In the US, the public demise of several multi-billion-dollar business giants found cooking the books has led to stricter accounting regulations and tougher penalties. It is hoped that this action will restore investor confidence and the reputation of financial reporting.
Following suit, the European body responsible for financial regulation recently set out proposals for EU-wide co-ordination to enforce international accounting standards. The proposals are set to mirror the US approach, leaving UK directors with no choice but to tighten up controls and keep a tight rein on their accounting procedures. No longer can blame be laid at the door of auditors - the baton of responsibility has been deftly handed over to the corporate executive. Executives can now be personally held responsible for corporate fraud and are also subject to tougher penalties, such as increased prison sentences.
Enhancing corporate governanceWith the introduction of the new Combined Code, UK board directors and non-executive directors are now subject to more scrutiny than ever before.
The revised levels aim to 'enhance board effectiveness and improve investor confidence by raising standards of corporate governance', and companies need to ensure that they have introduced the necessary systems to meet their expectations.
Poor business performance monitoring, deception, and fraudulent representation of financial figures contributed to the collapse of Enron and WorldCom.
In the US, enforcement of the Sarbanes-Oxley Act 2002 is beginning to come into effect, creating pressure for big business to get its house in order. In the UK, a snapshot of the British public's view of large companies has been produced by a recent survey conducted by MORI (1). 73% of those surveyed had heard about the collapse of major corporates across the globe.
Almost half of respondents said they now had less trust in large companies while a quarter claimed to have a lot less. It is clear that the public, not just the stakeholders, require a greater degree of reassurance when it comes to financial performance and corporate governance procedures.
Effective corporate governance in the future will require more than simply adding non-executive directors to the board. Responsibility rests with operational directors and senior officers of the organisation to ensure that objective, measurable and continuous internal control processes are implemented. The act of attesting to the reliability of the financial and operational information which organisations disseminate both internally and externally is now becoming of paramount of importance, as long as it is backed by objective measures.
Exercising controlWhat has become apparent through these scandals - and the public outcry that followed them - is that the traditional audit model has been inadequate: inconsistent measurement processes and results based on statistical sampling and individual evaluation just do not cut the mustard. Several suggestions have been made to radically change the model. Healy and Palepu(2) suggest the problem lies with the current hiring and remuneration model inherent in the audit process. They propose that 'hiring and paying auditors needs to be moved from company managers to some institution whose interests are more closely aligned with investors, but which is not itself involved in the audit process'. The Sarbanes-Oxley Act in the US has usurped this view and forced direct responsibility onto corporate officers.(3) Similar measures are expected to be introduced across Europe.
Top executives are now forced to consider new ways of monitoring business processes and of exercising control over transactions. When swearing to the honesty of your company accounts, you have to know you are telling the truth - and to do that you need stringent internal accounting procedures.
The key to tighter internal accounting is to be confident that the information contained within different business systems is consistent across your organisation, and, most importantly, accurate. This is notoriously a logistical, expensive nightmare, and will remain so while companies continue to rely on manual reconciliation and internal control procedures that drain resources, are neither cost- nor time-effective, and harbour a high risk of human error.
New solutions now on the market enable internal accounting departments to run like a well-oiled machine. Self-service web-based monitoring and information distribution software give financial officers of the organisation immediate and continuing control of their systems. These new-age solutions are the way forward for companies struggling to meet the heavy demands of high-volume inter-system and account reconciliation and internal control procedures, and enable them to prove the adequacy of their systems and processes. Systems are user friendly and place immediate control in the hands of the finance department.
Measuring efficiency and accuracyCompanies are now able to create an automated environment to continuously control and objectively measure the efficiency and accuracy of accounting and internal structures and procedures. Structures that monitor and control their resolution provide peace of mind, in that any errors, non-compliant events or activities - suspicious or otherwise - are made glaringly obvious.
Software solutions are effectively replacing the old methods with a dynamic process that reflects the latest intelligence from across the business.
This new approach provides an effective means of objectively measuring internal controls and the reliability of financial and operational reporting.
In today's climate, systems that can prove financial reporting is not vulnerable to errors and fraud are at the top of every organisation's wish-list.
Large organisations face the challenge of unravelling complex and diverse operational systems. Classically the audit model was statistically reliant on periodic review, and confirmed by statistical sampling and experienced value judgement. However, the costly and laborious process of manual data collection, reconciliation and co-ordination has become rather old hat and unreliable.
Reducing transaction processing costs and incorporating internal control processes into the business process cycle is the key to this new approach.
