The Impact of Sarbanes ‐ Oxley on Auditing

: The Sarbanes-Oxley Act has imposed a very large number of compliance requirements on public companies in the United States and has had a non-negligible effect on the rest of the world, promoting the progressive development of internal controls in companies around the world, while also imposing more stringent requirements on CPA’s as well.


Introduction
The Sarbanes-Oxley Act ("SOX"), or the Public Company Accounting Reform and Investor Protection Act of 2002, was introduced by Senate Banking Committee Chairman Sarbanes and House Financial Services Committee Chairman Oxley [1].SOX builds on the US Securities Act of 1933 and the Securities Exchange Act of 1934 and is designed to better reflect the state of society's capital markets The SOX Act is based on the US Securities Act of 1933 and the Securities Exchange Act of 1934, with innovative changes to better reflect the state of the social capital markets.
This Act imposes a very large number of compliance requirements on listed companies in the US, increasing the board of directors' supervision of the company's internal affairs and management's responsibility for the company's internal affairs, as well as enhancing the difficulty of listing in the US for other companies wishing to go public, and to a certain extent safeguarding the stability of the US economy; and obliges listed companies to consider the various risks within the company, strengthen the governance of the company and create a good corporate environment and market atmosphere. It has also brought about a non-negligible effect on other countries around the world, and internal control has gradually developed in global enterprises. As the Sarbanes-Oxley Act has been a milestone in corporate governance and supervision, scholars at home and abroad have referred to the period after the Act as the "post-Sarbanes-Oxley era" [2].
Since the late 1990s, China's Ministry of Finance has promulgated the Basic Standards of Internal Control and a series of specific standards. It should be said that the successive introduction of these standards has played a certain role in strengthening the construction of internal control and improving the management mechanism of enterprises in China. However, as the economic environment changes and new issues arise, the design of a reasonable and feasible internal control system that takes into account the characteristics of the industry and the enterprise, especially the listed company, and its continuous and effective implementation has become a focal point and a difficult issue in internal control practice. The introduction of the Sarbanes-Oxley Act in the United States in 2002 has taken the construction of China's internal control system a step further, drawing on the relevant provisions of the Sarbanes-Oxley Act. It becomes more and more necessary to explore different perspectives on issues related to internal control and internal audit in China.

The financial fraud scandal led to public unrest
In November 2001, Enron, the largest energy company in the United States, confessed that it had used various illegal accounting practices since 1997 to bury its debts and losses in its accounting books through false transactions in its transactions with its related parties, and to falsify its profits through various false accounts, to the extent that it had falsified about $586 million in profits [3]. The company's management made a lot of money, but the shareholders were "cut out of the leeks". As soon as the news broke, Enron's share price plummeted from nearly US$90 to less than US$1, causing a large number of investors to suffer heavy losses. The Enron scandal began with the exposure of more and more accounting scandals in the US, and the stock market was once sluggish, with shareholders on edge and capital market interest declining sharply, causing considerable losses to the US economy. It is no coincidence that in 2003, WorldCom was also expelled from the stock market due to financial fraud, which also brought great damage to the US capital market, and the confidence of shareholders in companies was once again shattered, the CPA profession also suffered from unrelieved suspicion, and the US capital market was once again hit.
After visiting, investigating and studying some 7,000 companies, Weiss Ratings came to the conclusion that more than one-third of listed companies in the US had fudged their earnings through various financial falsifications and had financial problems of various sizes. The conclusions reached by Weiss Ratings led to a sharp decline in public confidence in listed companies and the outbreak of a credit crisis in the capital markets. In addition, a study by the Brookings Institution in the US found that during 2002, the US capital markets were in turmoil due to financial fraud scandals, which caused severe losses to the national economy. The financial fraud scandal not only caused investors to be highly sceptical and resistant to the US capital markets, but also caused the public to question the professional ethics of CPAs. In view of the strong demand from the US Congress, the government and the public, maintaining the stability of the capital market, regaining investors' confidence in the US capital market and strengthening the regulation of financial institutions is a matter of urgency and necessity.

