Contents (Jump to)
Chapter 1: Introduction
Chapter 2: Literature Review – Corporate Governance
Chapter 3: Information systems and corporate governance
Chapter 4: Sarbanes Oxley Act
Chapter 1: Introduction
Auditing is one of the essential elements for the successful functioning of the business and helps an organization to face the external world with precise information on its business and issues related to accountability. Also, it is universally accepted that any business organization irrespective of its nature of business must provide relevant documentation to the government and other legal authorities with respect to their income and expenditure in order to meet the rules and regulations on tax. In the initial years of its introduction, auditing was primarily concerned with only the finance and finance related activities within the business that is accounted for in the business. Apparently, the revenue generated by the company and the costs associated are the major contributing factors for decision making on the tax and shareholder benefits. Alongside, the growth of information technology and the increase in the public awareness has further intensified the need for conducting an efficient auditing process to provide accountability for their business activities.
It is intriguing to note that information technology has become an integral part of every business organization making information as a critical element for the effective operation of the business itself. Thus the need for auditing the information and IT based activities that account for the finance for the organization both revenue and expenses are imperative. This report is focused on the effective role of information technology audit in the corporate governance in the UK business organizations. The fact that the corporate governance is the portrait of the a company to the external world both in terms of performance as well as financial information makes it a critical element for the success of an organization.
It is also imperative that the corporate governance of an organization is essential not only for the benefit of the stakeholders but also for the economic stability in the business market as well as the entire nation. This report is aimed to present a critical research analysis on the effectiveness of IT auditing for corporate governance in UK. The report will throw light on the various aspects relate to achieving effectiveness in through IT audit as part of corporate governance and critically analyses the Sarbanes Oxley Act on IT audit and information transparency.
1.2: Aim and Objectives
The aim of this dissertation is to critically analyse the efficiency of IT audit in the corporate governance among the UK business organizations. This is achieved by embracing the research upon the following objectives.
- To critically analyse the concept of corporate governance and its importance for an organization both internal and external to the business.
- To analyse the critical nature of information in business and the growth of information systems in corporate governance.
- To analyse the corporate financial reporting frauds and the role of information technology in such cases through critically analysing examples from various industries.
- To critically analyse Section 404 of the Sarbanes Oxley Act which is the final rule of the act to be implemented by corporate organizations in the UK.
- To provide case study analysis with examples from banking sector and Energy sector in the UK on the application of the Sarbanes Oxley Act-section 404.
1.3: Research Definition
The research in this report is accomplished using secondary information resources only. This is mainly because of the fact that a public opinion on the IT auditing is totally irrelevant and the business organizations will not reveal their corporate information other than that is published in the annual reports due to data protection and privacy issues. Hence the research analysis in the case study is entirely qualitative in nature (i.e.) the research is based upon the journals and white papers published rather than using first had data for quantifying the analysis.
The case study analysis is conducted upon the energy and banking sector of the UK. Whilst a critical analysis on HSBC bank Plc is presented under the banking sector, National Grid Transco, Plc is the company of interest in the Energy sector of the UK. The case study analysis on these organizations will provide critical information on the use of section 404 of Sarbanes Oxley Act and the company’s strive to accomplish IT audit that support financial results for corporate governance. The research analyses only those areas of information systems that directly contribute to the financial results of a company rather than the entire information technology infrastructure of the company.
1.4: Justification for the research
The fact that information plays a critical role in every sphere of a business in the twenty-first century as argued by Efraim Turban et al (2004) has apparently increased the role of IT from just an operational support element to a strategic element of the entire business itself. Furthermore, the fraud detected in the ENRON and WorldCom cases (discussed in later chapters) were predominantly because of the frauds in information that attributes to the financial performance of the company. Hence, this research is conducted in order to throw light on the critical nature of information in the auditing process. The fact that energy (electricity and gas) and banking sectors are major business sectors that directly deal with the general public on a day-to-day basis apart from the increased interests of the stakeholders is the major reason for embracing the research on these two sectors of business in the UK.
1.5: Chapter overview
- Chapter 1: Introduction
This is the current chapter, which introduces the reader with the aim and objectives of the research and the research definition.
