When a company is charged with financial statement fraud, the first question asked is “Where were the auditors?”
But auditors can only insure accurate financial reports in a robust business environment where every stakeholder has bought into the importance of internal control procedures and their documentation.
Creating an internal control integrated framework over subjective and complex accounting areas such as revenue recognition, loan impairment and valuation is especially challenging, and insufficient internal control procedures can leave an organization dangerously open to fraudulent financial reporting.
So, how can auditors make sure their clients have a sound controls and documentation culture?
Highly Subjective and Complex Accounting Areas
The Anti-Fraud Collaboration recently held two workshops that gave regulators and the main players in the financial reporting process – audit committee members, internal auditors, external auditors and senior management – an opportunity to explore issues that were identified in an examination of SEC filings relating to securities fraud where issues with companies’ Internal Control over Financial Reporting (ICFR) were noted.
The workshops generated discussion of accounting policy and practice as well as recommendations for improvement of those policies and of ICFR. The details are described in the report, Addressing Challenges for Highly Subjective and Complex Accounting Areas.
At the core of these recommendations is the need for more personal accountability across the board. Through clear communications, empowerment, performance tracking, and enforcement.
Accounting Fraud Prevention Recommendations
Some of the recommendations detailed in the report include:
Embed Controls into the Day-to-Day Operations
“Controls documentation and testing should be embedded into the day-to-day operations such that it is not strictly a compliance exercise that only satisfies auditors.”
The attitude from executives and management must stress the importance of controls and personal accountability as a way of doing business. Documentation and testing should be codified and communicated such that each employee understands that he is a stakeholder in the validity of the financial reports, and must play a part to mitigate audit risk.
“Communication is key. There may be a perceived gap between the nature and extent of evidence that management considers necessary … and what their external auditors require.”
Once management and external auditors have agreed on the extent of documentation that is needed, both internal and external audit staff must be held accountable for compliance. No compromises.
“New personnel should understand why the internal controls are important and the role they play in the regulatory process.”
Training is essential. The accounting policies and procedures should include documentation requirements, and employees must be held accountable for adhering to those requirements.
“The mapping, documentation and testing is an opportunity to discover and make operational improvements.”
Accounting policies should not be a static rulebook. Not only will regulations change, but trial and error will identify areas that should be tweaked. This should be operationalized and be part of the day to day operations of the business.
"Where extensive internal control framework issues are identified by the external auditor, audit committees should be involved to determine that appropriate remedial action is taken."
Senior management, audit committees, and auditors, both internal and external, are responsible for creating a robust control environment.
All staff must be trained and managed as a stakeholder in the integrity of the financial statements, and each of these stakeholders must be held accountable for upholding his or her part of the documentation supply chain.
So, What is the Best First Step?
Accountability is the key. Creating a full-cycle culture of business accountability is fundamental. This cycle includes clear communication of expectations, a clear definition of deadlines, clear escalation procedures, clear assignment of responsibilities, and, most importantly, a way to drive the execution down to the employee's performance appraisal process.
Once a full-cycle of accountability is achieved, accounting fraud scandals and surprises will be greatly minimized.
CommandHound is tool that has been designed from the ground up to enable a full-cycle culture of accountability to take hold. Want to learn more?