Congress enacted the Sarbanes-Oxley Act of 2002 (“the Act”) as a knee-jerk all publicly held
business, regardless of size, into the legal requirement to maintain a documented and tested
system of internal controls over financial reporting. For companies with years ending after
December 15, 2009, management is required to attest to the effectiveness of its internal controls,
and identify any significant deficiencies or material weaknesses. This law is referred to as
Section 404(a) of the Act. For now, Congress has exempted small business issuers from rule
404(b), which would have required that the public company’s auditors must audit and opine on
the effectiveness of the company’s internal controls over financial reporting. Compliance to rule
404(b) may have been the kiss of death for small business issuers by effectively doubling the
annual audit fees.
Compliance with rule 404(a) of the Act poses numerous challenges for issuer companies, their
management team, and auditors. The level of competency required by management to simply
assess the effectiveness of its system of internal controls over financial reporting is daunting.
Most small business issuers cannot afford a financial expert, qualified CFO, or consulting firm
with the skills requisite for a quality design and implementation of internal controls. However, a
thorough design and implementation of a system of internal controls over financial reporting will
go a long way in validating management’s desire to create value in its company for its investors.
For this reason, we have designed a simple, cost-effective, and fully quantifiable system of
internal controls over financial reporting.
Investors want blood when the value of their stock goes worthless due to a fraudulent act,
accounting error, or company mismanagement. Time and again, the investing community has
demanded certain “protections” against fraud, defalcation, mismanagement of assets, and
negligent accounting errors. Part and parcel to the protections are transparency and
accountability. Investor demand for these protections heightened amidst the Enron and
Worldcom accounting debacles, resulting in the passing of the Sarbanes-Oxley Act of 2002. Even
with the passing of the Act, investors continue to demand corporate governance that gives them a
perceived comfort that these protections have been identified, assessed, and remedied by
management and the company’s board of directors. Section 404(a) of the Act requires
management to assess its system of internal controls over financial reporting, identify any
significant deficiencies or material weaknesses, and opine on the overall effectiveness of its
system of internal controls over financial reporting. Compliance with Section 404(a) on each
quarterly 10Q and annual 10K effectively gives the investing community a certified statement by
management that the investors can then be used against them if the value of the company tanks
due to fraud, defalcation, mismanagement of assets, or negligent accounting errors. In effect, the
attestation statement can be the “noose” by which management will hang if found guilty. A
simple system of internal controls over financial reporting can support management’s case that it
was not negligent in its decision-making, management of assets, fraud protection, or accounting
processes, and that external forces outside of management’s control were the true reason for a
decrease in the value of the company.
Regulators (ie. the Public Company Accounting Oversight Board, or “PCAOB”, the SEC, the
Department of Justice, Congress) want to know that the Act, or the Law, is being abided,
enforced, and is effective in its protection of investor confidence. Consequently, they work hard to
find those companies, management teams, auditors, etc. who try to circumvent or break the Law.
Compliance with the Act through a simple system of internal controls over financial reporting is
easy and effective in meeting the legal requirements. We have designed such a system.
The board of directors want to know that management is accountable to them in every possible
way. They want to be able to sleep at night knowing that a system of internal controls over
financial reporting is in place, is effective, is being assessed and monitored, and that significant
deficiencies or material weaknesses are being identified and remedied in an efficient manner.
They also want to protect the investors of the company. They are accountable to the investors.
They want to know that if a CEO, CFO, or equivalent goes “rogue” on the company, that there are
stop-gaps, safety mechanisms, and processes in place that will rapidly identify and report the
activity before the value of the company is affected. A system of internal controls over financial
reporting can serve the board of directors by providing those stop-gaps, safety mechanisms, and
processes to contain any potential damage to the value of the company. A system of internal
controls over financial reporting can also serve as a safety net in the event of a shareholder
lawsuit or regulatory investigation. Without it, the board of directors is exposed to all legal and
regulatory accusations thrown their way.
Management also wants to know that the company is protected from malfeasance, fraud,
defalcation, and accounting errors. They want to know that under their watch, the value of the
company is sustainable. They want to be held to a standard of accountability that allows them to
sleep at night knowing that they are doing everything possible to protect the investors’ money.
They want to know that in a court of law, they can say that they properly designed and
implemented a system of internal controls, and that the system was analyzed and assessed on a
regular basis in accordance with its mandates. Peace for management comes from the
confidence that the system of internal controls over financial reporting serves as a safety net that
protects them from claims of “gross negligence”, “fraud perpetration”, or “intentional
malfeasance”. A system of internal controls over financial reporting can serve management by
providing that safety net in the event of a shareholder lawsuit or regulatory investigation. Without
it, management is exposed to all legal and regulatory accusations thrown their way.
Even though small business issuers are exempt from Section 404(b) of the Act, auditors must
still assess, document, and understand the company’s system of internal controls over financial
reporting as part and parcel to their audit processes. A simple system of internal controls over
financial reporting can actually aid in the reduction of audit fees by giving the auditors reliance on
the system, thereby giving them cause to reduce the amount of testing on individual accounts and
transactions. The result is a direct and quantifiable reduction in audit time and ultimately audit
fees. A company who has implemented a system of internal controls over financial reporting
demonstrates to its auditors that it desires to be accurate, complete, and forthright in its
accounting and reporting processes. The auditors want to know that the board of directors and
management have identified, documented, and tested its system of internal controls over
financial reporting, and that they have promptly remediated those significant deficiencies and/or
material weaknesses that have been identified during the assessment process. The auditors’
confidence in overall corporate governance due to an adequate system of internal controls over
financial reporting reduces the auditors’ perceived level of risk of the overall audit that accounting
errors, fraud, malfeasance, or mismanagement have not occurred, and serve as a basis of
overall comfort in rendering an unqualified opinion on the financial statements.
We have designed a simple and cost-effective system of internal controls over financial reporting
that will satisfy all of the “wants” and “needs” of investors, regulators, boards of directors,
management, and auditors.
|Click on a link below to
learn more about our
|WHAT BOARD OF DIRECTORS WANT