- Chapter 2: Literature Review – Corporate Governance
In this chapter a critical overview of corporate governance and the need for auditing and financial performance is discussed in the light of business environments in the UK. The discussion throws light on the need for achieving corporate governance and the essential elements of the business that contributes to corporate governance of a company are discussed with focus upon the entire business.
- Chapter 3: Information systems and corporate governance
This chapter critically analyses the role of information technology in business organizations and the critical nature of information in supporting corporate governance. This is followed by the critical analysis of the corporate financial frauds by providing false information with examples from Enron and WorldCom cases.
- Chapter 4: Sarbanes Oxley Act
This chapter begins with an overview of the Sarbanes Oxley Act. This is followed by the critical analysis of the section 404 of the Sarbanes Oxley Act, which was published by Securities and Exchange Commission to be followed in the UK since June 2003.
- Chapter 5: Case Study 1: Banking Sector
This chapter initially analyses the banking sector as a whole and establishes the critical nature of information in the corporate governance of the competing organizations. This is then followed by the analysis of HSBC Bank Plc one of the potential competitors in the banking sector both within the UK and across the globe. The analysis throws light on the adherence of the Sarbanes Oxley Act section 404 by the company and the policies followed by the company to accomplish information transparency and consistency.
- Chapter 6: Case Study 2: Energy Business
This chapter presents a critical analysis of the energy sector in the UK. This overview is followed by the critical analysis of the Energy transmission and Distribution conglomerate National Grid Transco Plc. The analysis throws light on the company’s strategies and policies to achieve information transparency and reliability in the business. The research also establishes the critical nature of information in the business of the company.
- Chapter 7: Discussion and Conclusion
The research conducted in the above two case studies are discussed in the light of corporate governance and the Sarbanes Oxley Act section 404. The analysis will provide a comprehensive review of the research conducted so far and establishes the coherence between the academic theories and the real-world scenarios. This is followed by the critical analysis of the objectives of the research followed by conclusion for the dissertation.
Chapter 2: Literature Review – Corporate Governance
2.1: Background Information
Gerry Johnson and Kevan Scholes (2001) say, “Corporate Governance is an essential element for any business organization mainly because of the fact that the corporate governance is the message conveyed by the company to the external world including the general public and stakeholders. Alongside, it is also interesting to note that the corporate governance of an organization not only communicates to the external world but mainly provide a one-stop information resource to anyone who is interested in the organization. The corporate governance of the company is essential for not only effectively communicating to the external world but mainly to attract potential customers in the general public both for the business as well as identify potential investors to the company. Furthermore, the fact that corporate governance is also the comprehensive analysis of the entire organization performance by taking the first chapter of every company’s annual report makes it critical for an organization to effectively maintain and achieve a high level of corporate governance as argued by Gerry Johnson and Kevan Scholes (2002).
Denzil Watson and Tony head (1998) further argue that the corporate governance of a company is not only a one page message conveyed by the chairman of the organization but also concerns with the relationship between the company management and its owners in the entire structure of the organization. Apart from the relationship with the owners and stakeholders, the corporate governance is also an essential element for the effective management of the human resource of the company itself mainly because of the fact that not only the interests of the existing workforce should be nurtured but the company should also maintain a positive corporate governance to attract new employees to the organization in order to achieve long-term organic growth as argued by Denzil Watson and Tony head (1998).
Another interesting fact identified by Denzil Watson and Tony head (1998) is that the corporate governance is a critical element in determining the remuneration for the senior executives in many organizations within the UK, which apparently means that the corporate governance is the mechanism that is used by the owners to govern the management of the company. Also, it is interesting to note that the corporate governance in the UK companies has been traditionally stressed upon the importance of internal control and importance of the role of financial reporting and accountability in the organization to its stakeholders and general public.
2.2: Need for corporate governance
Corporate governance of an organization is not only a message that is being conveyed to the stakeholders or the method of managing the management by the owners of the company but essentially the way of monitoring the company’s growth and its position in the entire business market it is operating. The corporate governance is also important for achieving competitive advantage in the target market because of the fact that the customers in the target market are keen in identifying the attributes of the organization that sells the products to them. This includes every form of business including consumer industry, retail sector and even power and energy management sector as identified by Sebastian Nokes (2001). Furthermore, the corporate governance in an organization is also essential for efficiently monitoring and deploying the infrastructure of the company itself.
