Archive

Posts Tagged ‘Sarbanes Oxley’

Small Company Structure vs. Internal Controls….

June 11th, 2009 Comments off

     During one of my prior engagements I was challenged with a situation in which we had a serious possibility of fraudulent accounting activities. The source was one of our foreign offices, which had only a small operating staff, and even worse, only a few accounting folks. There was not a broad enough staff to implement all the necessary levels of control to have a strong level of comfort to say all was operating perfectly. What triggered the entire situation was the combination of operating expenses that continued to exceed Budget in a very material way, as well as the delay, or cancellation of payments for shipments into their country. What was even more amusing was the fact that the country entity even passed a corporate audit after improprieties were suspected. After I was given the green light for a surprise audit, as a inter-country supplier, we effectively blew the lid off what was happening within that country. I’m actually quite proud of the work that was done on that situation.

     There real question though is how do you put effective controls in place to prevent fraud or other improprieties? In my current engagement, I find myself with a company that has a Finance staff that is much leaner than normal for a company of this size. Fortunately I have a GREAT staff that I am able push hard and we have implemented new documentation, new control procedures, and a level of financial reporting that is consistent with GAAP and fully supported with all the necessary documentation. So what’s the big deal? Try reaching this level with a small entity, where habits are long-lived, and financial disciplines are an afterthought.  To the Company’s credit, we also have great Management team that is both open, and supportive, of the change. They’re also seeing the benefits of the improved financial reporting on their ability to run the business and make informed decision. Great, so we now have solid reporting. What next?

     Next is the task of putting a more rigid control structure in place and implementing regular audit procedures that will prevent the temptation or likelihood that fraud will be perpetrated against the Company. But how do you do this when you don’t have the resources to add additional headcount, engage external resources, or implement new software platforms?  It comes through the diligence and integrity of the existing staff and cross-testing the existing resources. In the most elemental spirits of internal audit and Sarbanes-Oxley, it comes from having an effective control environment, appropriate risk assessments, as well as the necessary monitoring to determine that all controls are effective and that any necessary correction actions are undertaken. 

But our Company doesn’t have it’s financials audited?

-But our Company does not have an Audit Committee?

     Doesn’t matter…create the necessary level of communication with the Shareholders and Executive Team and keep them informed as to how the resources of the company are being protected. Ultimately, the inattention to these areas, will at a minimum, result in funds being diverted from the Company, or worse, could lead to the demise of the Company.  In a positive outcome, the actions taken will lead to a significantly higher level of trust in the financials and a higher valuation as it might relate to any acquisition activities your Company may find itself in. What is your commitment to ensuring that the proper controls are in place?

Thanks for reading . . . .

Jeffrey Ishmael

Resurgence of the strategic CFO?

January 29th, 2009 Comments off

      A recent conversation at the trade show I attended had me discussing the expected role of the CFO in the current environment. The conversation, among finance peers, was focused on whether a technical, or “mechanical”, CFO could really be successful in the current economic environment or if we will again see the resurgence of the “strategic” CFO.  If you’ve read my prior posts there’s no question on my opinion. You would also know that my day-to-day activities are focused on a collaborative approach with every functional area of the company and I constantly look for ways to drive efficiencies that will have a positive effect on the bottom line. I’ve also been fortunate enough, prior to achieving the post myself, of working with CFOs who were also very good strategists and mentored me in creating the necessary balance.  The assumption being that any current CFO has the underlying technical skills to support the position.

     The segue for the conversation was a recruiter comment that mentioned they were looking to fill a CFO role but the hiring company was firm on having a CPA. While the scales are slightly tipped as a % towards the number of CFOs who have the designation, there is still a high % who do not, and are simply superior in their skillsets. However, for some time there was the absolute need in many corporations to bring in more of the “mechanic” type profile of a CFO for Sarbanes-Oxley implementations & other peripheral accounting and control functions.  But we now find ourselves in a much more challenging environment and I would table that many of the “mechanics” are simply not equipped, or have educated themselves on the intimate workings of the Company they deal with. That they have not established the necessary collaborative relationships to successufully implement projects. Nor do they have the mindset to work on realistic multi-year strategies that move beyond the simple construction of endless balance sheets. The real difference are the strategic CFOs who utilize their CPA knowledge as a complement versus Accountants who have progressed to the role only through opportunity.

     Yes, these are generalizations, and I have worked with some incredibly talented folks that are also CPAs. However, we are now seeing the absolute need for finance professionals that can work with all the functional areas within an organization and synthesize the information quickly to develop a realistic financial roadmap. Someone that can substantiate the information, really understand the story, and add more value than just changing some variables in a spreadsheet.

Thanks for reading . . . .

Jeffrey Ishmael

Quality Control…or is it Quality of Controls?

September 17th, 2008 Comments off

It’s a bit disheartening to continue reading about so many instances the last few days of internal fraud carried out at both private and public companies. There’s no need to look any farther than CFO.com to see examples in the last few day, which include American Intl. Pasta Company (fraudulent reporting), Hilfiger ($19m embezzled), and Quest ($10m “questionable” transfer). As a Finance professional who has worked at both smaller and larger entities, the biggest question I have is what were the levels of audit / control that were supposed to be in place and why didn’t they detect this activity sooner? It’s an easy question to ask but we don’t need to look any farther than some of the most recognized institutions, which have some of the most stringent controls, for examples of controls gone bad. Do you recall the collapse of that English banking institution formerly known as Barings as a result of the futures trading and wiping out the banks reserves entirely? How about more recently, Jerome Kerviel of Societe Generale and his 7.2 billion Euro loss on his futures trading?
Whether public or private, every company needs to have these levels of control in place to detect potential mis-dealings by employees. And it’s not going to be found just within the Finance department. It’s going to be found in Purchasing, Marketing, Logistics, and every other functional area of the organization. It’s not just going to be in the form of embezzled funds, but in inappropriate relationships, kickbacks, or even something as elaborate as a shell corporation, which I discovered had been set up by a country manager at our Mexican subsidiary. The foundation for having these controls is not just the documentation of certain processes. It needs to start at the top of the organization and putting in place an environment of control that communicates to employees what their span of authority is. Defining what their decision making limits are, and if pending decisions are outside of those limits, what the escalation process is for approval.

Within the scope of a SOX framework, it outlines the need for a “suitable and recognized control framework”. There are a number of segments that comprise this framework, but from overall view, there key areas to address. These areas include, as discussed, a Control Environment, Risk Assessment, Information / Communication, and Monitoring. Now, as I’ve mentioned with all my posts, this is only meant as a summary and not an exhaustive commentary. Our ultimate goal as Finance professionals should be the ability to generate company financials that are free from error and allow the key players in the organization to make informed business decisions. To generate information that can be trusted and relied on in the growth of the business. Only after we have managed to deliver this, as a functional area, can we fullfill the remainder of our role as an advisor on other corporate matters.

It would be easy to spend a week discussing the topic of internal controls, structuring an internal audit, and the follow-up activities of such an audit. Not quite possible here. The intent here is to have you consider the topic, whether it’s appropriately addressed within your organization, or that maybe it’s in need of a refresher due to material changes in staff, market, or regulations. What is the Quality of your Controls?

Thanks for reading . . . .