as the answer to the decrease of ethical behaviours in the financial markets. The proliferation of laws in matters of corporate governance was the substantial response to the crisis of the values of business ethics, which has led to numerous financial scandals of recent decades.
Keywords: corporate governance, ISA, IAS/IFRS, ¡PSAS, accountability, ethics.
1. Private and Public Setting Harmonization, ISA, IAS/IFRS, IPSAS
The need to arrive at a set of rules recognized internationally has prompted the IASB and IFAC to hasten the process of harmonization of accounting and auditing standards. With the adoption of IAS/IFRS for the preparation of financial statements of listed companies scheduled for 2005, the European Committee on Auditing1 has proposed the adoption of new international auditing standards, ISA, recommended by IFAC for same year.
Particularly, the article 26, paragraphs 1 and 2 of the EC Directive 2006/43, aims to harmonize the laws of many European countries, providing, for instance, that the auditing is conducted in accordance with auditing standards adopted by the European Commission itself.
The national auditing standards, developed by the Orders and Professional Associations, so they are inspired by international standards2 (International Standards on Auditing — ISAs — Clarified ISA), issued by a special committee of the International Federation on Accountants (IFAC), called International Auditing and Assurance Standard Board, IAASB3.
Anyway, the international standards on auditing were recently updated and are currently represented by the ISA Clarity Project. At European level,
1 European Committee for Auditing established by the European Commission.
2 The ISAs are technical and ethical standards to measure the quality of the auditing and to limit the discretion of the auditor. Constitute a point of reference binding, even for the revisions voluntary.
3 The International Auditing and Assurance Standards Board (IAASB) is an independent board to draw up the principles, which certifies the quality control of the auditing at the global level. It is an organization started by the International Federation of Accountants (IFAC). The Public Interest Oversight Board provides for the supervision of the IAASB, ensuring that the standards are of public interest.
the committees are responsible for activating the process of «endorsement» of these ISA clarified. In fact, they are the result of a complex project of rewriting of the ISA, launched by IFAC in 2004 and concluded in February 2009, due to which the auditing principles and the international quality control standard (ISQC 1) have only been reorganized in separate sections, without change the substance (so-called Redrafted, n. ISQC 1 and ISA 20), or reorganized and modified in the contents (so-called Revised and Redrafted, ISA n. 16). Is there a next adjustment of the same, in order to introduce an approach more focused on the analysis and on the evaluation of audit risk.
In the auditing system, the International standards issued by the IAASB and their respective fields of application are as follows:
• International Standards on Auditing (ISA), to be applied in the audit of financial reporting;
• International Standards on Review Engagements (ISRE), to be applied during the review of financial reporting;
• International Standards on Assurance Engagement (ISAE), to be applied within the different assignments by the audit and review of financial reporting;
• International Standards on Related Services (ISRS), to be applied to different services by assurance, but with interrelated nature;
• International Standards on Quality Control (ISQC) to apply to all services covered by the ISA, ISAE e ISRS.
In addition there are the following interpretative guides, International Auditing Practice Statements (IAPS), International Review Engagement Practice Statements (IREPS), International Assurance Engagement Practice Statements (IAEPS), International Related Services Practice Statements (IRSPS), which constitute a support respectively to ISA, ISRE, ISAE and ISRS.
Table 1 shows the list of the International Standards on Auditing, ISA.
The auditing services (compliance auditing; financial auditing; operational and management auditing), including the so-called «other services», i. e. services to certification and assurance, are referring to international professional standards
issued by the International Auditing and Assurance Standards Board, IAASB through the International Federation of Accountant, IFAC.
As for the other services, the International Framework provides two types of assignments:
• reasonable assurance engagements;
• limited assurance engagements.
