The Sarbanes-Oxley Act of 2002 was intended by Congress to improve the accuracy and reliability of financial information disclosed by public companies, in order to protect investors (U.S. Congress, 2002). This law was passed during a period of financial upheaval in the United States (Coates, 2007), which included bankruptcies, criminal fraud, financial irregularities, and investors’ loss of trust. In response, Congress established new rules for auditing and auditors of public companies. They believed that the additional costs incurred in compliance would result in longterm benefits of increased transparency, which would make public companies more attractive to investors.
In the current case, the Wonka Chocolate Company has hired us to evaluate their internal controls regarding compliance with the Sarbanes-Oxley Act of 2002. They would like to create best business practices. Five members of the board of directors own 15% of the company’s common stock. None are accountants. A planned IPO will raise money for new delivery systems. They anticipate this to increase their debt:equity ratio from 1:1 to 2:1, but eventually double earnings per share. Gloop & Company has been the outside auditor. A new computer system provides 24-hour real-time access with improved accuracy. Now most systems and programming have been outsourced to Gloop. Data processing has sped up considerably, with significantly increased oversight. Gloop installed the new accounting system, after which Wonka hired Gloop’s partner, Ms. Salt, as CFO. Mr. Wonka plans to use Gloop again to conduct their external audit. For their internal audit, they have hired the son of the vice president of production, who will report directly to the CFO. A new director has been hired for HR, Ms. Beauregarde, and to save time, she has been given the old director’s access profile. She has established a mentoring program so that HR will learn job duties from experienced staff.

In order to thoroughly evaluate the Wonka Chocolate Company’s internal controls, we will examine the five components of the internal control integrated framework. This framework was designed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), a joint initiative of five major professional organizations representing various financial professionals (COSO, 2015b), so that their guidance will help prevent fraud.

The first component is the control environment (COSO, 2015a). The control environment provides the foundation for internal control by providing its structure and discipline. Wonka has some problems with this foundation. Ms. Beauregarde created an excellent mentoring program; the rest of the company should follow suit. It is very lax, however, to allow her computer access under the name of someone else; this needs to be fixed by IT immediately. According to Sarbanes-Oxley, the board, if it does not have a separate audit committee, must include accountants (U.S. Congress, 2002); the entire board made up of chocolate experts is inadequate; the company needs financial competence there. The board also only meets twice a year; they need to practice far more oversight. The CEO and CFO seem to be adequately knowledgeable and concerned about the financial issues.

The second component is risk assessment (COSO, 2015a). Every company needs to assess risk from internal and external sources. Objectives should be clear, so that the relevance of risks to goals can be determined. Of particular concern is identifying special risks associated with change. Wonka is meeting their responsibility to assess and manage change by modernizing systems to improve their delivery methods and provide them a competitive advantage. Furthermore, they are controlling costs and improving efficiency with new financial systems. It is unclear at this point, however, whether the possibility of competitors mimicking their new delivery services has been adequately evaluated. Were their competitors to respond in kind, the prospect of increasing earnings would diminish considerably.

The third component is control activities (COSO, 2015a). These are policies that help ensure actions are taken to carry out management directives, address risks, and achieve objectives. They include approvals, verifications, security, and segregation of duties. As noted above, some operations at Wonka Chocolate Company have tended toward informal. Nepotism should be discouraged. Closer attention needs to be paid to security issues. As many policies as possible should be standardized and written down for everyone to follow. More formal control will better ensure the accomplishment of objectives, as well as provide better clarity of duties, which will allow for improved accountability.

The fourth component is information and communication (COSO, 2015a). Pertinent information must be identified and received by those who need the information in a timely manner. Information must be provided company-wide, with a clear message that control responsibilities are serious. In the case of Wonka Chocolate Company, the new computerized financial system has improved this area, since data has been made more accurate and accessibility is more immediate. When data has to be processed, these procedures now take place within four days instead of two weeks under the old system. If Wonka continues on this path, they will be very successful in communications.

The fifth and final component is monitoring (COSO, 2015a). Internally, monitoring of performance and quality should be ongoing. Deficiencies at Wonka need to be reported to the executives and/or the board. In addition, companies need regular external audits. Particularly with the company considering accepting new risks by increasing debt, separate audits are required. However, they cannot continue to use Gloop & Company. According to Sarbanes-Oxley, they need an independent registered public accounting firm. Independence means that the auditing firm may not also be providing other services such as bookkeeping, financial information systems design, or internal audit outsourcing services, among others (U.S. Congress, 2002). Also, audit firms must rotate every five years. Conflicts of interest are also to be avoided, such as a new company executive having worked for the accounting firm within the last year. It would be best for Gloop & Company to continue in non-external-auditing roles that they are currently performing so well, and Wonka Chocolate Company can hire an entirely independent registered public accounting firm for their external audits.

Stricter financial control and accountability, a financially aware board of directors, and clarification of objectives and the risks will provide Wonka with more accurate information for the benefit of potential investors. They are not yet fully in compliance with the requirements of the Sarbanes-Oxley Act of 2002, but now have concrete steps that they can take to reach that goal.

References
• Coates, J.C. (2007). The goals and promise of the Sarbanes-Oxley Act. Journal of Economic Perspectives, 21(1), 91-116.
• COSO. (2015a). Internal control – integrated framework. Committee of Sponsoring Organizations of the Treadway Commission. Retrieved from http://www.coso.org/documents/internal%20control-integrated%20framework.pdf
• COSO. (2015b). Welcome to COSO. Committee of Sponsoring Organizations of the Treadway Commission. Retrieved from http://www.coso.org/default.htm
• United States Congress. (2002). Sarbanes-Oxley Act of 2002: Corporate responsibility. Retrieved from https://www.sec.gov/about/laws/soa2002.pdf