Archive

Posts Tagged ‘internal fraud’

Quality Control…or is it Quality of Controls?

September 17th, 2008 Comments off

It’s a bit disheartening to continue reading about so many instances the last few days of internal fraud carried out at both private and public companies. There’s no need to look any farther than CFO.com to see examples in the last few day, which include American Intl. Pasta Company (fraudulent reporting), Hilfiger ($19m embezzled), and Quest ($10m “questionable” transfer). As a Finance professional who has worked at both smaller and larger entities, the biggest question I have is what were the levels of audit / control that were supposed to be in place and why didn’t they detect this activity sooner? It’s an easy question to ask but we don’t need to look any farther than some of the most recognized institutions, which have some of the most stringent controls, for examples of controls gone bad. Do you recall the collapse of that English banking institution formerly known as Barings as a result of the futures trading and wiping out the banks reserves entirely? How about more recently, Jerome Kerviel of Societe Generale and his 7.2 billion Euro loss on his futures trading?
Whether public or private, every company needs to have these levels of control in place to detect potential mis-dealings by employees. And it’s not going to be found just within the Finance department. It’s going to be found in Purchasing, Marketing, Logistics, and every other functional area of the organization. It’s not just going to be in the form of embezzled funds, but in inappropriate relationships, kickbacks, or even something as elaborate as a shell corporation, which I discovered had been set up by a country manager at our Mexican subsidiary. The foundation for having these controls is not just the documentation of certain processes. It needs to start at the top of the organization and putting in place an environment of control that communicates to employees what their span of authority is. Defining what their decision making limits are, and if pending decisions are outside of those limits, what the escalation process is for approval.

Within the scope of a SOX framework, it outlines the need for a “suitable and recognized control framework”. There are a number of segments that comprise this framework, but from overall view, there key areas to address. These areas include, as discussed, a Control Environment, Risk Assessment, Information / Communication, and Monitoring. Now, as I’ve mentioned with all my posts, this is only meant as a summary and not an exhaustive commentary. Our ultimate goal as Finance professionals should be the ability to generate company financials that are free from error and allow the key players in the organization to make informed business decisions. To generate information that can be trusted and relied on in the growth of the business. Only after we have managed to deliver this, as a functional area, can we fullfill the remainder of our role as an advisor on other corporate matters.

It would be easy to spend a week discussing the topic of internal controls, structuring an internal audit, and the follow-up activities of such an audit. Not quite possible here. The intent here is to have you consider the topic, whether it’s appropriately addressed within your organization, or that maybe it’s in need of a refresher due to material changes in staff, market, or regulations. What is the Quality of your Controls?

Thanks for reading . . . .