SOX 404(b) Audits: Evidence from Auditing the Financial Close Process of the Accounting System
Journal of Information Systems
Auditing Standard No. 5 requires that auditors integrate their evaluation of large issuers' internal control over financial reporting (ICFR) into their financial statement audit process, but the PCAOB warns that auditors may not adequately test related manual and systems internal controls. We use a multiple method approach to examine how auditors evaluate one important component of ICFR, the financial close process, and whether they evaluate it differently when conducting an SOX 404(b) integrated versus a financial statement audit. Interviewees relied heavily on walkthroughs, and tended to perform only cursory reviews of entity-level controls related to the financial close process. In addition, they often fail to test the link between the general ledger and supporting systems, including evaluating related access controls. Financial statement-only auditors are more likely to re-perform key controls than rely on cursory walkthroughs. Auditors performing integrated audits appeared to over-rely on ICFR findings when conducting financial statement audits.
Janvrin, Diane J., Maureen F. Mascha, Melvin A. Lamboy-Ruiz.
"SOX 404(b) Audits: Evidence from Auditing the Financial Close Process of the Accounting System."
Journal of Information Systems.
doi: 10.2308/isys-18-055 source: https://doi.org/10.2308/isys-18-055