the article here . . .
From my viewpoint, the SOX benchmark has done little to address the causes or even the identification of fraud. You just have to look at the news headlines of the recent months with Madoff, MF Global, Olympus etc and countless FCPA violations (which admittedly are outside SOX scope).
I remain unconvinced that SOX-style focus on 'Internal Control Systems' actually addresses the issue. The major accounting scandals, even post SOX, all boasted an independently validated system of internal control and a clean audit by one of the Big 4.
Readers of this blog will know by now my fascination with the myopic focus of some Finance, Audit and IS teams on 'controls' (the car park barrier) rather than the genuine risk (the tyre tracks). If this makes no sense to you, I explain my metaphor more visually here.
I am a big believer in focusssing effort on identifying and managing risk and on identifying and managing performance gaps. I just worry about the 'compliance' mindset . . .
There was a great letter sent to the SEC by Ken Lever, then CFO of Tomkins which was quoted verbatim in the excellent book 'Reiventing the CFO' by Jeremy Hope (my synopsis can be found here). I quote it here as it is the clearest expression that I have seen in print . . .
"All that SOX does is to force us to have lots of detailed documentation to support our control systems. And then it forces management to keep testing them. This has added a lot of work for marginal benefit.
To be fair, there are areas where it has identified a few control weaknesses that should have been addressed. But I do think that SOX is not addressing the real problem. I think that 90 percent of value destruction in business comes from strategic error, not from problems in control systems. I’d be very surprised if a weakness in any of our control systems gave rise to a material financial error, whereas making a big strategic mistake could cost a company and its shareholders tens of millions of dollars.
I think the problem with SOX is that it doesn’t focus on the real issues. These are about risk. So we’ll end up with lots of documentation and a testing regime so that the auditors and the SEC can come along and make sure we are doing it properly. Now, if that adds value to corporate America I’d be very surprised. It just seems to me that it’s a big value shifting exercise from shareholders to accountants and lawyers.
Couldn't have said better myself !
Thanks for reading . . .
Although I am intrigued to agree I do not agree fully. The whole SOX agenda can be reduced to controls focused on real risk and adding value from not just compliance but also performance perspective. Although the documentation requirements generate additional overhead this can be charged as a part of quality assurance activities: Increasing transparency and promoting business process re-engineering. the mighty SOX itself is a minimalistic few sentence law. It is the way how it is implemented where in the wrong hands it becomes something with marginal benefit. I would say SOX yes, but SmartSOX or ValueSOX.
ReplyDeleteIts very difficult to reduce frauds but they can be controlled by applying more safety measures.
ReplyDeleteAccounting
Tranfer Credits