Table l
International Standards on Auditing (ISA)
Number Denomination
Framework Technical Summary
ISQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements
ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing
ISA 210 Agreeing the Terms of Audit Engagements
ISA 220 Quality control for an Audit of Financial Statements
ISA 230 Audit Documentation
ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements
ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements
ISA 260 Communication with Those Charged with Governance
ISA 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management
ISA 300 Planning and audit of Financial Statements
ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment
ISA 320 Materiality in Planning and Performing an Audit
ISA 330 The Auditor's Responses to Assessed Risks
ISA 402 Audit Considerations Relating to an Entity Using a Service Organization
ISA 450 Evaluation of Misstatements Identified during the Audit
ISA 500 Audit Evidence
ISA 501 Audit Evidence - Specific Considerations for Selected Items
ISA 505 External Confirmations
ISA 510 Initial Audit Engagements - Opening Balances
ISA 520 Analytical Procedures
ISA 530 Audit Sampling
ISA 540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures
ISA 550 Related Parties
ISA 560 Subsequent Events
Ending of the table 1
Number Denomination
ISA 570 Going Concern
ISA 580 Written Representations
ISA 600 Special Considerations - Audits of Group Financial Statements (Including the Work of Component Auditors)
ISA 610 Using the work of Internal Auditors
ISA 620 Using the work of an Auditor's Expert
ISA 700 Forming an opinion and reporting on financial statements
ISA 705 Modifications to the opinion in the independent auditor's report
ISA 706 Emphasis of matter paragraphs and other matter paragraphs in the independent auditor's report
ISA 710 Comparative information - corresponding figures and comparative financial statements
ISA 720 The auditor's responsibilities relating to other information in documents containing audited financial statements
ISA 800 Special consideration - audits of single financial statements prepared in accordance with special purpose frameworks
ISA 805 Special consideration - audits of single financial statements and specific elements, accounts or items of a financial statements
ISA 810 Engagements to report on summary financial statements
In the case of reasonable assurance, «audit», the auditor will give its judgment in positive form, thanks to the access to all the information deemed necessary to express that opinion.
In the case of limited assurance, «review», the auditor will express an opinion in a negative way (so-called negative assurance), as he has not available all the elements necessary for example, to objective difficulties or containment costs.
Among the main new features of the new international regulations concerning the statutory audit it is certainly the mandatory adoption of International Standards on Auditing, ISAs, and Quality Control (ISQC 1, 200, 220).
Quality control is based on an inspection of selected audit files, it shall include an assessment of compliance with auditing standards and the requirements of applicable independence, the quantity and quality of resources used, the fees, as well as the internal control system the auditing firm [1-6].
The regulatory framework of the international auditing standards on quality control, ISQC, can be well illustrated as following:
A. Assurance:
A. 1 historical financial information: ISA 100-999; IAPS 1000-1999; ISRE 20002699;
A. 2 other financial disclosure statement: ISAE 3000-3699.
B. Other services: ISRS 4000-4699.
The Auditors who do not perform the statutory audit in the Public Interest Entities, are subject to such controls at least every six years, while those who perform the professional activity in a Public Interest Entities are subject to this quality control at least every three years (ISQC 1, ISA 220, 230, 240, 300, 315, 330, 580).
In order to evaluate the «risk control» (ISA 240, 315), the auditor shall p,erform the «compliance procedures» which mainly consist in controlling the documentation of operations, to acquire «evidence».
The European Union has not defined specified accounting standards, but has implemented the principles already internationally recognized, issued by the IASC, the board that later took the name of IASB. These principles, known as IAS/IFRS,
are the only viable alternative to US GAAP, for the comparability of financial statements.
The application of IAS/IFRS is subject to transposition thereof by the European Union. It was also planned a procedure of approval of EU Directives [7] which, when appropriate, make it possible to standardize the financial statements of all companies, even for those not immediately is required the adoption4 (see table 2).
4 To this end, in 2001, was established the EFRAG (European Financial Reporting Advisory Group), an organization that,
There is also the IFRS for SMEs developed by:
a) extracting the fundamental concepts from the IASB Framework and the principles and related mandatory guidance from full IFRSs (including Interpretations);
b) considering the modifications that are appropriate on the basis of users' needs and cost-benefit considerations.
through a technical evaluation of international documents and related interpretations, allows a change of the EU accounting directives.
Table 2
International Accounting Standards (IAS/IFRS)
Number Denomination
Framework Technical Summary
IFRS 1 First-time Adoption of International Financial Reporting Standards
IFRS 2 Share-based Payment
IFRS 3 Business Combinations
IFRS 4 Insurance Contracts
IFRS 5 Non-current Assets Held for Sale and Discontinued Operations
IFRS 6 Exploration for and evaluation of Mineral Resources
IFRS 7 Financial Instruments: Disclosures
IFRS 8 Operating Segments
IAS 1 Presentation of Financial Statements
IAS 2 Inventories
IAS 7 Statement of Cash Flows
IAS 8 Accounting Policies, Changes in Accounting Estimates and Errors
IAS 10 Events After the Balance Sheet Date
IAS 11 Construction Contracts
IAS 12 Income Taxes
IAS 16 Property, Plant and Equipment
IAS 17 Leases
IAS 18 Revenue
IAS 19 Employee Benefits
IAS 20 Accounting for Government Grants and Disclosure of Government Assistance
IAS 21 The Effects of Changes in Foreign Exchange Rates
IAS 23 Borrowing Costs
Ending of the table 2
Number Denomination
IAS 24 Related Party Disclosures
IAS 26 Accounting and Reporting by Retirement Benefit Plans
IAS 27 Consolidated and Separate Financial Statements
IAS 28 Investments in Associates
IAS 29 Financial Reporting in Hyperinflationary Economies
IAS 31 Interests in Joint Ventures
IAS 32 Financial Instruments: Presentation
IAS 33 Earnings per Share
IAS 34 Interim Financial Reporting
IAS 36 Impairment of Assets
IAS 37 Provisions, Contingent Liabilities and Contingent Assets
IAS 38 Intangible Assets
IAS 39 Financial Instruments: Recognition and Measurement
IAS 40 Investment Property
IAS 41 Agriculture
The accounting principles of international reference for the public sector (International Public Sector Accounting Standards) are published and updated by IFAC5 (International Federation of Accountants).
