An innovative approach for integrating the Sarbanes Oxley act into the undergraduate business curriculum.

Elson, Raymond J. ; O'Callaghan, Susanne ; Alleyne, Beverley J. 等

ABSTRACT

The Sarbanes Oxley Act of 2002 or "SOX" has permanently changed the way the business community operates. As a result, it is important for business students to understand this legislation so that they can add value to future employers. Currently SOX is seen as an accounting rule and so is taught to accounting majors and not business students. This paper offers an alternative approach to teaching SOX, as we believe that SOX is a business issue not only an accounting issue. We firmly believe that all business students should be exposed to the significant requirements of the Sarbanes Oxley Act as required for all management in publicly traded companies. Resources are provided to help all business instructors increase their knowledge of this legislation to ensure that SOX is fully integrated into the business school culture.

INTRODUCTION

"SOX" refers to the Sarbanes Oxley Act of 2002 (the "Act") that was enacted into law by the United States Congress. It applies to all Securities and Exchange registrants (i.e., public companies) and their external auditors. The key sections of the law includes requirements for (a) the establishment of the Public Company Accounting Oversight Board or PCAOB, (b) Auditor Independence, (c) Corporate Responsibility, and (d) Enhanced Financial Disclosures. From first glance this might lead one to believe that SOX is of interest only to accounting professionals. In reality, most professionals in all publicly traded companies are affected by SOX and they should be aware of what their responsibilities are under the Act. This article is meant to acquaint those who need to know about SOX and its place in a university business curriculum: business deans, business faculty and book publishers.

The SOX Act resulted from the mounting accounting and corporate scandals in the late 1990s and early 2000s. These scandals resulted in the loss of investor confidence in corporate financial reporting. The bad news was nonstop as firms such as Adelphia Communications, Global Crossing, Rite Aid, Xerox and Tyco revised their earnings reports to reflect the impact of earnings management, management fraud and other 'creative accounting' practices. As a result, SOX was passed into law and signed by Congress and the President in record time.

Perhaps the two organizations that had the biggest impact on the passage of SOX were Enron and WorldCom. Management fraud at Enron forced the company to file for bankruptcy protection in December 2001, the largest bankruptcy in the country at that time. This company reported assets of approximately $62 billion and spectacular and consistent earnings growth for many years. However, management inflated earnings by approximately $600 million for the six years prior to its bankruptcy filing. Seven months later, Enron's bankruptcy filing was overshadowed by the collapse of WorldCom in July 2002. This company, with $100 billion in assets, was forced into bankruptcy by a massive management fraud. Both Enron and WorldCom were given clean audit reports that were distributed to the investment community for many years with the underlying financial statements audited by Arthur Anderson.

With the mounting bad news reported by these premier companies whose financial statements were audited by the Big Five accounting firms, the investing public demanded some reform from the legislators to bring credibility to corporate financial reporting. The Sarbanes Oxley Act was enacted into law in response to this demand.

OVERVIEW OF SOX

SOX was implemented to strengthen and improve corporate responsibility. The area of corporate responsibility should be of interest to all business students, since corporate responsibility affects all levels of upper management in all public companies. This includes accountability by executives, boards of directors, and auditors. Another purpose of the Act was to improve companies' communications to investors regarding their activities and the financial climate, again an area not just relegated to accounting personnel.

There is now a clear requirement for all members of the audit committee to be independent members of the board of directors and not management personnel of the corporation. Section 302 of SOX requires the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) of each company to make specific certifications in their quarterly and annual reports. These individuals face significant financial penalties and/or long prison terms for making false certifications. As a result, these executives must rely on personnel throughout the organization to assist in this certification process. Today's business students will not only be part of the SOX process in the future, but will be the future executives responsible for corporate governance in their companies.

The Foreign Corrupt Practices Act of 1977 placed the responsibility of the organization's internal controls on management. Section 404 of the SOX Act now requires that public companies' annual reports include an internal control report specifically stating that management is responsible for establishing and maintaining an effective system of internal control, and management's assessment of the effectiveness of its controls. The external auditor is specifically responsible for attesting to management's internal control environment and for issuing a separate report on the effectiveness of those controls.

