4 Tips for a Better Internal Controls Process
Since the Sarbanes Oxley Act was passed in 2002, the SEC has grown increasingly insistent in its demands that companies stay accountable to their stakeholders. As evidenced by recent statements from the Chief Accountant of the SEC and board members of the Public Company Accounting Oversight Board (PCAOB), regulators are heightening their scrutiny of documentation and internal controls—making it more important than ever for companies to ensure that they have an adequate system of internal controls in place. In addition, there has been an increase in the number of comment letters received by companies from the SEC questioning internal controls.
There have been instances where the PCAOB's questions about the audit of internal control over financial reporting, have led to the auditor performing extensive, costly, and time-consuming additional procedures subsequent to the issuance of the auditor's opinion. In some of these instances, the additional procedures have led to a revision of management's report and the auditor's opinion on internal control over financial reporting to disclose a material weakness in internal controls.
In a recent case, the CEO and CFO of a Florida-based company came under fire when the SEC alleged that the CEO and former CFO represented in a management report on internal controls that the CEO participated in management’s assessment of the company’s internal controls, when he didn’t actually participate in the evaluation.
Moreover, the CEO and former CFO were alleged to have each certified that they had disclosed all significant deficiencies in internal controls to the outside auditors, when they allegedly misled the auditors about their controls by withholding from the auditors information about inadequate inventory controls and improper accounting practices. Until this case there hadn't been any standalone internal control or certifications cases since Sarbanes-Oxley (SOX) was enacted. However, this case foreshadows greater scrutiny of internal controls by the SEC Division of Enforcement.
According to an article from The Wall Street Journal, The Big Number: The Second-Most Reported Accounting Deficiency, large companies disclosed deficiencies in accounting for inventory 38 times last year, putting the category in second place behind deficiencies in tax disclosures. The article states, "So far this year there have been six disclosures that inventory accounting procedures are inadequate, putting it atop the list of issues." Given the SEC's increased focus on accounting fraud and irregularities, you should expect these deficiencies to get the attention of the Division of Enforcement.
It’s more important than ever for companies to maintain an effective system of internal controls.
A plan that works
Establishing a thorough, consistent workflow for processing important documentation can help you stay current and compliant with SOX documentation and certification requirements. In addition, it will protect against fraud and other accounting irregularities. Here are four steps you can take to make sure your company stays in the clear:
Acknowledge the importance of designing and executing a system of internal controls. Explain to all parties involved how controls protect against fraud and ensure your information is accurately reported. By doing this, senior management can be confident that the company's assets are protected and inaccurate information isn’t being released to external auditors and investors.
- Put a collaborative system in place
- Stay in control
- Don’t wait for a comment letter from the SEC or a material defalcation. Take charge of your documentation right now. Maintain control of your SOX documentation and certification processes with sign-offs and check-ins to validate that the right people have reviewed and certified the necessary controls.
- Be proactive
- To make sure your processes and controls are working the way you want them to. Conduct regular evaluations to determine whether the components of internal controls are present and functioning. It’s far better to uncover a flaw yourself and correct it than to have your auditors, the PCAOB, or SEC discover it for you. Or even worse, to fall victim to a material defalcation.<
- Evaluate the results
- The best way to avoid a potentially devastating surprise is to address internal control deficiencies promptly and make any necessary changes before action is taken against you or you are victimized by fraud. Evaluating and communicating relevant issues to senior management and your board of directors in a timely manner allows them to take corrective action.
With increased oversight by regulators, it's more important than ever to make sure your processes and controls are in sync across the entire organization. Increased workloads and tight budgets often deter teams from focusing on controls, but not doing anything can have irreversible consequences.
Advancements in technology have provided organizations with the necessary tools to collaborate across teams. This collaboration allows teams to document and test controls efficiently and ensure that the right safeguards are in place to protect against fraud and to report information accurately. With the right solutions in place and a small investment of time and expertise, you can help prevent an unpleasant surprise or unwelcome attention from the PCAOB and SEC, which could lead to a costly and time-consuming post audit review of your internal controls or a possible enforcement action.