Chris Brown (2005) argues that the corporate governance of an organization is essential for not only increasing the productivity of the organization but also to become an inspiring element for the employees in the organization to achieve higher level of performance within the organization. Furthermore, it is also interesting to note that the corporate governance of a company is essential to manage the senior management of the organization for not only monitoring the productivity but also for deploying the revenue for further business development. It is imperative that finance is the heart of the entire corporate governance mainly because of the fact that a company’s performance is determined based upon its financial performance both by the stakeholders as well as the general public.
T.C. Melewar (2003) further argues that the corporate governance of the organization is essential for not only the efficient management of the organization but also for identifying any potential issues that should be verified in order to achieve coherent results during the process of auditing in the company.
Following the fall of the Enron and WorldCom which was mainly because of the failure of the management of the company to provide coherent information for audit process and fraud activities in the financial information, the Securities and Exchange Commission of United States of America has made it a rule that the corporate governance of a company must also include non-executive directors who are responsible stakeholders and people of social respect who would validate the activities of the company itself. Furthermore, the Securities and Exchange Commission has also made it mandatory that the auditing committee of the company must contain at least three non-executive directors mainly to facilitate the validation and approval of the results from the audit committee.
The Legal and Regulatory exchange of the UK (2002) has also justified that even though the non-executive directors cannot fulfil all the expectations, they can help achieve the company to effectively perform in the business through continuously monitoring the activities of the entire organization and providing valuable guidance to the board of executive directors in the form of suggestions. Alongside, the Department of Trade and Industry has also justified the fact that even though, the non-executive directors in the company do not involve themselves in the day-to-day business of the organization, they are the responsible for the efficiency and overall effectiveness of the organization with respect to the organization’s performance and reliability of the results.
Furthermore, the fact that the corporate governance in an organization also contributes to the economic stability of the entire business market itself since the revenue generated from a business sector in a nation is obviously the summation of the revenue generated by the individual organization competing in the business and fraud in the corporate governance will eventually affect the economic stability of the business sector itself as argued by Malcolm McDonald (1996).
2.3: Essential elements of corporate governance
Even though it is clear that the financial performance and the financial statements are critical to the corporate governance itself, Denzil Watson and Tony Head (1998) have identified the following elements as the major contributing elements to achieve efficient corporate governance in any business organization.
2.3.1: Human Resource
Michael Armstrong (2003) argues, “Human resource is the most indispensable resource for any organization”. Apparently this is because of the fact that the costs associated with the recruitment and training of new staff in an organization is very high when compared to retaining the existing workforce and effectively nurturing their performance to increase productivity s well as stabilize the costs as identified by Denzil Watson and Tony Head (1998). Furthermore it is imperative that only the effective performance of the human resource of the organization without encouraging any errors and maintaining the transparency in their work related activities would provide accuracy and consistency in the business activities across the entire organization right from the operational level. It is also clear that even though the corporate governance concept is entirely strategic in nature, the business generates revenue only from the very en of the operational staff and hence the need to achieve accuracy and reliability at operational level is imperative for the efficient corporate governance in an organization.
Derek Torrington and Laura Hall (1995) argue that the human resource of an organization not only contribute to the efficiency or performance of the organization, but also contribute to the overall reliability of the organization which is an essential element to achieve corporate governance in the organization. This is mainly because of the fact that the staff right from the operational level to the top level management must have the commitment in achieving the standards set by the company in performing the business which is essential for the corporate governance itself mainly because of the fact that corporate governance is increasingly being treated as a factor of reliability on the company rather than a information resource to judge the performance of the company. Alongside, Derek Torrington and Laura Hall (1995) further argue that the efficiency of the human resource of an organization is the primary contributing factor for the accuracy and reliability of the company’s performance in the external world. This also explains that the human resource of an organization not only contribute to the efficiency and revenue generation of the company but also for the corporate governance of the organization itself.
The above arguments justify that the human resource management and efficiency is essential for corporate governance in any business organization in UK.