The International Accounting Standards for the public sector (IPSAS) are based, where possible, by the IAS/IFRS, published by the International Accounting Standards Board (IASB), and indicate at the end of the document, the main differences with the corresponding IAS/IFRS, differences that are of terminology, but often also of substance.
The adjustment to the IPSAS by governments in Europe and worldwide could contribute to a better intelligibility of the accounts and financial statements of public entities and definitely a better chance of comparison, even outside the borders of each country.
5 URL: http://www.ifac.org/publicSector/ (accessed: 03.09.2015).
The IFA also suggests the adoption of the accruals principle within the public accounting, identified as one that allows a better representation of the progress and results of the general government.
The aims, content and synthetic directions of the main principles are shown in table 3.
For businesses to public scrutiny do not apply the IPSAS, but the general references are directly the IAS and the same as regards the auditing, the principles of reference, where applicable, are the ISAs clarified.
According to IPSAS, a company to public scrutiny (Government Business Enterprise) has the following features:
a) it has legal autonomy;
b) it has operational and financial autonomy to carry out the activities;
Table 3
International Public Sector Accounting Standards (IPSAS)
Number Denomination
IPSAS 1 Presentation of Financial Statements
IPSAS 2 Cash Flow Statement
IPSAS 18 Segment
IPSAS 19 Provisions, contingent liabilities and contingent assets
IPSAS 20 Disclosure of related party transactions
IPSAS 21 Impairment of non-cash-generating
IPSAS 22 Disclosures for the general government sector
IPSAS 23 Income from operations no consideration equivalent (taxes and transfers)
IPSAS 24 Presentation of the information contained in the budget
IPSAS 25 Employee benefits
IPSAS 26 Impairment of cash generating activities
IPSAS 27 Agriculture
IPSAS 28 Financial instruments: Disclosure
IPSAS 29 Financial Instruments: Recognition and Measurement
IPSAS 30 Financial Instruments: Integrative information
IPSAS 31 Intangibles
IPSAS 32 Service Concession Arrangements: Grantor
CASH BASIS 1 Financial information prepared in accordance with the principle of cash
CASH BASIS 2 Financial information prepared in accordance with the principle of cash: Supplementary information recommended
c) sells goods and provides services in the normal course of its business, to other entities with the aim to achieve profits or cover costs;
d) does not rely on continues public funding to be a ongoing company (except for purchases of materials occurring in normal negotiations);
e) it is controlled by a public sector entity.
Companies to public scrutiny include both
trading enterprises, such as public utilities, both the financial enterprises, such as financial institutions, in substance, other entities that carry out similar activities in the private sector. So these entities operate for profit and with the aim to generate income, but may be subject to extended
disclosure requirements and limitations related to the exercise of a public service, for instance to offer also services free of charge or at reduced fares.
With reference to the auditing of the subsidiaries, the controls are to be entrusted both to the auditors of the public participant, both to the auditor and the board of auditors in general of the same company. Both bodies, independent in their work, must verify the existence of the legal requirements for the operation of the business, the respect of the economic and financial equilibriums and the compliance with the accounting rules in the relations between public bodies and subsidiaries.
In the International Accounting Standards are considered elements of non-profit organizations the followings6:
• obtain significant resources from third parties who do not expect a price equivalent;
• the pursuit of a non-profit g, directly or indirectly;
• the absence of clear property rights that can be made the object of sale, transfer or redemption or that are entitled to receive a share of equity in the event of liquidation.
Another distinctive feature common to nonprofit organizations is fundraising, namely research and obtaining donations or funds from persons other than those who use the services, although it is necessary to distinguish between the market-oriented organizations (selling its services on the market) and those not market oriented.
