home    |    contact us    |    reader services    |    Bookmark Us

Atlanta Business Events

» event calendar

Current Issue

November / December 2008

Mount Sustainability
It's higher than Everest, says the Atlanta businessman who, more than any other capitalist, has been scaling it for more than a decade. And he says time is short before humankind plunges into the abyss.
In For The Long Haul
With a diverse and expanding portfolioin an imploding economy, HD Supply is not only built to weather an economic firestorm, but to grow as well. CEO Joe DeAngelo doesn't know any other way.
Changing The Health Culture Of Your Workplace
Employers are feeling the pain of high healthcare costs ... and they're doing something about it.
CatalystMag.com's Top 25 Entrepreneurs + Ones To Watch
Find out who made the list!
» more
Home  | Archives  | Follow the leader

Archives

» more

» more

» more

print-friendly version
discuss this story
bookmark this page
related content

Follow the leader

Jeffrey L. Able

January 1, 2007

 
sponsored by:


If a private company aspires to an IPO, to register public debt or to be acquired by a public company, the need to demonstrate a sound internal control environment is clear. A recent PricewaterhouseCoopers Trendsetter Barometer survey of nearly 350 fast-growth CEOs found that one in four of the fastest-growing, privately held businesses in the country have voluntarily adopted some of the Sarbanes-Oxley “ best practices ” that have emerged from their public sector counterparts.

Why would they do this? These fast-growth companies are adopting certain compliance practices to help create better companies – ones that are attractive to public and private investors, merger and acquisition (M&A) prospects, customers and other stakeholders. Nowadays, investors, credit grantors and business people in general are all keenly aware that the lack of strong internal controls increases investment and operational risks.

Effective controls afford a broad array of benefits for private companies, such as:

  •  Financial reporting benefits allow companies to gain heightened credibility with their stakeholders, become better informed in order to manage their businesses and experience a reduction in risk of errors or irregularities;

  • Operational benefits provide clarity on the roles and responsibilities of management and employees, greater control over business growth, reduction of costs and maximization of performance;

  • Regulatory benefits offer decreased litigation risk or business disruption, lowered risk of employee or consumer litigation and increased credibility in contractual relationships with vendors and customers, as well as with regulating bodies such as the Internal Revenue Service (IRS) and the Federal Trade Commission (FTC).

Internal controls of private companies today

In many private companies, internal controls remain informal. Consequently, controls may not be known or adhered to, or may simply fail to accomplish their objectives. Although management may believe controls are in place, there are many factors that can cause them to function improperly, be poorly implemented or simply ignored.

Even when controls exist, they’re often ‘detective’ rather than preventative; in other words, they are designed to uncover problems after they occur rather than prevent them from occurring in the first place. Such inadequate control systems leave companies vulnerable to a broad spectrum of risks, many of which they presumed to be mitigated.

An internal controls framework

While implementation requirements were only mandated in 2002, internal controls have been codified for over two decades. The committee of Sponsoring Organizations (COSO) of the Treadway Commission established the initial framework in 1992. COSO, a blue-ribbon body chartered by leading accounting organizations to articulate the purpose and elements of internal controls, identified five essential elements of effective controls:

  1. 1. The control environment

  2. 2. Risk assessment

  3. 3. Control activities

  4. 4. Information and communication

  5. 5. Monitoring

While each of these five mechanisms is indispensable for an effective system, a company must have a strong control environment for the system to function properly. The critical “ tone at the top ” includes a clear mission statement and a written, reinforced, broadly communicated code of conduct.

ONE OF THE GREATEST RISKS FOR PRIVATE COMPANIES IS AN IMPROPERLY FUNCTIONING CONTROL ENVIRONMENT. IF THE CRITICAL “ TONE AT THE TOP ” IS UNCLEAR, POORLY COMMUNICATED OR NEVER ENUNCIATED TO BEGIN WITH, THERE MAY BE NO REAL FOCUS ON PROMOTING ETHICAL BEHAVIOR.

