WASHINGTON -- The Securities and Exchange Commission approved rules yesterday requiring accounting firms to certify that the companies they audit have adequate measures in place to detect fraud.
The rules, which follow accounting scandals at Enron Corp. and WorldCom Inc., are an attempt to force auditors to dig deeper to uncover financial wrongdoing. Required by the Sarbanes-Oxley corporate governance law, the rules call for accountants to look behind the numbers at the financial reporting systems that produced them and certify in writing that they're adequate.
"This is a landmark step forward in the evolution of financial reporting," said Michael R. Young, a partner in the law firm of Willkie Farr & Gallagher, and author of Accounting Irregularities and Financial Fraud. "Up to now, auditors have not been ordinarily asked to provide positive assurance on internal controls. Now that they have been asked to do so, we can expect much more rigorous scrutiny of companies' internal control systems as part of efforts to root out financial fraud."
Passed unanimously by the agency's five commissioners, the rules will go into effect in June 2004 for companies with a market capitalization of $75 million or more. Smaller companies and those outside the United States will be given until April 2005 to comply.
Financial controls are the checks and balances -- frequently sophisticated computer systems -- that companies have to ensure their financial statements are properly prepared.
The controls should make sure that when a company records a sale that it has a contract in place for it and that a customer has accepted the goods, said Dennis R. Beresford, a former chairman of the Financial Accounting Standards Board, which sets standards of financial accounting and reporting. The controls should also test whether a company's expenses are legitimate.
In drafting Sarbanes-Oxley, the Senate Committee on Banking, Housing and Urban Affairs said the new rules should not be aimed at providing accounting firms with a "basis for increased charges or fees" or an opportunity to do a separate audit of the internal controls.
"High-quality audits typically incorporate extensive internal control testing," the committee wrote in a report that accompanies the law. An auditor's assessment of the systems "should be considered to be a core responsibility."
The accounting industry's trade group, seeking to maintain a voice in accounting regulation, in March proposed its own standard for auditing a company's internal financial controls.
In doing so, the American Institute of Certified Public Accountants said it was not trying to supersede the authority of the new Public Company Accounting Oversight Board to set audit standards.
The AICPA's effort drew criticism from Financial Executives International, which represents senior financial officers at corporations. That organization asked the SEC to make sure the standards are set by the accounting oversight board to avoid a "self-serving interpretation by the accounting profession."