2. Information Asymmetry, Regulation and Business Control Systems
The control activity, and in particular Auditing, is identifiable as a systematic process designed to obtain sufficient audit evidence to confirm the assertions of the directors, in relation to corporate events, and express an independent opinion on the reliability of the financial statement. The judgments can be expressed relative to many other situations, including the adequacy of a budget prepared by the client, the certification of the consistency of a corporate reorganization plan, the reasonableness of an intervention project finance and so on.
Basic conditions to express the above judgments are the objectivity and independence of the external auditor with respect to the company under analysis, in order to limit potential conflicts of interest that may elapse to the multiple stakeholders. The demand for audit services is required, as it is
6 The major distinguishing characteristics of nonbusiness organizations include: a) receipts of significant amounts of resources from resource providers who do not expect to receive either repayment or economic benefits proportionate to resources provided, b) operating purposes that are primarily other that to provide goods or services at a profit or profit equivalent, and c) absence of defined ownership interests that can be sold, transferred, or redeemed, or that convey entitlement to a share of a residual distribution of resources in the event of liquidation of the organization (Accounting standards «Original Pronouncements» — Statement of Financial accounting concepts No. 4).
able to make judgments on the relationships that exist within the enterprise and between the latter and its stakeholders, to mitigate the imaginable information asymmetry between the company's management and his property.
Independence is an intrinsic and essential ethical feature for the auditor: this idea is restated by the International Standard on Auditing ISA 200 (named «Overall objectives of the independent auditor and the conduct of an audit in accordance with international standards on auditing») which, it recall the Code of ethics for Professional Accountants issued by the IESBA (International Ethics Standards Board for Accountants); in particular, it provides that the statutory auditor has to respect, in carrying out its activities, the fundamental ethical principles, especially that of independence from the client company being audited.
Examples of circumstances potentially damaging to the independence of the auditor, according to these reference standards, they can be identified as:
• financial relations;
• business relations7;
• labor relations;
• relations of another kind, including those arising from the provision of non-audit services8.
The cases do not exhaust the subject of the potential threats to independence; in fact, here below there are other situations which may affect (formally or substantially) the auditor's independence. These circumstances, which are once again a broader and more detailed explanation of the
7 According to the International Standard on Auditing No. 100, these business relationships represent a significant threat to the independence of the auditor (and, therefore, must be prohibited) only if they are made on terms different from those of the market, which according to different rules than those normally applied to a negotiation between third parties. In general, in order to safeguard the principle of independence is necessary that these relations on the one hand not allowing the auditor to influence decision-making of the audited entity and the other side not to affect enable the audited company (formally or substantially) the result of revision.
8 According to the International Standard on Auditing No. 100, they are connected with the performance by the auditor in charge of management or supervision at the audited entity, the presence of family or personal relationships between the auditor and the audited company and, above all, the provision of non-audit services in favor of the party subjected to audit.
Standard on Auditing No. 100, are connected to various types of risks:
• self-review;
• self-interest9;
• advocacy;
• familiarity;
• intimidation.
Given the existence of these issues, which are due to «personal and environmental situations, taken individually or together, they can induce a third reasonable and informed to doubt the impartiality and objectivity of the auditor's opinion», the system of protection defined in this paper consider several aspects:
• firm's rotation: the Statutory Audit of the Public Interest Entities must have a maximum duration of 9 years for auditing firms and of 7 exercises for individual auditors; This paragraph also provides that the appointment may be renewed or re-granted after at least 3 years from the date of termination of the previous;
• partner rotation: the assignment of responsibility for reviewing the financial statements of an Public Interest Entities can not be exercised for more than 7 years by the same person, which can, however, take the same office again after at least 2 years from the termination of the previous;
• cooling-off period: the entity in charge of auditing the financial statements of an Public Interest Entities and other individuals involved in auditing the same (for example, executives and directors of the auditing firm) can neither hold office in the organs of administration and control of that institution, nor pay self-employed or employed in favor of the same, if they are not passed at least 2 years after the termination of the appointment;
• prohibited services: it covers different types of services, among which the most important are the bookkeeping (there is a high risk of self-review ends of the auditor), the design of information systems (bookkeeping, administrative and financial), the evaluation of assets or liabilities
9 This threat occurs when the auditor holds an interest (business, financial or any other kind) within the audited entity; This situation creates a conflict of interest that may affect the audit and its results (that is, the final judgment made by the auditor).
(there is always the risk of self-review) and counseling (legal and investment).