Private companies are at risk

Absent or malfunctioning controls leave companies vulnerable to a myriad of financial risks, including inappropriate revenue recording; unauthorized transactions and wire transfers; excess inventory purchases or purchases of products and services at higher-than-expected costs; unapproved payroll changes; inappropriate investment of excess funds; unnecessary fixed-asset purchases and possible theft.

One of the greatest risks for private companies is an improperly functioning control environment. If the critical “ tone at the top ” is unclear, poorly communicated or never enunciated to begin with, there may be no real focus on promoting ethical behavior.

Compliance with a company's ethics code should be periodically confirmed. Companies also may want to establish an “ ethics hotline ” as a reprisal-free medium for reporting ethical breaches. Investigation and enforcement must be a visible reality, fostered and strengthened by the ethical behavior of senior management and the owners. Additionally, an independent advisory board and organization-wide training programs will further ensure compliance with policies, codes and control activities.

Careful monitoring of budget, forecasts, prior periods and competitors are essential for combating fraud. Responsibility for these reviews should fall to different staff members to guard against error or misconduct. These checks should include regulation of equipment, inventories, cash and other assets, which should be regularly compared with control records.

In addition, companies must ensure that their code of conduct and business ethics are regularly communicated to their employees. In some cases, employees do not understand the reasons they are performing certain procedures or what procedures should be performed to ensure their compliance with the internal controls process. Staff turnover – a significant issue in today's business environment – exacerbates this problem, as does failure to document policies and procedures. Documentation is critical to ensure that controls assumed to be in place and operating as planned are actually continuing as a new employee takes on that responsibility.

To ensure that the ethics code becomes a fluid, integrated part of a company, management should encourage department heads to solicit and consider suggestions from their staff as two-way communication between senior management and operational personnel. This type of duel communication will allow for clear working channels to make recommendations for improvement.

Additionally, inadequate security is a serious control risk. Financial and physical assets need to be secured, as does access to information technology assets, including both hardware and software. Securing intellectual property, such as formulas and customer information, is equally important.

To create secure control mechanisms, regular reviews of control processes and procedures are essential as the information used to monitor operations may be flawed or inappropriate. The only way to evaluate whether controls are working as intended is to ensure that appropriate monitoring, by a level above the person performing the control, is taking place. Enhancement recommendations by the external auditors should be fully considered and promptly addressed.

Finally, regulatory noncompliance is a significant control risk that demands the focused attention of private companies. At the federal level alone, agencies such as the IRS, FTC, Food and Drug Administration (FDA) and the Environmental Protection Agency (EPA) issue and enforce regulations that apply to both private and public companies. If employees do not follow the relevant company policies and procedures, or do not know what they are, problems are likely to ensue.

The time to act is now

Private companies are being held to a higher level of accountability for their actions and it is important that they create internal metrics and mechanisms to monitor and reinforce their operational, financial and reporting activities.

Sarbanes-Oxley control provisions may become the “ gold standard ” for controls in all companies both public and private, thereby defining the level of excellence that leading businesses will strive to reach.


 

Jeffrey L. Able

 


 


 


 


 


 

 




Related Content:

  • A focused agenda
  • Fonda on Fonda
    Actor. Activist. Fitness guru. There isn't much Jane Fonda hasn't done. These days, she's focusing her time and energy on reducing adolescent pregnancies in Georgia
  • Honk if you hear me
  • On delivery
    For a century, UPS has been the model for – you guessed it – getting things from one place to another. As UPS celebrates 100 years of service, its chairman and CEO Mike Eskew believes the company expects even greater things to come


Loading

Events | Business Resources | Real Estate | Health Care | Economic Development
Reader Services | Newsletters Signup | Terms & Conditions
Contact Us | Advertise with Us | Subscribe
Copyright © 2008 Trans World Publishing, Inc. All Rights Reserved.