Auditors and Corporate Regulators
The external auditor is responsible for auditing the company's financial reports and for reviewing its interim financial reports.
Tax has been identified as a key risk area, especially after the transition to tax consolidation and IFRS. The external auditor will need to be satisfied that the company has an adequate framework of internal controls over the tax reporting systems and processes.
For SEC-registered companies, the external auditor must issue an attestation report on management's assessment of the effectiveness of internal control within the company.
The Australian Securities & Investments Commission (ASIC) acts as the corporate regulator for all Australian companies, in accordance with the Corporations Act 2001.
Australian listed companies and external auditors must also comply with the provisions of Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (CLERP 9).
In particular CLERP 9 requires the CEO and CFO to sign off that the company's records financial records have been properly maintained before the directors make their declaration in the annual report as to the compliance of the financial reports.
The US Securities and Exchange Commission (SEC) acts as the corporate regulator for companies with US-listed securities.
Following the Enron crash in late 2001, the Sarbanes-Oxley Act 2002 (SOX) was introduced. The Act mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures and combat corporate and accounting fraud. SOX created the Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession.
SOX created some far reaching reforms. In particular Section 404 of SOX requires directors and auditors to sign-off on the effectiveness of internal control within the company.
In the first year of audit reports under SOX, tax systems and processes were highlighted as having the highest number of internal control weaknesses within large corporations.