It is appropriate to deepen as the independence requirement is considered in European and international legislation: among these, in addition to Directive 2006/43/CE, the most important are the Code of Ethics for Professional Accountants issued by IESBA (International Ethics Standards Board for Accountants), the International Standards on Auditing, ISAs, the European Commission Recommendation on May 16, 2002, concerning the independence of the auditor and the last but not least, the Sarbanes-Oxley Act (SOX).
The Sarbanes-Oxley Act is a federal law of the United States of America, more commonly known as SOX (2002), which strengthened some regulatory control systems standard (qualitative and quantitative) for all companies listed on the American market. It is clear nevertheless that in the global context, such U. S. legislation impacts powerfully on other economic systems [8].
This measure has been taken as a reaction to a series of major financial scandals. One of the fundamental principles of virtuous corporate governance is transparency, i. e., the disclosure of private information to external stakeholders, so that they may make judgments and decisions relating to the corporation. In particular, the SOX aims to evaluate the independence to improve the transparency of the internal control. The major costs due to the SOX control activities are compensated with the benefits through lower information risk that translates into lower cost of equity [9].
The information asymmetry, namely the lack of information of one of the parties to a contract, determine the occurrence of two follow-ings well-known problems:
• Adverse selection (ex-ante);
• Moral hazard (ex-post).
As a result of this, therefore, the need to enact a Law which, for instance, has forced Audit firm to certify its Internal controls, by other independent auditors acting as External Auditor. The main critical factor was that in the company was not often present any «Segregation of Duties» (SoD), which was not expected any double-checking on most financial transactions.
The main novelties of the SOX, in terms of the Company's Audit System, are as follows10.
• It was established the Public Company Accounting Oversight Board, PCAOB, an organization coordinated by the Securities Exchange Commission in order to establish a standard for regulatory the assessment of the Internal Control Systems. It is also the above-mentioned Board that controls the external auditors and ensure that the financial statement certifications are independent and their quality. This organization shall maintain a register of auditing firms and establishes rules for the verification, the quality control, the ethics, the independence and other standards. Also conducts inspections in these Audit firms, promoting investigations and disciplinary actions through sanctions.
• Were established standards of independence of the Auditing companies, in order to limit the conflict of interest. This consists in the prohibition for an auditing firm to provide any non-audit services to the same client, which certifies the financial statements. The PCAOB may allow exceptions case-by-case, basis where services represent less than 5% of the total fees paid for the audit of accounts.
• It is preserved the individual responsibility of the directors and senior executive for the accuracy and the completeness of the financial statements and of integrated Notes. It is also established that the CEO must sign the Income Certification of the employees. By contrast, rules are governed by a code of conduct, in order to identify and to negotiate the conflicts of interest, especially among the members of the Audit Committee and the analysts.
• It requires adequate evidence to all relevant off-financial statement transactions and other relationships, so-called special purpose entities.
• The Corporate and Criminal Fraud Accountability Act of 2002 describes instead the penalties for manipulation, destruction or alteration of the business performance or whichever interference with the investigation.
Corporations need a communication strategy for dealing with external stakeholders, which address the conflict between disclosure and secrecy;
10 Fonte: http://www.gpo.gov/fdsys.
the board of directors is responsible for formulating (and monitoring) the corporation's communication strategy, and that management is responsible for carrying it out [10-13]. The SOX is allowed to make the CEO and CFO responsible for the accuracy of all processes that affect materially the well performance of the company, entrusting in the implementation of a fair and efficient control system. The SOX was then a very strong impact on the financial departments of Corporation, that not only have had to tighten up the procedures and documentation required for the accounting aspects of the business, but also had to monitor, and in many cases, installing the systems of internal control with significant implications on the entire organization of the company11.
The responsibilities of the auditors in accordance with the SOX were instead defined by the PCAOB in the Auditing Standard No. 5 (2008) An audit of internal control over financial reporting that is integrated with an audit of financial statements.
This Audit Standard provides a top-down approach to the auditing and to the business controls in general, which is based on a thorough knowledge of the company and of the market in which it operates, of the risks of business and finally of the enterprise control system. However, the purpose of the Audit, in accordance with Auditing Standard No. 5, must include however the concept of «reasonable certainty» of the controls.
This document is divided into 11 sections, each of which introduces substantial changes in the system of internal control (in addition to those provided by ISA 315) and in the corporate governance of the companies involved; between these sections, the titles that deal with the matter of independence within the statutory audit are the first, second and fifth.
The title I of SOX provides for the creation of a supervisory board, the PCAOB, which has the task of monitoring the activities carried out by independent auditors in favor of the Public Companies that issue securities listed on the regulated market US.
