On August 9, the Securities and Exchange Commission (SEC) issued proposed final rules and dates on Sarbanes-Oxley (SOX) requirements for smaller public companies. Relief from existing SOX requirements was not proposed.
Regardless of regulatory uncertainty, however, all public companies can benefit from ensuring accurate financial reporting, maintaining effective corporate governance, and mitigating threats to viability and performance.
In the past, most companies' fraud-prevention activities were geared toward protecting assets, rather than ensuring financial statement accuracy. But in the current regulatory environment companies must focus on financial statement integrity while remaining vigilant about other fraud risks.
In addition to regulatory concerns, companies should be mindful that the investing public has low tolerance for any inkling of financial fraud or mismanagement. Taking the following measures can help protect against a range of fraud-related activities - both financial and nonfinancial.
Implement and maintain effective internal control systems. Effective internal control systems help companies avoid financial statement fraud and other financial surprises, safeguard assets and ensure reliable and accurate financial statements - a key responsibility of boards of directors and management.
Be conscious of tone at the top. A culture of integrity begins with company management and its policies. This "tone at the top" is embodied in formal and informal policies, which must be effectively communicated to and understood by employees.
Assess your control environment. In addition to upholding the letter of the law, companies should strive for a control environment that promotes a culture of openness and integrity. Factors influencing the control environment include ethical values and competence of management; management's philosophy and operating style; manner in which management assigns authority and responsibility; and attention and direction provided by the board of directors and audit committee.
Make your whistleblower policy known. Employees, customers and suppliers, who are typically familiar with an organization's internal workings, may be a source of information about possible misdeeds. Best practices prescribe - and SOX mandates - that organizations have an anonymous whistleblower policy to assist individuals in coming forward.
An effective whistleblower policy encourages sources to report known or suspicious activities and provides information on how to anonymously make reports through a third-party service, toll-free telephone number or unidentifiable e-mail. Employees should have confidence that they will not be punished for reporting problems - both real and perceived.
Maintain a high level of accuracy and transparency in financial reporting. Contrary to some perceptions, SOX did not establish new accounting or disclosure rules, nor did it establish new ethical obligations for management. It did, however, direct the SEC to study the implications of principles-based, as opposed to rules-based, accounting standards. Organizations that rely heavily on rules-based accounting should keep in mind the "do the right thing" spirit of SOX.
Laurie Scofield is Managing Director of the Risk Management Practice in the New York office of RSM McGladrey, Inc.