The
New Control Environment
Greed, self-dealing, fraud, misrepresentation, inadequate
disclosure of essential information to
owners and other stake-holders, insider stock trading, significant financial
restatements, financial
collapse, bankruptcies, investigations by regulatory authorities, management
changes, and even
jail time. These phrases might form the basis of a Hollywood feature film
or two. In fact, films
have incorporated many of these characteristics; Wall Street, for instance.
These phrases have been much in the news over the past
year or so. Think Enron, WorldCom,
Global Crossing, Tyco, and Andersen, among others. And while these scandals
have been more
prevalent in the United States, other countries are facing similar challenges.
Coupled with troubled economies, threats of war, and
terrorism, these problems significantly
reduced public trust in major corporations and in turn led to the downturn
in U.S. stock markets.
According to a CNN/USA Today Poll in July, 77% of the public
believe that CEO greed and
corruption have caused this financial meltdown.
This perception has not been limited to major public
corporations but has trickled down to all
sorts of organizations, public and private, large and small, for-profit
and not-for-profit. It is also
not just the dot-coms as some may think. Few organizations have been unaffected.
And there
may be more corporate misdeeds to be discovered that will play havoc in
the marketplace.
To help restore confidence in the markets and to help
bolster the faltering economy, Congress
passed, and President Bush signed, the Sarbanes Oxley Act of 2002. Mention
of this law has
become almost as common in the press as the phrases at the start of this
article, and for good
reason: implementation of the law has already begun as companies with
fiscal years that coincide
with the calendar year are audited and their year-end financial reports
are published.
I recently spoke with a former business associate who
is a partner in one of the major CPA firms.
From his point of view, the next few months will be extremely busy as
publicly traded companies
begin to evaluate their procedures and implement the requirements of the
Act.
After our phone call it occurred to me that while the
requirements of the Act for publicly traded
companies were vital, the same principles could benefit all kinds of organizations.
Let’s look at two important sections of the Act, as
recently published in a
PriceWaterhouseCoopers White Paper:
Corporate Responsibility
- “Requires audit committees to be independent and undertake specified
oversight
responsibilities. - “Requires CEOs and CFOs to certify quarterly and annual reports to
the SEC, including
making representations about the effectiveness of specified controls. - “Requires the SEC to issue rules requiring attorneys in certain roles
to report violations of
securities laws to a company’s CEO or chief legal counsel and, if no action is taken, to the
audit committee.”
Enhanced Financial Disclosures
- “Requires companies to p rovide enhanced disclosures, including a
report on the effectiveness
of internal controls and procedures for financial reporting (along with external auditor
attestation of that report) and disclosures covering off-balance sheet transactions and pro
forma financial information. - “Requires disclosures regarding code of ethics for senior financial
officers and reporting of
certain waivers. - “Requires accelerated disclosures by management, directors, and principal
stockholders
concerning certain transactions involving company securities.”
Other than the specific references regarding SEC rules,
reports, and transactions involving
company securities, these are business principles that all organizations
should strive to observe.
How can anyone argue that CEOs and CFOs should not be
ultimately responsible for the financial
control environment and the fair, ethical, and appropriate reporting of
the results of operations,
regardless of the type of organization? In this day and age, CEO excuses
about “not being an
accountant” are not acceptable. CEOs and CFOs can and should obtain input
from division
executives, as the control process works in both directions. However,
final responsibility must
remain at the top, and top management must set the tone that will trickle
down through to all
organizational levels.
Similarly, shouldn’t private and public not -for-profit
institutions have an independent audit
committee to oversee the financial conduct of the organization? Many institutions
have revenues
and assets that rival those of publicly traded companies; they just have
different reporting and tax
requirements.
And how can anyone with fiduciary responsibility not
be interested in controls on expenditures,
safeguarding of assets, segregation of duties, effectiveness and efficiency
of operations, ethics in
business, and so forth? Above all, it is imperative that the control environment
be documented in
the form of policies and procedures, even though the organization must
be able to change them as
needed in a dynamic business environment. An added advantage of implementing
new
procedures should be improved coordination of the management team, as
input should come from
the whole organization.
Of course, the foregoing is not a complete assessment
and analysis of the Sarbanes Oxley Act, but
merely my thoughts on how it may be applied.
The path to overhaul has been prepared. Organizations
that head down the path should emerge
stronger and more effective.