The title II of the SOX, instead, deals exclusively of the requirement of independence required to the statutory auditor and to the audit firm. Within
11 Cfr. Holt (2008), p. 43.
this section are first of all mentioned the non-audit services that an auditor can not do in favor of the client company (to avoid possible conflicts of interest).
3. COSO ERM, Risk Management Approach and Code of Ethics
In the U. S., on the initiative of the private sector and in particular of some prestigious professional associations12 such as the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA) [14] and the Financial Executives International (FEI), was formed the Treadway Commission in order to develop an innovative model of the control system. The study of this system was delegated to Coopers & Lybrand (now PricewaterhouseCoopers). The result, published in 1992, was called COSO Report (Committee of Sponsoring Organizations of the Treadway Commission).
The COSO ERM became the main reference model to draw up both the Codes of Corporate Governance of the main professional associations, and the national and international governance regulations; moreover it is also a motivation to respect the European Commission Green Book [15], published by the European commission always in matters of Corporate Governance.
As an example, the reference model defined by the Basel Committee, for the internal control system in the banks, is based on the same components as defined in the COSO Report; as well as the Corporate Governance Code for listed companies on the Stock Exchange (so-called Preda Code) incorporates explicitly the definition of the control system and the characteristics of the internal system established in the COSO Report. The Public Company Accounting Oversight Board (PCAOB), created by the Sarbanes-Oxley Act, has issued a standard to regulate the verification of a system of internal control for listed companies in the United States, as above-mentioned; it also explicitly mentions the COSO Report.
The above model has been, over the years, upgrades until to get to the model named Enterprise Risk Management, ERM, developed in COSO ERM,
12 The COSO Report is also sponsored by other organizations such as the Institute of Internal Auditors (IIA) and the Institute of Management Accountants (IMA).
thanks to the collaboration of the PricewaterhouseCoopers and of the Institute of Internal Auditors.
It intends focusing on the recent update of the COSO Internal Control — Integrated Framework 2013 [16], which is based on the Enterprise Risk Management, ERM approach.
The answers to many questions are still open regarding Corporate Governance could be found in the evolution of the COSO Report. A first objective is certainly the extension of the main governance standards, including best practices on an international scale, even in non-listed companies. This would facilitate, for example, even the respect of the Green Paper.
Among the priority directives there is the self-assessment of the Board of Directors and the evaluation of the internal control system, with an approach to governance that is increasingly oriented to the Risk Management.
The appreciation and the coping of the risks have become an indispensable tool of Corporate Governance for the creation of Value for stakeholders, as well as the key instruments of the work of Auditing as governed in the ISA Clarity Project, currently in the process of endorsement.
An important regulatory reference on the independence of the auditor is the Code of Ethics for Professional Accountants issued by the IESBA. This document refers to the International Standard on Auditing ISA 200 and allows both to introduce the issue of ethics within the statutory audit, both to identify «the ethical standards to level the behavior of the auditor»; In fact, as above-mentioned, the IESBA Code is based on the idea that, during the commitment, the auditor must act in the public interest and his behavior must be conform to fundamental ethical principles (including that of independence), to gain confidence and credibility in the public eye.
The part A, General application of the IESBA Code, recalls art. 21 Directive 2006/43/EC, as described in it, fundamental ethical principles that auditors must respected during the engagement, that is, those of:
• integrity;
• objectivity;
• professional competence and due care;
• confidentiality;
• professional behavior.
Conclusion
This concludes the present work, noting that investors, in this context of crisis, are increasingly demanding reliable information and high quality, which provide the overall picture of the economic and financial situation of the company, as well as the sustainability of its activities over time [17, 18].
European Commission with the Green Paper — Audit Policy: Lessons from the Crisis and IAASB with multiple documents among which the Consultation Paper — A Framework for Audit Quality (January 2013) and the Reporting on Audited Financial Statements: Proposed New and Revised International Standards on Auditing, ISAs (July 2013),
Table 4
The main changes introduced by IAASB
International Standard on Auditing News — synthesis
Proposed ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements Changes in the structure of the report and insert new elements, including a specific declaration on independence and its ethical requirements. Illustration of such changes in the structure and the new elements in the new examples of the auditor's report
NEW Proposed ISA 701, Communicating Key Audit Matters in the Independent Auditor's Report Definition of key audit matters: «Those matters that, in the auditor's professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance». Rules and guidelines and other explanatory material on the decisions of the auditor in relation to key audit matters and input method of such matters in the audit report to be issued for listed companies. The auditors of financial statements of companies other than listed companies may be required or may still decide to communicate the key audit matters in accordance with this standard
Proposed ISA 260 (Revised), Communication with Those Charged with Governance According to the provisions regarding key audit matters within the Proposed ISA 701, they have made changes to the rules that the auditor has to follow in communications to those charged with governance
Proposed ISA 570 (Revised), Going Concern Rules and guidelines and other explanatory material to enter a statement in the audit report with specific responsibility for business continuity as a condition used to prepare the financial statements by the entity
Proposed ISA 705 (Revised), Modifications to the Opinion in the Independent Auditor's Report Changes to illustrate the ways in which the new elements of the audit report referred to Proposed ISA 700 and 701 are affected when the auditor decides to issue a modified opinion.
