World Com Case

WorldCom: internal audit lessons to be learnt On June 9 2003, the U. S. Bankruptcy Court of New York issued a report on the WorldCom accounting fraud that expands on the court's earlier findings of mismanagement, lack of corporate governance, and concern regarding the integrity of the company's accounting and financial reporting functions. Supervised by former U. S. Attorney General Richard Thornburgh, the study was commissioned by the court to investigate allegations including fraud, mismanagement, and irregularities within the company.One section of the more than 200-page report, â€Å"Accounting and Related Internal Controls,† details WorldCom's weaknesses in internal and external audit processes. It also expands on the failings within the internal audit reporting structure, where the tone at the top â€Å"fostered an environment to allow the fraud to go undetected. † The report cited a lack of independence in the company's internal audit reporting structure, which w as not challenged by the audit committee or external auditors.Observations on internal audit reporting and processes Internal auditing mission and scope According to Thornburgh's report, internal auditing was focused primarily on maximizing revenue, reducing costs, and improving efficiencies. The group performed audits and projects that would be seen as adding value to the company, rather than monitoring the adequacy of internal controls to reduce risk. It did not, for the most part, trace transactions to the general ledger or verify journal entries that supported financial accruals.Internal controls with an impact on accounting policies were not systematically evaluated or monitored by internal auditing, and findings were not communicated with the external auditors. Thornburgh's report noted that this was a serious weakness in the internal control evaluation process that was not questioned by the audit committee or external auditors. He indicated that internal auditing's narrow foc us may have contributed, in part, to the company's failure to detect some of the accounting improprieties.Management's influence over The internal audit department's mission and scope was not internal auditingtruly independent. In spite of the dual reporting line to the audit committee, the internal audit group reported and answered to senior management, including the chief financial officer and chief executive officer, who were both implicated in the fraud. Thornburgh indicated that the viability of the internal audit department was dependent on the â€Å"whim† of senior management.For years, internal audit leadership sought to gain company acceptance by focusing on value-added audits and projects rather than monitoring the sufficiency of internal controls. Management would assign special, non-audit projects using unscheduled resources, and the internal audit department did not meet its audit plan objectives, in part, because of the time and resources devoted to these projec ts. Lack of budgetary resources seriously Internal audit resources were insufficient in comparison to impacted the internal audit function peer companies.The audit committee failed to follow through on discussions with internal auditing about the adequacy of staff. WorldCom's internal audit department was half the size of internal audit departments in peer telecommunication companies, according to the 2002 Global Auditing Information Network study, conducted by The Institute of Internal Auditors. The Thornburgh report concluded that internal auditing's limited resources were inappropriate from an internal control perspective, given the international breadth and scope of the company's operations and challenges.Lack of substantive interaction with After 1997, internal auditing had little interaction with the external auditors company's external auditors, other than at quarterly audit committee meetings where both gave presentations. The external auditors did not receive internal audit reports and did not rely on internal audit work in their audits. Even though internal auditing identified internal control weaknesses in its final reports, there was no coordination with the external auditors to ensure that those weaknesses were not material, because the external auditor would report no material weaknesses in its own audits.No one confirmed whether or not the internal and external auditors were communicating about such issues and analysing the materiality of the weaknesses identified by internal auditing. Deficiencies were noted in the annual The risk assessment used during the internal audit planning internal audit planning process process did not involve quantitative factors to measure risk with respect to internal control weaknesses or prior audit findings. The level of risk was determined by assessing whether or not the audit would add value, i. . , enhance revenue or detect significant cost savings. If an audit area's level of risk did not meet these criteria, the audit would be considered low risk and would not be performed. Deficiencies were noted in the Thornburgh was concerned by the influence of management internal audit process and on the conduct and scope of internal audits as well as the the completion of audit reportsfinal reports. From the inception of the internal audit department — in or about 1993 — until January 2002, nternal auditing did not have uniform internal procedures relating to the conduct of audits, preparation or retention of reports and associated work papers, compilation and dissemination of management's response to recommendations, conduct of follow-up audits, or steps to address repeated failure to take corrective action. Thornburgh found no explanation why uniform procedures were not developed prior to January 2002. In addition, he found unwarranted influence by management in the preparation of final audit reports and recommendations.He felt that the language of many audit reports appeared to b e negotiations between the internal auditors and management. In addition, management's responses were not always presented to the audit committee. The report did note that internal auditing appeared to have performed its responsibilities diligently, given its limited resources and management pressures. Most internal audit reports identified internal control weaknesses, and many highlighted weaknesses identified in prior audits that ere not corrected to the satisfaction of the internal audit department. Internal audit improvements The internal audit department made several changes to improve the internal audit function in the company since the 2002 financial restatement and the adoption of the Sarbanes-Oxley Act of 2002. Internal audit management: †¢Increased staff by adding 12–15 auditors who are licensed certified public accountants, and anticipates hiring approximately 10 additional auditors. Strengthened training by requiring each professional staff member to obtain 8 0 hours of continuing education annually. †¢Added financial audits to the audit schedule, in addition to operational audits. †¢Created an internal audit team to task with the external auditors in connection with financial audits, communication, and planning. †¢Strengthened the risk assessment methodology to include an evaluation of materiality, audit frequency, changes in internal controls, and concerns by management, the audit committee, and the external auditor.