The Sarbanes-Oxley Act (SOX), established in 2002, was developed to provide specific compliance rules related to financial decisions. Businesses must control and regulate their operations according to the current legislation. The compliance-related process has impacted numerous organizations, including Trinity Industries. Hence, this paper aims to trace the company’s development under the act’s influence and identify the material weakness, internal controls, and success factors.
The compliance journey of Trinity Industries began in 2007 after the introduction of SOX to the company. Before the implementation of the act, the organization passed its own audit. As a result, Trinity Industries faced severe challenges due to the new standards (Schultze, 2011). However, their first years of SOX compliance were successful for several reasons. First, as shown in Figure 1, the financial divisions were united into one centralized department since the beginning of the act’s implementation. Second, Oracle Financials saved almost half a million dollars from Trinity’s budget by replacing the four ledger packages of the company (Schultze, 2011). The last factor contributing to the organization’s success was creating an accounting service center. As shown in Figure 1, these elements were critical to the company’s prosperity during the first years of compliance.
Internal control is the most critical part of the modern management system, which allows for achieving the goals set by the owners with minimal costs. It can be defined as a system of financial and other control organized by management to carry out an orderly and efficient company operation. The internal control system has five interrelated components: control environment, risk assessment, control activities, information and communication, and monitoring (“Auditing standard no. 5,” 2016). The control environment is a fundamentally important factor that provides discipline and structure and encompasses technical competence and ethical commitment. Risk assessment is essential to enable the company’s management to plan its activities in light of high-risk areas. This key indicator helps a company evaluate its investments and guards against significant losses. Control activities help ensure effective risk response and include policies and procedures, approvals, authorizations, reviews, reconciliations, asset security, and segregation of duties. Part of the information and communication is needed to determine the effectiveness of communication both internally and with other companies. Finally, part of monitoring is needed to determine the effectiveness of internal controls or find errors in them before they can affect the company’s operations.
Among the standards in the definition of Material weaknesses, for example, are the following: The auditor should assess how the auditor’s unfavorable assessment of internal control affects the auditor’s assessment of the financial statements. The auditor should also declare if the negative assessment of internal control over financial reporting has any bearing on his or her evaluation of the financial statement (“Auditing standard no. 5,” 2016). Besides, if the auditor finds deficiencies that lead to material weaknesses, in that case, the auditor will be required to express an unfavorable opinion on the company’s internal controls, with the auditor detailing the deficiency if it is not included in the management report. In the case study, the material weakness is the absence of proper inner inspection of monetary procedures resulting in large-scale fraud and a decline in productivity (Schultze, 2011).
Despite the company’s success during the first years of SOX compliance, several specific material weaknesses were recognized. For example, the second year of the standards’ implementation revealed the necessity of control activities reduction due to the innovative risk approach. It weakened control of ”A” and ”C” systems; however, they could still be tracked on a different database (Schultze, 2011). The other deficiency was the absence of a centralized information system. Its operations were decentralized, and their scope was immense, which created a significant obstacle in gathering data together. Trinity refused to implement an integrated business system, referring to the Y2K scare and the exceptionality of its twenty-two business divisions (Schultze, 2011). Its 67 plants were using a particular application, running on different BPCS versions, for tracing all the financial operations, meaning that there was no single program for calculation (Schultze, 2011). In addition, the corporation faced a lack of control certificates proving that the inspection had been executed. Nonetheless, these challenges did not undermine the company’s prosperity but were instead drivers for development.
PCAOB developed specific guidelines for the notion of a material weakness and how it can contribute to the compliance process. The auditing standard (AS) no. 5 (2016) states that identifying financial misstatement indicates a material fault. Moreover, it points out that it is vital to test the control means to reveal the potential internal inspection limitations and opportunities (“Auditing standard no. 5,” 2016). In the case study, Trinity addressed PCAOB’s risk controls which helped avoid further deficiencies. Hence, early identification of material risks facilitates financial procedures.
Despite all the faults identified, Trinity Industries has succeeded due to its smooth operations flow. For instance, in planning to comply with the SOX standards, the organization reviewed the Oracle Project Success and the accounting service center (Schultze, 2011). In addition, Trinity identifies the reporting procedures in its twenty-two business departments. Moreover, the representatives have successfully purchased the four packages from Oracle Financials, which guaranteed their stability. Once accomplished, Trinity Industries balanced its financial operations, including payrolls and accounting transactions (Schultze, 2011). Its project scoping, documentation of the processes, control redesign, and external audit enabled Trinity to work efficiently.
References
Auditing standard no. 5. (2016). PCAOB. Web.
Schultze, U. (2011). The SOX compliance journey at Trinity Industries. Journal of Information Technology Teaching Cases, 1(2), 91–113. Web.