publications

 ON BALANCE • FREQUENCY • THE BRIDGECPA2B ACCOUNTING FOR THE FUTURE 

 

(taken from the Jan/Feb 2006 issue of On Balance magazine)

SOX provides a powerful weapon
against fraud

 By Ronald J. Kral, MBA, CPA, CMA

The Sarbanes-Oxley Act can be a powerful weapon to help slay fraud, even among private companies, nonprofits and governments. At the least, SOX regulations offer significant opportunities to contain the beast of potential fraud.

Fraud is simply the intent to deceive. Combating fraud rests on a basic understanding of the three legs of fraud. A break in any leg of the tripod will likely prevent fraud. According to SAS No. 99, the conditions of fraud are:

  • Pressure or incentive
  • Opportunity
  • Attitude or rationalization.
  • Company-level controls

The 404 requirement for management to use an established framework to evaluate the effectiveness of internal control over financial reporting is challenging to implement, yet promises rewards. Internal Control — Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is corporate America’s framework of choice.

Four of the five COSO components—control environment, risk assessment, information and communication, and monitoring—are company-level controls. They exist at the level of the entire enterprise, or at any of its units or activities, rather than at a transaction level. They have a pervasive impact on accomplishing objectives. Each of these components is instrumental in dealing with the fraud triangle.

However, the control environment is the foundation of all controls. It sets the tone at the top, influencing the control consciousness of the people. The seven attributes of a control environment are:

  • Integrity and ethical values
  • Commitment to competence of the entity's people
  • Management's philosophy and operating style
  • Assignment of authority and responsibility
  • Organizational structure
  • Attention and direction from the Board of Directors
  • Personnel policies and practices.

Examples for combating fraud along these seven attributes are plentiful. For instance, if a company has a culture of unrealistic financial targets, it is more likely to fuel the incentive to falsify financial data to either save a job or obtain bonus compensation.

Organizational structures that foster related-party reporting channels are another risk for fraud. For some, unfair compensation or poor working conditions can be grounds for rationalizing acts of fraud. The bottom line is that the control environment is less about the words of the company and more about employee perceptions.

Perception of detection
SOX also requires a protected whistle-blower process. A key source for detecting fraud is typically a co-worker. Many people who suspect a colleague of fraud never report it because they fear retaliation or lack of response from management. An anonymous whistle-blowing program established by the Board and administered by a third party addresses these concerns.

A whistle-blowing program is a cost-efficient and effective tool to help foster one of the strongest of all controls: the perception of detection. It should be extended to suppliers, clients and other stakeholders to maximize its power. If fraudsters feel there is a good chance of being caught, they have fewer incentives and a more difficult time rationalizing a fraudulent act.

Recruitment, retention
The essence of fraud begins with an individual’s ethical values. SOX cannot legislate ethics; they constitute the root values of an individual. No matter how many due-diligence acts are performed in the hiring process, there is always some leap of faith.

One section of SOX, 304, requires the CEO and CFO to reimburse the company for 12 months of bonus compensation and realized profits from a securities sale if the company is required to restate its financial statements due to fraud committed by anyone in the company. Hence, the pressure lies with the CEO and CFO personally to ensure that only ethical people are employed in financial reporting roles.

Independence
A lack of independence can influence decisions about fraud. Independence is a recurring theme throughout SOX, which has requirements for the external audit firm to be hired and retained by the audit committee (or Board), as well as independent audit committee members, prohibition of loans to executive officers and directors, and prohibited services performed by external auditors.

Although not often cited as anti-fraud legislation, SOX restores confidence in corporate America by fighting the conditions of fraud.

Ronald J. Kral, MBA, CPA, CMA is a partner with Candela Solutions LLC, a Madison-based public accounting firm consulting in governance and technology.

 return to previous page