Business students should have a working understanding of the implementation issues faced by management in implementing and maintaining an effective internal control structure in response to Section 404.

CLASSROOM APPLICATION

Most courses in the business school have SOX implications. However, SOX is often only taught in accounting courses, so accounting majors are the only ones exposed to its requirements. Business students could potentially leave college without working knowledge of SOX and how it could impact them in the workplace. Appendix 1 presents a summary of the key provisions of SOX, the related sections and the authors' perspectives on the impact of SOX on the business curriculum. Since SOX is far reaching, we propose the following curriculum inclusion to increase business students' knowledge of it with special emphasis on those areas that are subject to Section 404 attestation. Our ideas are presented in this section and summarized in Table 1.

Business Foundation Course

This is the foundation course for introducing business students to the operations of a typical business organization. Course content usually includes a discussion of business cycles found in typical organizations. Such cycles include: revenue and collection, acquisition and expenditure, production and payroll, and finance and investment.

This is the course where the general requirements of the Sarbanes Oxley Act should be discussed. Specifically, sections 101, 302 and 404 should be discussed in the business foundation course.

Discussions should include the reasons for the establishment of the PCAOB and how it has affected businesses (Section 101); what is corporate responsibility and who is responsible for the corporate responsibility over financial reporting (Section 302); and what are internal controls and the fact that management is responsible for designing and operating those controls (Section 404.)

Coverage should also include an introduction to risk assessment and the use of a control framework to assess the effectiveness of a company's control environment. The most common control framework used in business in the United States is the Committee of Sponsoring Organizations of the Treadway Commission or the "COSO" framework. Therefore, students should have a working knowledge of this framework.

Marketing

Marketing majors often believe that understanding accounting concepts is pointless since they are not involved in the financial statement process. While this misconception was okay in the past, it is no longer appropriate under SOX since all activities that impact financial reporting and disclosures in an organization are now subject to SOX Section 404 attestation. Marketing programs often include courses (or sections of courses) on selling practices and product management. These areas are revenue-generating activities and are critical to an organization's success. Since they are part of the financial reporting process these areas are considered part of the Section 404 attestation scope and marketing majors need to be able to recognize and design controls for their areas of expertise.

In discussing these areas, instructors should ensure that students have a good understanding of the underlying business processes and the typical controls that exist over such processes. For instance, to incorporate SOX in courses instructors might focus class room discussions on the controls that should be in place in an organization to ensure that sales made by sales personnel are (a) appropriate and (b) reported and recorded in the general ledger.

Accounting

As financial statement preparers, accountants are impacted by all SOX provisions especially corporate responsibility and enhanced financial disclosures. The typical accounting program already includes sufficient coverage of generally accepted accounting principles in such courses as Intermediate and Advanced Accounting. However, instructors should ensure that students are knowledgeable of the related disclosures in their coverage of the financial statement components since they are a critical element of SOX. For instance, the coverage of leases should include the accounting for capital and operating leases in the financial statements and disclosures made in the footnotes to those statements.

The Auditing and Accounting Information Systems courses typically expose students to internal controls. Instructors should expand their coverage in this area to include the disclosure and certification (Section 302) and attestation (Section 404) requirements of SOX. One suggestion is for students to complete an assignment in which they review the SEC's website and obtain the CEO and CFO certifications for a particular organization (certification). A Section 404 assignment might include providing students with the description of a management process and the controls in place as identified by management. Students would then identify procedures they might perform to independently validate management's controls.

Management

Managers are responsible for managing people and processes. Therefore, management majors clearly need to understand SOX and business processes and controls. While all areas of SOX are applicable to management majors, the sections surrounding corporate responsibility and enhanced financial reporting should be clearly emphasized. For instance, SOX has placed greater responsibilities on the board of directors of public companies to improve oversight of the organizations. Corporate governance and the role and responsibility of boards of directors are topics covered in the typical management curriculum. Instructors should ensure that SOX is fully integrated in the coverage of corporate governance issues.