As argued before finance is the backbone for any business since every organization operating in the commercial environment are focused in generating revenue and the increase in competition in the business due to globalisation and innovative business methods has apparently increased the need to focus on generating revenue with minimal costs as argued by Gerry Johnson and Kevan Scholes, 2001). The above statement clearly justifies that finance is the critical element for the corporate governance in every business organization. Alongside, it is also essential to mention that the financial results are the end-product that is being analysed by the auditors even though the way in which the revenue is generated and the process of maintaining the cash flow are other critical elements of the business itself.
Denzil Watson and Tony Head (1998) further argue that the corporate governance is predominantly based upon the fundamental issues of resource and finance allocation is addressed through the corporate governance only. This further makes it clear that even though accounting is a critical element of the finance, the output of which is actually being audited, the resource allocation and the finance management are the critical ingredients for the corporate governance in the organization which makes finance as the backbone of the corporate governance to any business organization. It is further intriguing to note that finance is not just the way of managing the allocation of money and financial resources but essentially the accountability to the allocations is the major factor that is analysed in the corporate governance of any organization apart from the corporate finance itself. Hence, accountability in terms of financial performance and management are the critical factors that contribute to the corporate governance of an organization.
The rule passed by Securities and Exchange Commission of the UK that the financial statements must be disclosed not only in the annual reports but periodically published for public notice in order to enable the investors and stakeholders to critically judge the organization performance has made it clear that corporate governance embraces finance of the organization.
Alongside, it is also clear from the Bank of Credit and Commerce International (BCCI) that the companies must disclose their financial information and also provide accountability for all the revenue generated and costs incurred not only in the annual balance sheet but also in a periodic fashion further justifies that the corporate governance is critically dependant on finance.
The infrastructure in this context is not just the furniture and desktop computers that are used to accomplish the day-to-day business process but mainly the infrastructure that handles the finance and finance related information and activities. These include the software and hardware systems that hold the information on the finance and also those infrastructure elements that contribute to the generation of revenue in the first place. Denzil Watson and Tony Head (1998) further argue that the infrastructure in a corporate governance context also includes those that accomplish the effective auditing process and also the infrastructure elements that contain critical information on the finance and billing.
Alongside, the infrastructure not only provides support to the finance and billing in an organization but also mainly contributes to the efficient retrieval and storage of the information (discussed in next chapter) and also supports the financial decision b=making in terms of corporate communication and deciding upon the allocation of finance for further development within the organization.
This further justifies the fact that infrastructure in a corporate governance context not only includes the storage and retrieval system (electronic) but also includes those infrastructure that actually processing the payments made by the customers to the organization and the expenses of the organization in order to run the day-to-day business.
Communication is critical for corporate governance because of the fact that only through the effective communication of the information to the audit committee, the organization can gain reliability and provide concrete information in their corporate governance. Since the corporate governance is predominantly the managing of the senior management of the organization and is derived from the process of auditing and verifying the activities of the company in every segment of the organization (including Human Resource and Finance) makes the communication a critical element for the smooth operation of the business. Furthermore, the communication also plays the vital role of communicating the information to the external world.
The aforementioned elements of the corporate governance are mainly in line with the day-to-day business process of the company itself. In order to maintain the accuracy of the corporate governance and increase the transparency as well abide by the regulations of the Securities and Exchange Commission, corporate governance consists of the following committees as identified by The Business Roundtable of UK (2004).
2.3.1: Audit Committee
According to the Securities and Exchange Commission it is mandatory for every publicly owned company to have an audit committee comprised of solely independent directors. This makes it clear that auditing is the heart of corporate governance and the accuracy of the entire business process will be accountable to the audit committee. Furthermore, the audit committee is also responsible for verifying and checking every aspect contributing to the business and the financial performance of the organization hence making it a critical element of the entire corporate governance itself. Alongside, it is also imperative that the independent directors belong to various segments of the business and also that the committee should comprise of non-executive directors for the purpose of accomplishing the consistency in the operation itself.
This further justifies that that audit committee is responsible for justifying the accountability of the organization.
The Securities and Exchange Commission clearly states that the audit committee should comprise of at least three members (directors) of the audit committee should be independent of the entire organization and should not participate in the management of the business directly or indirectly. These directors are called the non-executive directors as discussed above and they are appointed mainly to provide unbiased assessment on the business operations so as to clearly establish the business process and accountability for corporate governance of the organization.
