The internal control practice of separation of duties failed to prevent the fraudulent reporting by not separating the duties necessary to complete a task and assigning the separated duties to two or more employees (Edmonds, Tsay, & Olds, 2011). Separating duties to two or more employees would reduce the opportunity for an employee to defraud the organization (Edmonds, Tsay, & Olds, 2011). Although the CEO and CFO of Automation Company were aware the controller was reporting fraudulent revenues, by using separating duties, the fraudulent act would have required collusion between the controller and other employees to make up the numbers (Edmonds, Tsay, & Olds, 2011). The Sarbanes-Oxley (SOX) Act of 2002, holds the chief executive officer (CEO) and the chief …show more content…
The SOX act requires that larger organization’s control of financial reporting be subject to external audits by independent auditors, as well as quarterly reviews (Kitching, Pevzner, & Stephens, 2013). The SOX act charges the CEO and the CFO with the ultimate responsibility for accuracy of the organization's financial statements (Edmonds, Tsay, & Olds, 2011). Although the organization’s lower level managers will likely prepare the annual report, the CEO and the CFO are required to review the report and certify to their knowledge that the report does not contain false statements or any omissions (Edmonds, Tsay, & Olds, 2011). SOX requires management of an organization to create a code of ethics and to file all reports using this code (Edmonds, Tsay, & Olds, 2011). Finally, SOX demands that management of an organization establish a hotline for anonymous reporting of fraudulent activities (Edmonds, Tsay, & Olds, 2011). Further, SOX prohibits organizations from punishing whistleblowers, employees who legally report an organization’s misconduct (Edmonds, Tsay, & Olds,