In classroom discussion on the role of the board of directors, instructors should emphasize that the audit committee is now directly responsible for the appointment, compensation and oversight of the work of the external auditor under SOX. Also, in discussing corporate governance activities in an organization, management students should complete an assignment similar to accounting students by visiting the SEC's website and obtaining the CEO and CFO certifications for a particular organization (certification). Instructors should then emphasize that corporate executives are now responsible for corporate oversight under SOX and the certification process is one way of demonstrating this responsibility.

Information Systems/Management Information Systems (MIS)

Information systems form the backbone of any business process. A firm cannot be Section 404 compliant unless the underlying information systems are reliable. Instructors therefore need to ensure that SOX is integrated into their course coverage. Potential areas in which SOX could be discussed are the general controls in the data processing environment and the application controls over specific systems, systems design and development (including program and system change management, and interface controls), database management, system recovery and information security. For instance, classroom discussion could focus on controls that exist in system and/or database design to ensure that only authorized personnel have access to certain system functionality.

Finance

The financial function in an organization is responsible for investing excess funds and borrowing from creditors to cover shortages. These activities clearly have an impact on the financial statements and are subject to Section 404 attestation. It is imperative that finance instructors incorporate SOX in their coverage of this subject area. For instance, classroom discussions may include controls that exist in the organization to ensure that investments brought or sold are reported and recorded in the general ledger. The financial profession is also responsible for making sure that related investment transactions are adequately disclosed in the financial statements, including any related footnotes.

Business Law

The legal and regulatory aspect of business is covered as part of a required course for most business majors. Clearly, the failure of an organization to comply with laws and regulations could have a significant financial impact and would be reflected in the general ledger, hence the Section 404 implication. Current business law text includes the role of audit committees, code of ethics disclosures and regulation of CPA firms in its coverage of SOX. Therefore, to integrate SOX into the course, instructors could include a classroom discussion of the above areas and its impact on an organization, as well as the processes and controls that exists in an organization to ensure compliance with applicable laws and regulations.

Economics

Most business students are introduced to this subject through two courses--Macro and Micro Economics. Macroeconomics covers broad economic activities while micro covers economic decisions on a low level such as individual consumers. On the surface, these activities do not appear to directly affect an organization's general ledger, so the assumption then is that SOX coverage is not important. However, environmental issues are topics covered in this discipline. The failure of an organization to comply with such issues could result in fines and penalties that are then reflected in the general ledger, hence the Section 404 implication. Therefore, economics instructors could discuss the processes and controls that an organization has in place to ensure compliance with the environment issues at its various locations as part of their discussion of SOX.

CONCLUSION

This paper presents the authors' views on the necessity for including the Sarbanes Oxley Act into all business disciplines. It also offers an approach that instructors can use to introduce SOX to a wider audience of business students. Clearly, this knowledge will allow students' to be better prepared for the demands of today's work environment. We believe that students entering the job market with this knowledge will have a competitive advantage over their colleagues.

One challenge is to ensure that instructors have the appropriate knowledge of SOX to share with their students. There are a number of resources available for instructors to learn more about SOX and PCAOB. Such resources include (i) the summary and details of SOX on the AICPA's and SEC's websites (www.aicpa.com) and (www.sec.gov), and (ii) the role and responsibilities of the PCAOB's at its website (www.pcaobus.org). By obtaining knowledge of SOX and sharing it with students, instructors will ensure that SOX is truly not just something we wear, but something we teach.

REFERENCES

Arens, A.A., Elder, R.J. & Beasley, M.S. (2004). Overview of the Sarbanes Oxley Act of 2002 and other changes in auditing and the public accounting profession. Englewood Cliffs, NJ: Pearson/Prentice Hall

Barnes, A.J., Dworkin, T.M. & Richards, E.L. (2006). Law for business, (9th edition). New York: McGraw Hill/Irwin

Czaja, R. (2005, November Supplement). Should Sarbanes-Oxley reforms extend to nonpublic companies? The CPA Journal. Retrieved August 28, 2006 from www.cpaj.com.