Denzil Watson and Tony Head (1998) say that even though it is not expected out of an independent director to have comprehensive financial knowledge it is essential for the non-executive directors to possess the fundamental knowledge on finance and its relevance to the business itself. They further argue that the directors in the audit committee should be able to conduct the auditing process with a critical eye to identify any flaws in the business process or the methodology of the organization in order to judge the company’s financial performance.
Even though, auditing is predominantly related to the finance and revenue of an organization, the other elements like information technology, human resource and infrastructure discussed above are also judged by the audit committee which is the reason for accommodating the directors in the committee from various fields of specialization in order to provide critical suggestions and provide accurate assessments upon the performance of the organization itself.
In order to accomplish the aforementioned tasks the audit committee comprises of the following
Risk Profile: The risk profile is maintained to monitor the corporate risks as well as the risks local to the committee itself. The Business Roundtable (2004) argues that the risk management is essential for the committee mainly to identify the risks associated with the business itself in order to efficiently manage the committee itself. The risks in this contest is mainly the risk associated with a committee member providing a biased judgement or an inaccurate judgement due to his consideration will eventually affect the entire auditing process itself. This is the main reason for the presence of non-executive directors who are expected to review every decision made by the committee.
Outside Auditors: The outside auditors are employed mainly to accomplish auditing process in an unbiased fashion in specialist areas like information technology etc where the external auditor employed will be accountable for the auditing of specific segment of the business. The audit committee is responsible for monitoring the efficient performance of the auditors and also manage the overall process of auditing in the organization. The decision of the audit committee is based upon the results produced by the outside auditors with respect to the areas they were employed to audit within the organization and hence the choice of the auditor is decided by the committee itself.
Independent operation: The audit committee operates independent of the entire organization. This is primarily to accomplish unbiased judgement by the committee and also enable the committee to perform effectively without being disturbed by the day-to-day business issues.
2.3.2: Corporate governance Committee
Apart from the process of auditing which is very essential for corporate governance, it is also essential to have a corporate governance committee, which is central to the entire board of the organization. The Securities and Exchange Commission also states that it is mandatory for every publicly owned company to have a corporate governance committee that makes the decision and performs the overall management and accountability of the corporate governance for the organization itself. The corporate governance committee is also called the nominating committee that is responsible for nominating the directors under various committees that support the corporate governance like the audit committee discussed above. Also, the corporate governance committee is responsible for the nomination and management of the directors of the company itself who are accountable to the audit committee during the audit process. Like the audit committee, the corporate governance committee must also comprise of independent directors only. The Securities and Exchange Commission further expects the corporate governance committee to comprise of non-executive directors like the audit committee for the same reason as in the case of the audit committee. The Business Roundtable (2004) further argues that the fact the independent directors in the corporate governance committee reinforce the idea that the governance process of the organization is unbiased and reliable.
Apart from the above functions the corporate governance committee also has the responsibility of safeguarding the independence of the board in order to effectively assess the performance of the company against the set norms and also establish the accountability for the activities of the organization. Another major function of the corporate governance committee is to oversee the corporation and review the organization’s process of providing information to the board in order to conduct the auditing process effectively.
2.3.3: Compensation Committee
The compensation committee performs the critical part for monitoring the compensation provided to the board and the senior management of the company. Like the audit committee and the corporate governance committee, the compensation committee should also comprise of independent directors are it is essential for any publicly owned company as stated y the Securities and Exchange Commission.
The committee not only decides the compensation for the senior management but also decides the allocation of revenue for compensation to the entire company itself that comprises of all the staff members other than the directors and senior management.
The committee also performs the essential action of monitoring the compensation for the senior management based upon the results from the auditing and corporate governance committees.
The committee is expected to work closely with the other two committees for gathering the information to decide upon the compensation for the senior management but the decision of the committee is not influenced by the other committees of corporate governance in a publicly owned organization as stated by The Business Roundtable (2004).
The committee also creates the overall compensation structure for the entire organization and the decision made by the committee is completely independent.
Alongside, the members of the committee should also compris