A global review of internal control practices indicates the prescriptive, rules-based approach that drives Sarbanes-Oxley and its Section 404 reporting requirements does not breed good business practices, but merely a check-the-box compliance mentality.
That’s the finding of a new report titled “Internal Control—A Review of Current Developments” from the International Federation of Accountants. It compares key internal control frameworks that drive business reporting in countries around the world, and highlights recent legislative and other initiatives that affect the modern internal control environment.
Connell
“Fundamentally, when companies look at internal control as part of their business practices, it’s more likely to be embedded into the normal business processes rather than a compliance exercise,” says Bill Connell, chairman of IFAC’s Professional Accountants in Business Committee, which published the report. “If you do things with a compliance view only, it gets done, but it’s not integrated into the organization. It’s an afterthought, not integrated into the management process.”
Connell says the PAIB Committee is investigating ways it can encourage companies to adopt more principled approaches to internal control and shed the compliance frame of mind. He says internal control frameworks outside the United States, like the Turnbull standards in the United Kingdom and other frameworks in the Netherlands, South Africa and Hong Kong, take a far more principled view of internal control than Sarbanes-Oxley allows or encourages.
“The majority of countries have internal control frameworks that are principles-based,” he says. “Where they are more rules-based—and unfortunately Sarbox is rules-based—you’re not going to get the same result. Sarbox is very related to financial controls, not overall controls.”
The PAIB plans to spotlight top finance executives from around the world to focus attention on more principled approaches to internal controls, Connell says.
The IFAC report, as well as additional resources on taking a "top-down, risk-based" approach to SOX 404, can be found in the box above, right.
IFAC Proposes Guidance On IT Skills For Accountants
A n international accounting education group is proposing new guidance on what IT skills accountants should have to perform in today’s technology-driven organizations.
The International Accounting Education Standards Board has published an exposure draft titled “Information Technology for Professional Accountants,” to outline what accountants should know so they can use and rely on information technology. IAESB is an independent standards-setting board within the International Federation of Accountants.
Sylph
“There has been a lot of change in the information technology environment in the last four years” since the last guidance was published, says Jim Sylph, technical director for IFAC. “This identifies some of the new elements in the IT world that professional accountants may well need to know.”
The guidance outlines IT competencies necessary for accountants to work in such roles as financial manager, financial controller or tax practitioner. In addition, it focuses on competencies necessary for auditors, managers of information systems, and designers of business systems.
Comments on the proposed guidance are due Nov. 15. The IFAC report can be found in the box at right, as can related IT coverage.
Report: Auditor Switches Rise, Reasons Unknown
Nearly 1,500 public companies parted ways with their auditors last year, according to recent research by Glass, Lewis & Co., but the reasons for the partings aren’t clear based on available disclosures.
Although companies are required to disclose their reasons when they switch to a new audit firm, the rules are just loose enough that the disclosures end up providing little meaningful information, says Mark Grothe, research analyst for Glass Lewis.
“The SEC doesn’t require reasons in all cases—only in certain circumstances,” he says. “The companies make such vague disclosures because the [Securities and Exchange Commission’s] rules don’t require anything more.”
According to the Glass Lewis analysis, 1,430 public companies changed auditors in 2005, representing 11.3 percent of all listed companies. In nearly three-fourths of those cases, the companies didn’t provide a reason. From 2003 to 2005, about 4,000 companies changed auditors, the report says.
Why the silence? Glass Lewis suggests companies are hiding disputes with their auditors and shopping for favorable audit opinions. It recounts a case where an accounting fraud charge against a former CEO at Computer Associates was linked to an abrupt change in audit firms several years prior.
“For every instance like CA’s where the real story finally emerges, we suspect there may be many other examples where the ugly truth behind a company’s auditor change remains shrouded in secrecy,” Jonathan Weil, editor of financial research for Glass Lewis, writes in the report.
If companies are firing their auditors because they don’t like the auditor’s position, don’t expect the auditors to expose the company’s misdeeds either, Grothe says. Audit firms are required to submit a letter to the SEC informing the regulator of the parting, and they’re required to provide a letter to the company to be included with the 8-K disclosure, he says. In neither case, however, are they required to cite reasons.
“An auditor might want to remain mute to serve its interest of future business,” he says. “If an audit firm bashes a company after a split, they might think that other companies would be less willing to engage them as auditor, fearing the auditor could ultimately do the same to them. The possibility of future probing into the situation is a risk they’re willing to take in hope of retaining more business.”
No comments yet