Over the past ten years we have been exposed to a series of financial scandals. The effect has been catastrophic and society has required regulation to restrain corruption. In 2002, the USA senator Paul Sarbanes and Representative Mike Oxley sponsored the Public Company Accounting Reform and Investor Protection Act. It is generally called the Sarbanes-Oxley (SOX) Act and was put in place in order to regulate the accountability of financial reports and prevent risks occurrence However, the deployment of SOX compliance costs a lot of money, resources and efforts. It not only affects the finance department, but also the information technology (IT) department. The risk prevention and cost concern of SOX Act will be described in the first paragraph; the pros and cons of process control, documentation and responsibility will be discussed in the next; the strengths and drawbacks of security control will be indicated after that; then the challenge of an IT department for SOX compliance will be examined. Finally, a case study on the Enron scandal will be introduced. This essay will help prove that the SOX system is worth the price despite certain drawbacks and discuss how an IT department meets the compliance.
It is worth preventing potential risks by effectively performing the SOX regulation in spite of extra costs and workload. To begin with, SOX Act provides a guideline of internal control for financial statement to prevent any potential risk, all the financial events and accounting activities will be managing by this mechanism. Thus, the financial statements would be more accurate and reliable (Anand 2006: 2). In addition, through regular internal and external auditing to ensure there has no unscrupulous behaviors in the financial operations. Consequently, the potential risks can be minimized and unethical behaviors can be prevented and deterred. However, the finance and IT departments must budget the expenditure of SOX implementation at the beginning and also need to pay external accounting firms for regular examinations every year. The estimation of its cost was around USD 91,000 with an extra 383 man hours in 2003, and the cost is still increasing every year (Jahmani and Dowling 2008: 59). Staffs have an increased workload by collaborate with consultants for the auditing. Those employees not only have to document routine activities, but also need to prepare a lot of evidences for auditors’ investigation. Although employees may suffer through these additional tasks, some unexpected benefits will be gained from them as well.
The transparency of documentation gives a company more integrity even though some process changes are required. The standard operating procedure (SOP) of each department must be documented, especially for those operations involve to financial activities and SOX compliance. Namely, the internal or external auditors will investigate any potential risk of process control according to the documentation. It is thought that the establishment of SOP and documentation would be an advantage to companies, because it demonstrates the system of a company and employees are easy to follow, and it also improves the effectiveness and efficiency of business process. In addition, the segregation of duties is also a critical control point to the SOX compliance for the risk prevention (Anand 2006: 53). Employees are required to request accounts to the system administrator according to their responsibility, and other colleagues are disallowed to process information systems through other people’s system accounts. Thus, every single detail is filed into the information system with regular backup solutions. It provides the traceability for auditors investigating any suspected issues. Conversely, companies may need to change business process flow and modify related system flow in order to align with SOX Act guideline. They must pay extra costs of business process re-engineering and IT staffs must enhance information system to meet those requirements as well.
The regulation of security control will avoid inappropriate behaviors happening although employees may feel frustration. The IT department performs a very important role to assist and reduce the effort of manual jobs. However, they usually have more authorities in system to support user needs. For this reason, IT members are also divided into different roles, and those roles are usually separately assigned into server, database, security and application systems. Every change and modification must be approved and documented into the system. Moreover, those changes must be regularly reviewed by the management team in the change management meeting (Sentt and Gallegos 2009: 408). Thus, it will be more safety and the risk of system change can be diminished. In sum, employees have clear understanding of their roles and their performance can be easily traced from the information system. Potential risks can be also minimized by the restriction of system design and security control. Despite this benefit, more staffs may need to be hired to prevent the conflicts of job duties, because employees cannot validate the rule of segregation of duties. Finally, owing to those complicated restrictions of SOX compliance regulation, employees may feel frustrate of against rules. They may prefer focusing on their routine tasks rather than extending their capability to involve another area because of risks taken.
IT department often plays an important role of implementing SOX compliance for the information system perspective. There are some approaches suggested for an IT department to cope with the challenge of SOX compliance. To begin with, a sophisticated information system is fundamental in implementing SOX compliance. The Enterprise Resource Planning (ERP) system automatically calculates financial reports and its operations usually can meet Sarbanes-Oxley Act requirements (Pathak 2005: 72). Next, the system change and program version control are also mandated. Therefore, the introduction of a change management system would be helpful for executing these changes. In addition, cross check of those changes would help companies prevent any unexpected disaster as well as some frauds in purpose. Furthermore, system logs, backup solutions and security controls are also critical for an IT department meeting the criteria of SOX implementation. Ultimately, documentation is a basic element for the success of SOX compliance implementation. Therefore, system manuals, user manuals, transaction logs, security control sheets, schedule jobs and change request logs must be archived and categorized in the file system. In short, as long as IT department follows above guidelines, then it will not be difficult to meet the challenge of implementing the SOX compliance.