The flaws in the US corporate system itself
The continued revelations of corporate financial fraud show that this is no longer an individual company problem, but it is a flaw in the US corporate system itself. This is reflected in the unbalanced corporate governance structure, the absence of internal corporate controls and the loss of external controls. The US corporate system has been used by many countries as a model to stimulate human creativity, to ensure the continuous development of the company and to adapt to new market developments. The employee stock option incentive system and the CEO system were also seen as the essence of the continued success of US listed companies. However, the sky is unpredictable, the option system on the one hand makes the management for the development of the enterprise liver and brain, so that the rapid economic development of the enterprise; on the other hand, the management also for the enterprise's share price "racked", the share price increases, the more benefits they can get, coupled with the management is very familiar with the internal situation of the company, they can be in the In addition, the management was so familiar with the internal situation of the company that they were able to exchange their options and shares without other investors being aware of them. In this case, even if the company later went bankrupt, there would be no damage to the benefits already gained by management, making what was once a means made by shareholders to incentivise management into their own graves, to the serious detriment of shareholders' interests.
The 1990s were a time of rapid growth for the CEO system, with most companies implementing this model. On the face of it, the CEO is appointed by the board of directors; however, in reality, as the shareholding of listed companies is divided into many shares, making them too fragmented, the CEO in contrast often plays a pivotal role in the election of the chairman of the board. However, under the CEO system, the board of directors is a virtual non-entity and does not play any supervisory role, and the shareholders lose control over the management. As a result, internal oversight is ineffective and management commits financial fraud, accounting falsification and other illegal acts such as whitewashing statements and falsifying profits.
The CPA profession, because of its greater professionalism and complexity, was taken out of the market by the companies and gradually formed a special service industry. In the beginning, accounting firms not only undertook the auditing of listed companies, but at the same time, also provided accounting consultancy services for listed companies. Under this model, CPAs seriously lacked independence and were unable to guarantee the authenticity and reliability of the financial information of audited units. In order to gain a foothold in the market and make certain profits, some of these companies choose to conspire with the audited entity and lose their professional ethics as CPAs. For example, when under judicial review, the audit unit assisted a listed company to commit financial fraud by helping it to burn a large amount of audit evidence.

The main contents of the SOX Act
The SOX Act was introduced in February 2002, when Enron had just filed for Chapter 11 bankruptcy and the financial fraud scandal had not yet broken, so the bill was milder than it would have been later [4].
First, Chapters I-VI regulate the accounting profession and corporate regulatory practices, including: the requirements for the creation of the Public Company Accounting Oversight Board (PCAOB); the requirement for auditors to maintain a certain level of independence; the regulation of corporate responsibility -enhancing corporate accountability and disclosure of financial reports, as well as the regulation of corporate governance structure; and the need for executives to evaluate internal controls. corporate governance structure, limiting the actions of corporate executives, etc.; also lists the need for executives to give an evaluation of internal controls; and also strengthens the SEC's enforcement capabilities by increasing financial allocations and office staff. Secondly, Chapter 7 focuses on research and reporting, which requires that within six to nine months of the Act coming into force, the relevant authorities should submit the required research reports, which can be used as reference documents for the relevant enforcement organisations and as a reference for future legislation.
Finally, Chapters 8 to 11 focus on the criminal liability of the persons concerned (executives, white collars, etc.) for breaches of the law. This section evolved from events related to the accounting fraud scandals that occurred at the time, for example: in relation to Arthur Andersen's burning of a large amount of evidence regarding Enron's audit information, this statute clearly states -the destruction of audit files by senior executives is punishable by up to ten years in prison, and the destruction of files in the context of a federal investigation, or in the context of a corporate bankruptcy audit The Act reinforces the responsibility of company management for financial statements by requiring them to provide assurance of the truthfulness of the financial statements and by imposing criminal penalties of 10 or 20 years for providing false financial reports.

