SOX effect on DCAA
Christy Taylor
AC 503
July 11, 2011
SOX effect on DCAA The public looks to financial documents for evidence on the success of companies and a basis for investing decisions. Investors and banks rely upon these documents to provide accurate information for the decision-making process. The accountants and auditors that create and verify the accuracy of the information within these documents hold the trust of those who rely on accurate financial information. Once the trust is broken, it can take time to rebuild. Unfortunately, the publics’ trust in the accounting profession was shaken with several large scandals such as Enron and WorldCom, and they are still working toward repairing the damage. Investors lost faith and hesitated to invest money, which can hurt the economy. In answer to this developing crisis of faith, President Bush signed the Sarbanes-Oxley Act of 2002 (SOX) (U.S. Securities and Exchange Commission, 2010). This act has far reaching effects on every aspect of the accounting and business world. It placed into effect guidelines and repercussions in accounting to help prevent future fraud. Those standards that were already in place, adapted to SOX and changed to meet the more stringent requirements. One such example is Defense Contract Audit Agency (DCAA) standards. Like all agencies, DCAA had to adapt to the new requirements of SOX, but the changes needed to first be defined.
Sarbanes-Oxley Act of 2002 Sarbanes-Oxley Act of 2002 (SOX), not only provides guidelines for the accounting industry but also a means of enforcement. These laws and regulations apply to all publicly traded companies. The purpose of SOX is to create a universal standard that can be upheld in order to increase the confidence the public has in financial statements. The act is broken down into 11 sections, of which there are six main areas. It is important to understand the sections so as to determine what impact they have on already established standards. Section 302 states that all signers to the financial documents have reviewed the document for accuracy and verified there are no misstatements or omissions. In addition, any issues found regarding the internal controls are also listed on the financial document (Sarbanes-Oxley Act of 2002, 2004). This provision assigns responsibility for accuracy back onto the managers and directors. They now share responsibility for accuracy with the auditors and have a vested interest in avoiding and detecting fraud. Prior to this, many managers would sign documents without reviewing them for accuracy. This provides a redundant check for accuracy.
Section 404 elaborates on Section 302 regarding internal controls. While 302 specifically mention deficiencies in internal controls, Section 404 requires details of internal controls to be provided in companies’ annual report. Therefore, interested parties can assess for themselves the effectiveness of the internal controls. Section 401 states that all financial statements must be accurate and transparent (Sarbanes-Oxley Act of 2002, 2004). Documents should be easily read and interpreted by someone who is willing to take the time to read and understand the financial statements. Transactions and liabilities must be categorized correctly to properly display the company’s financial standing. This also applies to recording of value of assets and inventory. If the financial statements are misleading in content, they are not considered transparent.
Section 401 goes along with Section 409, which states that companies must disclose any material changes in their finances. These disclosures must be easily understood and supported with additional documentation (2004). This specifically refers to changes that occurred after the financial statements were completed but do impact the financial status of the company. This could be a positive or negative impact. The important part is that information must be available to be read and understood by interested parties in order to avoid misinformation. Also, investors must have the most current and reliable information regarding the company’s finances to make informed decisions. Section 406 is unique since it requires that all publicly held companies have an established code of ethics. Previously, individual ethics were relied upon for integrity and honesty; companies were not required to dictate a universal ethics system. SOX now requires that an official code of ethics to be in place. Each company creates their code of ethics and is responsible for maintaining it. The code of ethics covers behavior and repercussions for those who violate the code. Ethical behavior for businesses increases the public’s trust in the financial statements and the accountants responsible for them. Section 802 is one of the most important sections of SOX. It is this section that provides the penalties attached to fraud, including the altering of work papers. Without repercussions, the SOX would not be enforceable. SOX provided government regulation to make sure all minimum standards are followed. If companies violate any aspect of SOX then the Securities Exchange Commission can enforce penalties and fines upon the guilty.
In some cases, the standards outlined by SOX were already in place, and there was not much change that needed to occur. One example of this was in the Defense Contract Auditing Agency (DCAA). This agency already closely regulated companies that dealt with government contracts, but with SOX there were additional considerations and accommodations that needed to be made.
Defense Contract Audit Agency The Defense Contract Audit Agency (DCAA) was created by the Department of Defense (DOD) to make a uniformed auditing standard for government contractor companies. Prior to the establishment of DCAA, each branch of the military had different contracting standards. This made it easy for mistakes to happen or improper pricing, such as the $100 hammer. DCAA was established in 1965 to provide accounting and financial advisory services for government contract agencies to ensure that taxpayer dollars were spent in a fair manner without waste (Defense Contract Audit Agency, 2011). DCAA was successful in DOD’s goal of creating a way to maximize effort and minimize waste of resources. In 2010, DCAA was responsible for auditing over $34 billion of costs and over $185 billion on pricing proposals (Defense Contract Audit Agency, 2011). The audit saved almost three billion dollars due to audit findings. The cost for running DCAA is about $530 million, which is worth the expenditure when the savings to taxpayers is about five times the expense. While DCAA has shown in numbers how effective it can be, the addition of SOX is believed to improve the effectiveness and reliability of the audits. There is debate whether confidentiality aspects of SOX hinders or helps with the DCAA audits.
