Play as a Podcast
The financial scandals of Enron & WorldCom in 2002 led to the formation of SOX – Sarbanes Oxley legislation for the Listed Companies in the U.S. The U.S Congress passed a bill to ensure there is an official watchdog & scrutiny of Publicly Listed Companies, when it comes to Financial reporting to their Stakeholders
SOX-404 is used as an internal control mechanism to mitigate any risks (financial/ material misstatements). Subsidiaries of American Listed Companies have to follow SOX. As per SOX, a Company should safeguard its assets & ensure there are robust controls in place to mitigate any risks. For example, process manuals for key account reconciliations, CRM – Customer relationship management processes, & procedures for procurement of goods & services.
The Committee of Sponsoring Organisations – COSO Framework:
The COSO framework helps in understanding the importance of having vigorous internal controls in place in order to eradicate potential risks of financial & material misstatements, whether due to fraud or error.
COSO framework emphasises on the underlying Control environment, Communication style, Risk strategy, & Monitoring processes. If a Company has a strong control environment evident by robust internal control processes i.e. Procurement procedure, HRM System, & Customer Contracts (CRM).
Companies may embed various controls within their internal control systems e.g. a Company using an ERP System will have a formal system for: –
Segregation of duties:
Generally, the Internal Auditors are involved in analysing Company’s internal control procedures to ensure whether they have segregation of duties in place e.g. a bank reconciliation is prepared by a bookkeeping person & is reviewed by a Finance Manager (first tier review) & finally by the HOD – head of department (2nd tier review).
However, this may not be the case in every Organisation given the resources they may have. One person may end up doing all the tasks. This could lead to material misstatements being uncovered until the last minute (usually by the auditors during year end audit work).
This can waste lot of precious time in trying to adjust these misstatements which could have been detected & adjusted earlier on. This may well lead to a qualified audit report if there is a disagreement between the management & auditors on a particular adjustment.
Internal Controls in practice:
Whether a Balance sheet reconciliation matrix is used to ensure segregation of duties exists. Whether the underlying balance sheet reconciliations are prepared & signed off by the Senior management (FM/ FC). Whether the month-end controls are in place & segregation of duties are being practiced to mitigate any potential risks of material misstatements whether due to fraud or error.
In Conclusion, a Company should regularly review their internal control systems in light of the changing business environment (AI). As the underlying circumstances may change & lead to risk of material misstatement, whether due to fraud or error.