During the Enron, WorldCom, Tyco, Adelphia, and other financial scandals of the early 2000s, stockholders, creditors, and other investors lost millions and in some cases billions of dollars.1 The resulting public outcry led Congress to pass the Sarbanes- Oxley Act of 2002. This act, referred to simply as Sarbanes-Oxley, is considered one of the most important and significant laws affecting publicly held companies in recent history. Although Sarbanes-Oxley applies only to companies whose stock is traded on public exchanges, referred to as publicly held companies, it has become the standard for
assessing the financial controls and reporting of all companies.
Sarbanes-Oxley’s purpose is to restore public confidence and trust in the financial statements of companies. In doing so, Sarbanes-Oxley emphasizes the importance of effective internal control.2 Internal control is broadly defined as the procedures and processes used by a company to safeguard its assets, process information accurately, and ensure compliance with laws and regulations.
Sarbanes-Oxley requires companies to maintain strong and effective internal controls over the recording of transactions and the preparing of financial statements. Such controls are important because they deter fraud and prevent misleading financial statements as shown in the following illustration:
report on the effectiveness of the company’s internal controls.3 These reports are required to be filed with the company’s annual 10-K report with the Securities and Exchange Commission. The act also encourages companies to include these reports in their annual reports to stockholders. GE based its assessment and evaluation of internal controls upon Internal Control—Integrated Framework, which was issued by the Committee of Sponsoring Organizations. This framework is the widely accepted standard by which companies design, analyze, and evaluate internal controls. For this reason, we use this framework in the next section of this chapter as a basis for our discussion of internal controls.