Raymond J Elson, Valdosta State University

Susanne O'Callaghan, Pace University

Beverley J Alleyne, Belmont University

Shirley Bernal, AXA Equitable

John P. Walker, Queens College--CUNY

Appendix 1: Impact of the Sarbanes Oxley Act on the Business
Curriculum

 Business Curriculum

The
Sarbanes-
Oxley Act
of 2002
(Key Pro- Marke- Accoun- Manage-
visions) Related Sections ting ting ment

Public Company Accounting Oversight Board (PCAOB)
 Section 101--Establishment x x x
 of PCAOB
 Section 102--Registration x
 with PCAOB
 Section 103--Auditing x
 Standards
 Section 104--Inspections of x
 Registered Public Accounting
 Firms
 Section 105--Investigation x x
 and Disciplinary Proceedings

Auditor Independence
 Section 201--Services x x
 outside the scope of prac-
 tice of auditors
 Section 203--Audit Partner x x
 Rotation
 Section 204--Audit Reports x x
 to Audit Committees
 Section 206--Conflicts of x x
 Interest
 Section 207--GAO Study on x x
 the Mandatory Rotation of
 Audit Partners

Corporate Responsibility
 Section 301--Pubic Company x x x
 Audit Committees
 Section 302--Corporate x x x
 Responsibility for Financial
 Reports
 Section 303--Improper x x
 Influence on Conduct of
 Audits

Enhanced Financial Disclosures
 Section 404--Management x x x
 assessment of Internal
 Controls
 Section 407--Disclosure of x x
 Audit Committee Financial
 Expert

 Business Curriculum

The
Sarbanes-
Oxley Act
of 2002 Infor- Busi Eco-
(Key Pro- mation Fin- ness no-
visions) Related Sections Systems ance Law mics

Public Company Accounting Oversight Board (PCAOB)
 Section 101--Establishment x x x x
 of PCAOB
 Section 102--Registration
 with PCAOB
 Section 103--Auditing
 Standards
 Section 104--Inspections of
 Registered Public Accounting
 Firms
 Section 105--Investigation x
 and Disciplinary Proceedings

Auditor Independence
 Section 201--Services
 outside the scope of prac-
 tice of auditors
 Section 203--Audit Partner
 Rotation
 Section 204--Audit Reports
 to Audit Committees
 Section 206--Conflicts of
 Interest
 Section 207--GAO Study on
 the Mandatory Rotation of
 Audit Partners

Corporate Responsibility
 Section 301--Pubic Company x x x x
 Audit Committees
 Section 302--Corporate x x x x
 Responsibility for Financial
 Reports
 Section 303--Improper
 Influence on Conduct of
 Audits

Enhanced Financial Disclosures
 Section 404--Management x x x x
 assessment of Internal
 Controls
 Section 407--Disclosure of
 Audit Committee Financial
 Expert

Table 1: Proposed Coverage of SOX in the Business Curriculum

 Examples of Areas impacted by
Discipline SOX--Classroom Emphasis

Business Foundation Course Overview of business processes (e.g.
(general business course) revenue cycle)
 Introduction to the Sarbanes Oxley Act
 Introduction to Risk Assessment and
 Internal Control
Marketing Product development/management
 Sales practices
Accounting Financial statement preparation and
 disclosure controls
 CEO/CFO certifications (Section 302)
 Management assessment of Internal Controls
 (Section 404)
Management Corporate governance (e.g., Oversight
 function of the board of directors)
Information Systems (MIS) Systems design and development (including
 program and system change management,
 interface controls)
 Database management
 System recovery
Finance Investment decisions (purchases/sales),
 Borrowings
Business Law Legal and regulatory issues
Economics Environmental issues