Proposed ISA 706 (Revised), Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor's Report Changes to illustrate the interrelations between the following paragraphs that may be present in the audit report: - Information Recalls; - Key audit matters; - Other issues
Proposed Conforming Amendments to Other ISAs Changes to the following ISA to take into account the changes to the above principles: - ISA 210; - ISA 230; - ISA 540; - ISA 710
designed to meet the information needs of shareholders.
Anyway, in 2013, the PCAOB voiced concerns that 15% of inspected control audits were ineffective [19, 20]. Audits are examinations of financial or nonfinancial information for the purpose of evaluating its reliability.
Therefore, the main objective of these measures is to significantly expand also the content of the auditing final report, so that it can be also a useful document for discernment of investment alternatives. Table 4 shows a summary of the main changes introduced in the field of External Auditors' Report by IAASB.
The above-mentioned expanding report is important for the auditing profession and the stakeholders, because could have an impact on the ethics of auditing; the cultural diversity presents major issues regarding appropriate international ethical standards [21].
This paper, starting from the literature and practice [22-31 and so on], shows the increasing
regulation on corporate governance as the answer to the decrease of ethical behaviours in the financial markets. The proliferation of laws in matters of corporate governance was the substantial response to the crisis of the values of business ethics, which has led to numerous financial scandals of recent decades.
The path to find the best framework for balancing the needs of all parties interested in internal control quality disclosure is not completed. The outstanding efforts concern for instance the efficacy of the audit review process; the auditors' probabilistic judgments; the effectiveness of methods in fraud risk assessment; the effectiveness of the methods to assist auditors in recognizing risk; and the effectiveness of external audits in terms of bias reduction in financial reporting.
As behaviourist, it is necessary mainly a real and ethical change to obtain a substantial advantages in terms of corporate control quality, without forgetting the rationalization of administrative costs, especially for small and medium-sized companies.
References
1. Akresh A. Using the audit risk model to opine on internal control. Accounting Horizons, 2010, no. 24 (1), pp. 65-78.
2. Altamuro J., Beatty A. How does internal control regulation affect financial reporting? Journal of Accounting and Economics, 2010, no. 49, pp. 58-74.
3. Dhaliwal D., Naiker V. and Navissi F. The Association Between Accruals Quality and the Characteristics of Accounting Experts and Mix of Expertise on Audit Committees. Contemporary Accounting Research, 2010, vol. 27, no. 3, pp. 787-827.
4. Bowlin K. Risk-Based Auditing, Strategic Prompts, and Auditor Sensitivity to the Strategic Risk of Fraud. The Accounting Review, 2011, no. 86:4, pp. 1231-1253.
5. Houston R. W., Chad M.S. Audit Partner Perceptions of Post-Audit Review Mechanisms: An Examination of Internal Quality Reviews and PCAOB Inspections. Accounting Horizons, 2013, no. 27:1, pp. 23-49.
6. Kaplan S. E., Williams D.D. Do Going Concern Audit Reports Protect Auditors from Litigation? A Simultaneous Equations Approach. The Accounting Review, 2013, no. 88:1, pp. 199-232.
7. European Commission (EC). Regulation of the European Parliament and of the Council on specific requirements regarding statutory audit of public-interest entities. 2011/0359 (COD). November 30. Brussels, 2011. URL: http://ec.europa.eu/internal_market/auditing/docs/reform/regulation_en.pdf (accessed: 03.09.2015).
8. U. S. Congress. Jumpstart Our Business Startups Act. Public Law No. 112-106. (April 12). Washington, D. C., Government Printing Office, 2012. URL: http://www.gpo.gov/fdsys/pkg/PLAW-112publ106/pdf/PLAW-112publ106.pdf (accessed: 03.09.2015).
9. Kinney W.R. et al. The Effect of SOX Internal Control Deficiencies on Firm Risk and Cost of Equity. Journal of Accounting Research, 2009, no. 47, pp. 1-43.