Software solutions enable companies to change the business process/audit/internal control paradigm from periodic statistical sampling to a continuous process which becomes part of the business transaction processing cycle. In turn, audit and verification becomes a continuous process involving all staff members. Transaction costs for the internal control cycle are lowered, and a continuous automated process is created, which can easily be verified by management. Fundamentally, effective event monitoring, process reconciliation, high level reporting with drill-down detail and non-compliant event resolution procedures are contained within one system process.
Monitoring dataFinancial and operating data must be detailed, integrated and accurate.
Creating a documented process that is traceable and auditable involves enhancing internal control processes and recording data flow - no easy task. Self-service web-based monitoring and distribution software enables companies to achieve the level of reporting and analysis needed to manage performance and improve decision-making in compliance with regulation.
Building system process monitoring, reconciliation and issue resolution into existing financial and accounting reporting systems makes it possible to consolidate and analyse data from across the business - with certainty of its reliability. These solutions also facilitate the identification of errors, weaknesses, non compliant events and activities, while providing a mechanism for monitoring and measuring the effectiveness of the issue resolution.
Managing the riskWhile examining financial processes, companies must identify risks, such as unauthorised purchasing or inappropriate transactions. It is vital to develop the necessary controls and processes to recognise and deal with non-compliant events and activities, so that they can be monitored and controlled within an effective issue resolution framework. Reconciliation and event monitoring software solutions provide a framework to implement a control structure which can be built into the transaction process cycle.
As operating processes are reviewed by organisations, they may find that financial data is being reported with few objective continuous internal control processes in place. Reporting systems objectively measure internal processes by automatically isolating, categorising and reporting on non-compliant events and activities. Desktop technology facilitates consolidation of key performance and operating metrics from multiple sources into a single, unified view of enterprise-wide financial information. System metrics and non-compliant activities and events can be measured and reported on, enabling management to achieve complete control and understanding of how processes are handled. Key performance indicator reporting - an added feature of web based monitoring solutions - also enables organisations to assess compliance on a continuous basis.
Increased transparencyTo enhance transparency, companies are able to use web and workflow tools to view financial data history. By providing electronic review and approval of data, with time stamps and comments, transactions can easily be verified, approved and signed off electronically - with confidence that information is accurate and above board, with an audit trail of changes to prove it.
Historical process tracking enables data to be searched by rules, including date and time, user name, action taken, process level and comment. Internal controls and security also ensure that financial results promoted from one level to the next use the same criteria to reconcile and report figures.
An auditor could easily attest to internal controls by verifying date and time stamps with approval levels and documented security, thus providing the corporate executives with the level of reassurance they need.
Effective governanceIn essence, web based solutions enable management information to be delivered far more accurately than traditional reporting methods. Deploying these new-age solutions offers tighter integration and the ability to detect and correct invalid data in a fast and efficient way. Furthermore, consolidating financial results gives a complex overview of vital information which can be effectively contained and communicated on a real-time basis.
Company executives must certify that financial results are accurate or face severe civil and criminal penalties, that much is clear. Today's reporting solutions make it possible to do this, while achieving streamlined financial consolidation processes and speeding the delivery of financial reporting.
1) MORI survey: 'The Business World Will Never Be The Same.' The Contribution Of Research To Corporate Governance Post-Enron, 16 September 2003
2) Paul M Healy and Krishna G Palepu, Harvard Business Review, July 2003
3) Section 404: Management Assessment Of Internal Controls
SOX SUMMARYThe US Conference of State Bank Supervisors provides a clear executive summary of the Sarbanes-Oxley Act on its website. Provisions for corporate and criminal fraud accountability include the following.
- Criminal penalties for knowingly destroying, altering, concealing, or falsifying records with intent to obstruct or influence either a federal investigation or a matter in bankruptcy and for failure of an auditor to maintain for a five year period all audit or review work papers pertaining to an issuer of securities (10 years in prison)
- Extension of the statute of limitations to permit a private right of action for a securities fraud violation to not later then two years after its discovery or five years after the date of the violation
- Whistleblower protection to prohibit a publicly traded company from retaliating against an employee because of any lawful act by the employee to assist in an investigation of fraud or other conduct by federal regulators, Congress or supervisors, or to file or participate in a proceeding relating to fraud against shareholders
- Fine or imprisonment (up to 25 years) for any person who knowingly defrauds shareholders of publicly traded companies.
The Act also enhances white collar crime penalties, including establishing criminal liability for failure of corporate officers to certify financial reports, with maximum penalties of 10 or 20 years' imprisonment.