Impact on internal audit
"With the introduction of the SOX Act, which provides more detailed regulations on the internal situation of companies, both internal companies and investors are gradually focusing on the implementation and results of internal audits, stimulating a strong interest in corporate governance, effective regulation and sound internal controls [5]. Internal audit is used by professionals within a company to check whether the internal actions of the company are effective and compliant, and whether the risks of the company can be controlled to a certain extent, so as to improve corporate governance, reduce corporate risks and effectively achieve corporate value and strategic corporate objectives. As such, it has a very important role and is later seen by companies as the first line of defence in monitoring the quality of financial information.
Before 2002, most listed companies conducted internal audits basically focusing on financial and operational audits. Even a decade or so ago, most companies conducted internal audits only to avoid duplication of work with external audits; some companies set up internal audit departments only because they could play a role in the evaluation and monitoring of internal controls. It was only after the introduction of the SOX Act that there was a fundamental change in the market for internal audit, emphasising the status and role of internal audit in the enterprise, which plays a top priority role in the construction of internal control in the enterprise, and also emphasising that internal audit itself is an inherent part of the corporate governance process.
As society continues to develop, the state is placing more and more emphasis on auditing. Companies should actively use advanced computer technology to guard against their security risks. For data security, companies should incorporate current technology to encrypt data information or can use virtual machines to protect the security of these systems. In addition to finding ways to secure them, those involved can also back up data in accordance with guidelines or corporate requirements to avoid data loss. A wellconstructed network firewall will not only improve the security of the accounting information system, but will also further promote the development of accounting information in the enterprise.
The rapid development of network technology has greatly facilitated our daily life and work, but in terms of accounting information security management, the traditional information security protection system can no longer meet the needs of information security defence in the new era, therefore, enterprises need to further increase accounting information security management. Specifically, enterprises are required to strengthen the protection of accounting information systems and the channels and contents of accounting information collection, implement dynamic monitoring, and assign accounting information to different managers for safekeeping and sign corresponding confidentiality agreements, taking into account the importance of accounting information. In addition, the security of the accounting information system should be regularly evaluated, and any abnormalities should be dealt with in a timely manner to improve the system's selfprotection capability.

Impact on CPA audit
Prior to the Enron and WorldCom incidents, the United States, which advocated a free economy, believed that government regulation would reduce the efficiency of the profession and therefore had always adopted a model of less government intervention and non-intervention in the economy [6]. In the CPA profession, in order not to interfere with its free development, a system of complete industry selfregulation was implemented. However, reality struck frequently with the frequent occurrence of financial fraud scandals, and the US government thus had to gradually deepen its regulation of the CPA profession. The outbreak of the Enron series of events also demonstrated the difficulty of ensuring audit quality in the long term without an independent regulator to oversee CPAs and revealed the weaknesses of the US self-regulatory system.
The creation of the Public Company Accounting Oversight Board (PCAOB) marked the end of more than 100 years of self-regulation of the US CPA profession, as the US government formally regulated the CPA profession and strengthened the requirements for the CPA profession. The Public Company Accounting Oversight Board is an independent government regulatory body that can play a role in effectively monitoring the CPA profession and, to a certain extent, ensuring audit quality. The government is a representative of the public interest in society and its can fill the market gap and strengthen the regulation of the CPA profession. In the monitoring of firms, the PCAOB has extremely high power to hold investigations into any professional conduct done by firms and their staff, which is conducive to the enhancement of professional prudence of CPAs and the curbing of audit malpractice.
The Enron and WorldCom incidents have brought indelible marks to the entire capital market, causing heavy losses to investors, dampening investor confidence in the market and even having a very negative impact on the US economic market as a whole. As a result, it has also brought greater attention to CPA audits, which should strengthen the regulatory role of external audits and the re-monitoring of external audit results. the SOX Act has strengthened the impact of corporate financial fraud and audit fraud by accounting firms, increasing the cost and risk of noncompliance and reducing the likelihood of collusion for a portion of companies that want to seek benefits from fraud. It has also rectified the ethos of the CPA profession, paying more attention to its independence and professional ethics, as well as imposing stricter requirements on CPAs.
As the economy develops and technology continues to advance, traditional audit procedures can no longer meet the needs of modern auditing. In the future, we need to combine big data and internet technology to improve the audit process so that we can perform our 'economic oversight' function more easily and safely. In order to keep up with the times, auditors will also need to adapt their concepts and techniques. In addition, thanks to big data technology and information sharing platforms, audit efficiency can be improved and audit costs reduced.
Today, the level of information technology is getting higher and higher, and data and financial information are becoming more and more transparent. At the same time, auditors are required not only to have a good grasp of auditing, accounting and other financial expertise, but also to be familiar with the use of relevant financial software and auditing systems. Although Big Data has many advantages: data mining can uncover valuable information from a large amount of data; data analysis can automatically identify and process structured and unstructured data, etc., there are also various problems, such as the variety of sources of data, the variety of data, and the fact that data is not easy to obtain. There is no denying that the technology has not yet developed to such an extent that we should try to extract more information from the data and develop the habit of thinking more and learning more in our auditing work to enhance our auditing expertise.