Effect of SOX on DCAA There are many government-contracting companies and not all of them are publicly held. In smaller, privately owned companies, DCAA compliance is the only concern. However, in cases where the government contracting company is a publicly held entity, such as Lockheed Martin, SOX also applies. The biggest concern regarding how SOX and DCAA work together is in the definition of confidentiality of information. SOX established the Public Company Accounting Oversight Board (PCAOB) to oversee audits, collect documentation and share it with the appropriate governmental agencies without it affecting the confidentiality of the information. The interesting aspect to this is that DCAA is not one of the authorized agencies (BNA, Inc, 2003). DCAA did issue a statement that said SOX does not directly impact DCAA. However, DCAA relies on information generated by management and their financial reporting in order to conduct an audit. SOX does effect these aspects and the information generated by SOX may also apply to these areas.
Initially, when reviewing the internal controls, Securities and Exchange Commission stated that the information must be disclosed to the auditors, but it does not necessarily need to be shared with the public depending on its impact. Since SEC does not recognize DCAA as one of the governmental agencies that information can be shared without confidentiality being broken, then DCAA may not be privy to these disclosures. The SEC does encourage DCAA to seek and request these disclosures (BNA, Inc, 2003). The DCAA guidelines state that having access to this information can help make the company a minimum risk category. If the company refuses access, DCAA will classify the company at maximum risk and perform a more in-depth audit. Therefore, this encourages the company to be forthright with any information.
There is nothing in SOX that directly refers to DCAA or expands its current access to information. DCAA has issued guidance, instructing auditors to review the supporting documentation regarding the companies’ compliance with SOX. DCAA auditors must follow the agency policy of relying on the work of others for determining compliance. Therefore, the work generated by the SOX auditors can be shared as it applies to DCAA compliance (Wall, 2006). According to DCAA regulations, this only applies when individuals who are qualified and competent performed the work. In addition, the working papers must support the conclusions (2006). Therefore, the supporting documents and work papers must show competence and thoroughness of the auditors.
Conclusion
Although there is some debate regarding the confidentiality of papers and whether DCAA auditors can request to look at SOX audit papers, each case should be determined on an individual basis. This is supported by DCAA protocol that states that other information may be used if there is supporting documentation and the auditor who compiled the information is competent. In conclusion, SOX is still beneficial addition to the DCAA compliance since a properly conducted SOX audit can mean a reduced audit effort by DCAA auditors. In order to help streamline the auditing effort there are several recommendations. The first recommendation is that anytime an audit is performed on a company the purpose and scope of the audit should be clearly detailed to all parties so the expectations are clear. Secondly, since there is some debate over the documentation that needs to be disclosed to DCAA auditors versus SOX auditors, a list of requested items should be issued in advance. This way documents may be collected and prepared. Any issues can be addressed prior to the audit. Finally, Once DCAA has outlined the purpose and scope of the audit, the company can decide to limit access to only the documents that are related to the scope of the audit.
DCAA and SOX can compliment each other. The cost of complying with SOX is not as high as many other companies, since many of the requirements were already in place by DCAA. SOX developed a segregation and expansion of duties. This allows auditors to focus more fully on their area of concern and rely on each other to produce accurate documents that may be used to support both audits.
References
BNA, Inc. (2003). Federal Contracts. “Sarbanes-Oxley Act.” Retrieved from http://media.gibsondunn.com/fstore/documents/pubs/DCAA-SarbanesOxley- 11.2003-Fed_Contracts-Manos.pdf
Defense Contract Audit Agency. (2011). “DCAA.” Retrieved from http://www.dcaa.mil/.
McKenna Long & Aldridge. (2009). “Government Contracts Advisory”. Retrieved from .mckennalong.com/media/library/1021_DCAA_Audit_Guidance%201.09.pdf
Sarbanes-Oxley Act of 2002. (2004). “The Sarbanes-Oxley Act.” Retrieved from http://www.soxlaw.com/index.htm.
The Bureau of National Affairs. (2003). Federal Contracts Report. Retrieved from http://media.gibsondunn.com/fstore/documents/pubs/DCAA-SarbanesOxley- 11.2003-Fed_Contracts-Manos.pdf.
Thompson, M. & Zimmerman, S. (2006). Contract Management. “Sox compliance: DCAA disclosure and cost- control strategies.” Retrieved from http://www.ncmahq.org/files/Articles/C7463_CM_June06_p32.pdf.
U.S. Securities and Exchange Commission. (2010). The laws that govern securities industry. Retrieved from http://www.sec.gov/about/laws.shtml.
Wall, D. (2006). Institute of Management Accountants: Sarbanes-Oxley Act the DCAA perspective. Retrieved from www.pnl.gov/ima/12.../DCAA%20IMA%20Presentation%2012-12-06.ppt