By Drew Crandall, Principal, Marketing & Customer Service, Lord & Benoit
When this bold experiment in freedom called the "United States" was created, our founders knew that the first form of government was self-government. To be the land of the free required all citizens to govern their own behavior. Freedom was not open-ended; it came with responsibility. Our founders understood that, to the degree that citizens could not self-govern their own behavior internally, then external government would have to step in and govern their behavior.
From the beginning, our culture and economy were founded on a foundation of trust.
The word "trust" meansfirm belief or confidence in the honesty, integrity, reliability, justice of another person or thing. If you trace the genesis of the Sarbanes-Oxley Act of 2002 (SOX), the root cause was that some high-level executives at very large, influential, and powerful publicly held companies such as Enron, Global Crossing, and World Com broke employee, investor, and public trust, big-time. Although they were responsible for good stewardship of investor capital, these public companies did not self-govern themselves well; instead, they perpetrated accounting frauds that hurt millions of people. Had these corporations behaved themselves, SOX would not exist today.
Here we are eight years later, and in the wake of more economic turmoil, we are once again trying to rebuild our wounded economy.
What is the positive connection between fixing our economy and SOX compliance?
It boils down to building trust in the soundness of our financial reporting system. The four main pillars of this system are:
- Strong internal controls
- Auditor independence
- Accounting education
- The integrity of financial reporting
To rebuild a healthy economy, these pillars are essential for proper implementation of accounting standards. In order to assure the soundness of our financial reporting system in 2010 and beyond, the federal government is drawing its line in the sand with SOX compliance. SEC Chairman Mary L. Schapiro recently stated, "since there will be no further Commission extensions (beyond June 15, 2010), it is important for all public companies and their auditors to act with deliberate speed to move toward full Section 404 compliance." Commissioner Luis A. Aguilar recently said, "The Commission is for the first time resolving that uncertainty by making it clear that all public companies, regardless of size, will be required to comply with Section 404B of the Sarbanes-Oxley Act." According to Thomson Reuters, the management reports on internal controls filed under Sarbanes-Oxley Section 404a will be classified as filed rather than furnished to the SEC. This will cause non compliance with 404a to become a legal liability.
A sound financial reporting system starts at the top.
In any organization, integrity and ethical standards are set at the top. The Council of Better Business Bureaus, based in metropolitan Washington DC, understands the importance of trust. Its newest slogan, Start with Trust, is resonating with stockholders and consumers who are tired of the financial smoke-and-mirrors.
As CPAs seek to provide clients with wise counsel, they should be asking clients these foundational questions from the COSO Framework for management, boards, audit committees and all employees (COSO is the Committee of Sponsoring Organizations of the Treadway Commission, providing guidance on, among other things, business ethics and internal control):
- Has top management developed a clearly articulated statement of ethical values that is understood at all levels of the organization?
- Are processes in place to monitor adherence to principles of sound integrity and ethical values?
- Are deviations in sound integrity and ethical values identified in a timely manner and addressed and remedied at appropriate levels within the company?
- Does the Board of Directors understand and exercise oversight responsibility related to financial reporting and related internal control?
- Does the Board of Directors actively evaluate and monitor risk of management override of internal control, and consider risks affecting the reliability of financial reporting?
- Does the Audit Committee actively monitor the effectiveness of internal control over financial reporting and financial statement preparation?
- Does the Audit Committee meet privately with the internal and external auditors to discuss relevant matters?
- Are Human Resource policies and practices designed and implemented to facilitate effective internal control over financial reporting?
- Has management established Human Resource practices that demonstrate its commitment to integrity, ethical behavior, and competence?
Successful, visionary companies are guided by core values.
Core corporate values are not situational, relative, or provisional. They reflect the foundational ideologies of the company and cannot be altered in an economic downturn. These values drive the people within the business.
- Employees who succeed in business by violating organizational values musts not be permitted to prosper.
- Mapping company values to measurable behaviors emphasizes both their importance and long-term commitment, and can be measured and tracked with a performance review.
- Behaviors help to define performance expectations for employees by focusing on the importance of not only achieving results but on how those results were accomplished.
- Employees should be rewarded based on performance and values.
CPAs need to understand the reality that significant fraud risks remain.
In our recent studies of smaller public companies, all had two or more means of committing fraud through check signing, wire transfers, cash receipts, and fictitious employees. Of the companies studied, 95.8 percent had the ability to commit fraud through IT operations; 79.2 percent had financial reporting fraud capabilities. An average of 56 control deficiencies were found per company.
Over the years, we have also studied the lives of CEOs, VP's of Finance, CFOs, and CIOs at public companies who succumbed to the pressures of CEOs and Board members to break trust. The negative consequences were huge: time in prison; probation; home detention; fines; forfeitures; restitution; barring from serving as an officer or director of a public company; tarnished reputations resulting in career implosion; public shame and embarrassment; marital tension, separation and divorce; strained and destroyed relationships with friends and in the community; bullying and taunting of the family in school and public places; family reclusiveness or relocation; emotional and financial wounds and scars that last a lifetime and even for multiple generations.
About Lord & Benoit
While CPA firms do not play direct roles in SOX compliance, they do play crucial, influential roles in helping publicly-held companies to comply with SOX, build trust, and rebuild our economy. Since its inception, Lord & Benoit, a research and consulting firm, has taken a leadership role in educating CPAs about SOX and related IT and IC issues. Lord & Benoit teaches CPAs across the USA in classroom settings, through various professional associations. The company Web site contains many helpful, free resources. CPAs may also register for free Webinars or contact Drew Crandall on the company's toll-free helpline at 1-800-404-7794 x 275.