The present invention relates to the field of software applications generally, and specifically to the implementation of financial applications. The corporate accounting scandals surrounding WorldCom™, Enron™, and Tyco™ spurred the passage of the Federal Sarbanes-Oxley Act of 2002 (sometimes referred to herein as “the Act”) in the United States. The Act creates an obligation for officers of certain companies to warrant to their shareholders the accuracy of the company's accounting information, place the control in place to safeguard the assets of the company, and assure the validity of the financial statements. Although these obligations previously existed in some weaker form in the United States, the advent of the Sarbanes-Oxley Act makes these obligations much stronger.
To ensure reliable financial reporting and compliance with laws and regulations, services provided to an enterprise by auditors and/or vendors providing non-audit services are of particular concern under §§ 201 and 202 of the Sarbanes-Oxley Act. For example, § 201 includes a list of non-audit services that cannot be provided an enterprise by their public accounting firms who have provided audit services under the Act. This prohibition removes any temptation from auditors to compromise their non-audit opinions for the sake of maintaining other business with the enterprise. Example categories of prohibited non-audit services include: bookkeeping or other services relating to the accounting records or financial statements of the audit client; financial information systems design and implementation; appraisal or valuation services, fairness opinions, or contribution-in-kind reports; actuarial services; internal audit outsourcing services; management functions; human resource services; broker/dealer, investment adviser, or investment banking services; legal services; expert services unrelated to the audit; and any other service that the Public Company Accounting Oversight Board (PCAOB) determines by regulation to be impermissible. These non-audit services cannot be provided to the enterprise by the auditors even with approval of the audit committee.
Further, § 202 of the Sarbanes-Oxley Act states that all auditing services and non-audit services, that are not de minimus, must be pre-approved by the audit committee of the enterprise. The auditing committee is able to establish policies and procedures for pre-approval, provided these policies are consistent with the Sarbanes-Oxley Act. By prohibiting appointed auditors or vendors that provide audit services to an enterprise from concurrently providing non-audit services to that enterprise, any temptation is removed for the auditors to compromise their opinions for the sake of maintaining other business with the enterprise.
Furthermore, by requiring an enterprise's audit committee to pre-approve all services provided by their auditors, a contract for any of the prohibited purposes will be a contract without lawful purpose, and is therefore ultra vires (from the Latin “beyond the power”—referring to acts beyond the scope of the corporate charter), such that the contract is void. Any monies paid to the audit firm for prohibited non-audit services and/or services not explicitly authorized by the enterprise's audit committee must be returned to the enterprise. Further, any non-prohibited service that has not been pre-approved may not be able to be relied upon, such that the work may need to be redone.
Previously, compliance with this portion of the Sarbanes-Oxley Act required manual oversight of business processes such as whether to allow a service to be performed by a particular firm, obtaining pre-approval, issuing purchase orders, and accounts payable. Such an approach is both expensive and time consuming, and provides opportunity for human error.
It thus is desirable for an audit system to automatically monitor business processes for prohibited transactions. It is further desirable for an audit system to automatically seek an audit committee's approval for transactions as required. It is also desirable to obtain the pre-approval information, such as date of approval, before executing a contract with an audit firm. It is also desirable for an audit system to prevent approval and/or payments for non-audit services without approval from the enterprise's audit committee and to request refunds for prohibited services that were erroneously paid for.