While the main purpose of this legislation was to make bribery or facilitating pay-
ments to foreign officials illegal, it had a number of other effects. The legislation
stressed the importance of internal controls and the documentation of policies and
procedures with the objective of detecting illegal payments. The excuse that “man-
agement did not know” was no longer acceptable because the law said you had to
have a system that would let you know. The increased liability led many organizations
to increase the size of their internal audit staffs and to pay more attention to the lat-
ter’s recommendations. Some of this was window dressing encouraged by legal coun-
sel, but many auditors took advantage of the law to improve their own company’s un-
derstanding of the need for a corporate code of conduct and general documentation.
In 1987, the Treadway Commission report was issued. The Commission’s official
name was the National Committee on Fraudulent Financial Reporting. The Commit-
tee was a defensive measure on the part of the U.S. accounting profession that feared
that Congress might enact harsh legislation as a result of a number of corporate fail-
ures related to fraudulent financial reporting. Major conclusions of the Treadway
Commission were that (1) every public company should have an internal audit func-
tion, and (2) there should be a corporate audit committee made up of nonmanagement
directors. These conclusions enhanced the image of the internal audit profession and
resulted in more emphasis being placed on the internal audit function.
The Treadway Commission was supported by the five major accounting organiza-
tions and became known as COSO (the Committee of Sponsoring Organizations).
The Commission’s recommendations included the following:
The Commission recommends that the organizations sponsoring the Commission work
together to integrate the various internal control concepts and definitions and to develop
a common reference point. This guidance would build on the Commission’s recom-
mendations, help public companies judge the effectiveness of their internal controls,
and thus help public companies improve their internal control systems. The sponsoring
organizations should determine the most appropriate means for providing the additional
guidance.COSO eventually came out with a document, “Internal Control—Integrated Frame-
work.” This pioneering document put down in one place a consensus on what con-
stituted a framework for internal controls. It had a significant impact on the auditing
profession because of the clear picture it gave as to management’s responsibilities for
controls. Prior to this document, many business managers argued that they could del-
egate their responsibilities for internal controls to internal auditors. They contended
that the blame for failures was on the auditors for not reporting a missing control.
Added importance was attributed to this document when the national Sentencing
Guidelines made explicit financial penalties that individuals and corporations would
be subject to for not establishing the right control environment. Specifically, failure
to establish the proper environment exposed individuals and corporations to a dou-
bling and more of fines.
During 1999, after much pressure from the Securities and Exchange Commission
(SEC), various organizations changed their requirements for audit committees. Es-
sentially, such committees were in substance expected to exercise a responsible over-
sight function. While none of the literature specifically referred to the assistance that
audit committees should seek from internal auditors, in those companies with exist-
ing internal audit functions, the internal auditors are becoming trusted advisors to the
audit committee of the board of directors.
32 • 8 INTERNAL AUDITING