Let us now look at the Enron scandal, a crucial example not least because of its impact on the USA government and society. The aftershocks were felt globally. Enron was an energy company which supplied electricity and gas in the USA. This company was also providing bandwidth service, paper and metal commodities. However, those investments seemed not successful and profitable. Enron therefore had created a lot of overseas special purpose entities for hiding Enron’s losses on their financial reports, and it had also created the illusion of profitability which was actually losing money. Besides, Enron’s audit firm Arthur Andersen had a long term relationship and it assisted Enron to hide losses by destroying related documents. Eventually, their conspiracy was exposed to society due to revelation of a huge amount of undisclosed losses – USD 586 million. The stock price had a dramatic fall from approximately USD 90 dollars to 30 cents. Finally, Enron was filed bankruptcy in 2002 (Welytok 2006: 26). People should learn the harmful from this incident, particularly the US government and the entire corporate must prevent such kind of scandal occurring again. Therefore, the implementation of SOX Act would be a good approach to curb corruption. The evidence shows that implementing and sustaining SOX compliance could minimize fraud or crime risk up to 95 per cent of a company, if that company performs it appropriately and effectively(Anand 2006: 196). It demonstrates the significance and effectiveness of SOX compliance.
In conclusion, there are several advantages and disadvantages for implementing SOX compliance in companies. First, financial reports would be more transparent and reliable through auditing controls, and potential risks will be reduced. Next, both companies and employees will benefit from the creation of documentation. Because it meets SOX compliance and helps employees understand the business processes. After that, it is more safety for the restrictions of system account and authority, and those possible swindles would be minimized. Conversely, there are some disadvantages of SOX compliance to companies. First, SOX compliance implementation will cost a lot of expense, and companies have to budget for SOX auditing every year. In addition, the processes change of a company is inevitable to conform to the guideline. Furthermore, employees may lose their enthusiasm for job due to the limitations of SOX Act, employees would become frustrated of involving the other areas. Finally, some strategies are advisable for IT department implementing the SOX compliance. For instance, a sophisticated ERP system can be easier to adapt the change of SOX compliance implementation; change management and version control must be under controlled; preparing all documentations as possible as you can. Above all are basic elements for the success of SOX compliance implementation.
Anand, S. (2006) Sarbanes-Oxley guide for finance and information technology professionals. New Jersey: John Wiley
Jahmani, Y. and Dowling, W. (2008) ‘The impact of Sarbanes-Oxley Act’ Cluteinstitute-Onlinejournal [online] 6(10), 57-66. Available from [26 August 2010]
Pathak, J. (2005) Information Technology Auditing – An Evolving Agenda. New York: Springer
Sentt,S. and Gallegos, F. (2009) Information technology control and audit(3dn). Florida: Taylor
Traditional Costing Methods vs Activity Based Costing (ABC)
In this report I will attempt to discover whether it is feasible as a company to change the Traditional methods of costing we currently use to the more modern Activity Based Costing methods, looking at the benefits and drawbacks of changing and whether it is worth implementing these new costing methods to our company as a whole.
Introduction / Background
As a small local engineering firm we currently use the Traditional costing method where we apportion Production overheads on the basis of direct labour hours. Does this give a fair and accurate representation of the true cost of expenditure each product consumes or should we as a company convert to the Activity Based Costing system or ABC as I will refer to it from here in, where we first assigns costs to the activities that are the real cause of the overhead and then assign the cost of those activities only to the products that are actually demanding the activities. Would this give a fair and more realistic look at the way we cost jobs. In this report I will look at both methods and determine whether we as a company should change the way we cost our jobs and if we do change to the ABC method of costing, what the conditions are of implementing this to us.
Traditional Costing Methods
Currently we adopt the more traditional way of apportioning our production overheads which involves the overhead rate being calculated using direct labour hours, machine hours, or units, in our case using direct labour hours. The advantages of using this system are:
Simplicity – the calculation of overhead rates is relatively straightforward;
They are widely understood in business;
They are not expensive to operate;
Until the late 1980s they were seen as fairly accurate;
They are still being used after many decades.
The weaknesses of traditional costing systems are:
Their reliance on arbitrary rather than cause-and-effect allocation of overheads;
Their inability to give accurate product costs in multiproduct companies;
Their failure to analyze non-manufacturing costs.