10. Church B.K., Shefchik L.B. PCAOB Inspections and Large Accounting Firms. Accounting Horizons, 2012, no. 26:1, pp. 43-63.
11. Gaa J. C. Book Review: Ken McPhail and Diane Waters, Accounting and Business Ethics: An Introduction. London, Routledge, 2009. The Accounting Review, 2010, no. 85 (5), pp. 1817-1820.
12. Rice S., Weber D. How Effective is Internal Control Reporting under SOX 404? Determinants of the (Non-) Disclosure of Existing Material Weaknesses. Journal of Accounting Research, 2012, no. 50, pp. 811-843.
13. Palmrose Z. V. PCAOB Audit Regulation a Decade after SOX: Where It Stands and What the Future Holds. Accounting Horizons, 2013, no. 27:4, pp. 775-798.
14. Organizations of the Treadway Commission (COSO). Internal Control — Integrated Framework. New York, COSO, 2013. URL: http://www.coso.org/documents/990025P_Executive_Summary_final_ may20_e. pdf (accessed: 03.09.2015).
15. American Institute of Certified Public Accountants (AICPA). Omnibus Proposal of Professional Ethics Division Interpretations and Rulings, 2009. URL: http://www.aicpa.org/RESEARCH/ STANDARDS/CODEOFCONDUCT/Pages/default. aspx (accessed: 03.09.2015).
16. European Commission, Green Book. The EU Corporate governance framework, COM 2011/0164. URL: http://eur-lex.europa.eu/legal-content/EN/TXT/? uri=CELEX: 52011DC0164 (accessed: 03.09.2015).
17. OCSE. Corporate Governance and the Financial Crisis, no. 2/2010. URL: http://www.oecd.org/ corporate/ca/corporategovernanceprinciples/44679170.pdf (accessed: 03.09.2015).
18. Magnan M., Markarian G. Accounting, Governance and the Crisis: Is Risk the Missing Link? European Accounting Review, 2011, no. 20 (2), pp. 215-231.
19. Kinney W. R., Martin R. and Shepardson M. Observations about SOX 404 (b) Audit Production. Accounting Horizons, 2013, no. 27 (4), pp. 799-813.
20. Public Company Accounting Oversight Board. (PCAOB). Staff Practice Alert No. 11. Considerations for Audits of Internal Control Over Financial Reportings. October 24. Washington, D. C., 2013. URL: http://pcaobus.org/standards/qanda/10-24-2013_sapa_11.pdf (accessed: 03.09.2015).
21. Gaa J. C. Corporate Governance and the Responsibility of the Board of Directors for Strategic Financial Reporting. Journal of Business Ethics, 2009, no. 90, pp. 179-197.
22. Stettler H.F. Auditing principles. A systems-based approach, Englewood Cliffs, Prentice-Hall, 1982, p. 84.
23. McCraw T.K. Prophets of Regulation, Belknap Press of Harvard University, 1984, p. 387.
24. Brown C. E., Solomon I. Auditor configural information processing in control risk assessment. Auditing: A Journal of Practice & Theory, 1990, no. 9 (1), pp. 17-38.
25. Kinney W.R., Martin R.D. Does auditing reduce bias in financial reporting? A review of audit-related adjustment studies. Auditing: A Journal of Practice & Theory, 1994, no. 13 (2), pp. 149-157.
26. Tan H. T., Trotman K. T. Reviewers' Responses to Anticipated Stylization Attempts by Preparers of Audit Workpapers. The Accounting Review, 2003, vol. 78, no. 2, pp. 581-604.
27. Clarke F., Dean G. Indecent Disclosure. Gilding the Corporate Lily, Cambridge University Press, 2007, p. 274.
28. Bedard J. C., L. Graham L. The effects of risk orientation, underlying risk and client experience on risk factor identification and audit test planning. Auditing: A Journal of Practice & Theory, 2002, no. 21
(2), pp. 39-56.
29. Bedard J., Graham L. Detection and Severity Classifications of Sarbanes Oxley Section 404 Internal Control Deficiencies. The Accounting Review, 2011, no. 86 (3), pp. 825-855.
30. Hunton J. E., Gold A. A field experiment comparing the outcomes of three fraud brainstorming procedures: Nominal group, round robin and open discussion. The Accounting Review, 2010, no. 85
(3), pp. 911-935.
31. Kinney W.R. et al. Response of the American Accounting Association Task Force to the AICPA's Proposed Revision of Ethics Ruling No. 2. Current Issues in Accounting, 2010, no. 4 (1), pp. C1-C9.