(“Traditional costing system.” A Dictionary of Business and Management. 2006. Encyclopedia.com. 19 Nov. 2010 . )
Currently using the traditional method of cost accounting we are allocating the factory’s indirect costs to the items manufactured on the basis of direct labour hours, By using only labour hours to allocate the manufacturing overhead to products, we are implying that the labour hours are the underlying cause of the factory overhead. Traditionally, that may have been sufficient for the company’s external financial statements. However, in recent decades the manufacturing overhead has been caused by many other factors. For example, some customers are likely to demand additional manufacturing operations for their products. Other customers simply want great quantities of product.
If we want to know the true cost to produce specific products for specific customers, the traditional method of cost accounting is inadequate. ABC was developed to overcome the shortcomings of the traditional method. Instead of just one costing such as labour hours, ABC will use many costings to allocate our indirect costs. A few of the costings that would be used under ABC include the number of machine setups, the pounds of material purchased or used, the number of engineering change orders, the number of machine hours, and so on.
So do we continue to use this system because it is simple to use and has been used for decades or do we want a more accurate analysis and breakdown of the way we allocate costs.
Activity Based Costing (ABC)
Activity-Based Costing (ABC) is an Information System developed in the 1980s to overcome some of the limitations of traditional cost accounting and to enhance its usefulness to strategic decision-making.
ABC systems are designed and implemented on the premise that products consume activities, activities consume resources and resources consume costs (Sprow, 1992). ABC systems assign costs to activities based on their consumption of resources, and then activity costs are assigned to products or services in proportion to a selected measure of their individual workloads (Anderson, 1993; p. 7). ABC systems examine all processes (or activities) that are actually relevant to the production of a product and attempt to determine exactly what portion of each resource is consumed i.e. which activity a particular product uses.
(M. Gupta, K. Galloway / Technovation 23 (2003) 131-138)
Why the need for ABC, you may ask;
Nowadays managers are facing global competition and increased productivity in new manufacturing environments. Companies attempt to become customer focused and concentrate on quality products at competitive prices. Under these circumstances, many firms are interested in determining various costs more accurately with the objective to integrate manufacturing and marketing strategies. Various costing systems are used to provide an increased accuracy about product costs, product mix, pricing and other investment decision- makings. Some experiences reveal that the distortion in reported product costs and, in turn, product pricing could be reduced by using activity-based costing (ABC)
(A. Gunasekaran, M. Sarhadil Int. J. Production Economics 56-57 (1998) 231-242)
What are the benefits then of this new and modern way of costing, is it really the way forward for us.
It won’t eliminate costs but it will give us detailed information about the way we are consuming them, thus helping us to isolate problem areas with the view to rectifying why the costs are so high in these areas.
ABC costing is a good tool where different customers require different needs.
It’s an unwritten rule respected by many in the business world that you generally treat your best customers the best. The problem is, do you really know who your best customers are, or do you think you know? The majority of business people have the false perception that the best customer is the one that accounts for the largest portion of your income every year. This is not always the case for the simple reason that the same customer may be responsible for the biggest part of your expenses also. Studies have shown that 20% of all customers virtually provide all the profits of a company. Another 60% break even and the remaining 20% only reduce the bottom line. Wouldn’t it be nice if you had the names of that 20% of headache-inducing customers that are literally more trouble than they’re worth? To determine how much a customer is costing you, you must first identify the activities that relate to each customer and determine the total cost absorbed by those activities. These activities or “cost drivers” should be considered then to measure the level of activity absorbed by each customer. The ultimate purpose of implementing ABC is to separate these activities into individual cost drivers. Then, all you have to do is measure each customer’s participation in the specific cost.
(The ABC Portal is © 2002 Offtech Computing Pty Ltd.)
So with our customers’ needs being different in terms of specific shelters and designs we could cost jobs more accurately to each customer.
Looking at the draw backs to the ABC costing system, we would have to take into account the data collection process for this new system could prove to be very time consuming along with the capital expenditure on this new system and its subsequent running costs. Employee resistance must also be taken into account. This is a major obstacle in implementation of an ABC system. Such resistance is natural as the most common objective is to give a reduction in overhead costs, and in almost all circumstances this could result in a reduction in personnel.
So to break it down the advantages and disadvantages of ABC are;
The main advantages:
Assesses costs of individual activities, based on their use of resources
Enables accurate costing of all activities to be obtained throughout an organisation.
Easy to identify where high (and low) costs are being incurred and the cause.
A valuable tool for both business and process improvement
Helps with future product planning e.g. the cost of all activities associated with a product or service can be accurately determined before it is launched. This can then help with determining pricing, and any associated expenditure.
It may be difficult to set up and establish, particularly if an organisation is using more traditional accounting methodologies. (barriers to change)
Can be time consuming if all activities are to be costed
May provide too much detail – obscuring the bigger picture.
Can lead to employee and possible management disharmony.