|
|
AUDITING
Use COSO Guidance to Reduce Audit Costs
A guide supplementing the 1992 Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, is aimed to help smaller companies assess their internal controls in a more cost-effective manner.
As stated by COSO, additional guidance provides the principles and attributes that allow smaller organizations to understand the scope related to implementing and maintaining a robust system of internal controls. The objectives of good internal controls include:
1. Accuracy of financial reporting
2. Compliance with laws and regulations
3. Effective and efficient operations
What exactly is a "smaller" company?
According to the new guidelines (available online at www.coso.org), the term "smaller" rather than "small" is used to denote that there is a wide range of companies to which this guidance is directed. This guidance focuses on business with the following characteristics:
- Fewer lines of business and fewer products within lines
- Concentration of marketing focus, by channel or geography
- Leadership by management with significant ownership interest or rights
- Fewer levels of management, with wider spans of control
- Less complex transaction processing systems and protocols
- Fewer personnel, many with a wider range of duties
Smaller companies have been challenged not only with the cost of a Sarbanes-Oxley audit but also with the challenge of maintaining a cost-effective internal control. For example, one of the challenges might be having enough resources to achieve adequate segregation of duties. In smaller companies, it is customary to find one individual performing several duties that might be in conflict with each other -- especially in the eyes of the Sarbanes-Oxley Act. For instance, the same programmer that developed an application might be the same person that promotes this application to the production server. Or perhaps the same person creates invoices, writes the checks and also reconciles the checkbook. In an ideal world, the same person would not perform the types of activities. There are actions companies can take to compensate for limited segregation of duties. For instance, managers could review system reports of detailed transactions; review application code before promotion to production servers; oversee periodic counts of physical inventory and compare them with accounting records; and perform account reconciliation independently and manually.
Another challenge smaller companies have is the ability to maintain appropriate control over computer information systems with limited technical resources. Unlike larger companies with larger budgets to hire additional personnel, many smaller companies operate with a minimum roster of technology personnel and this might not be adequate to maintain the vast number of internal technical controls needed to maintain compliance.
| Small Business Help for SOX Compliance |
The Small Business Sarbanes-Oxley Assistance Act of 2006 would authorize the U.S. Small Business Administration to award federal grants to small businesses to help with the cost of complying with Sarbanes-Oxley regulations. It also creates a task force, assembled by the SBA Chief Counsel for Advocacy, and comprising of representatives from the U.S. Securities and Exchange Commission (SEC) and others, to report semi-annually on how to reduce the red tape and financial burden, assisting small public companies complying with Sarbanes-Oxley. Sen. John Kerry (D- MASS.) introduced the bill.
"We passed Sarbanes Oxley to create accountability and transparency in the corporate structure, and it's helping to battle corporate fraud," Kerry said. "But too many small companies don't have the resources or expertise to make the necessary structural changes on their own, and we need to make sure they compete on a level playing field. It's just not right that their resources are being stretched thinner than those of the corporate giants, just to comply and compete. This bill will help small businesses comply with Sarbanes-Oxley, and offer federal assistance to those who need additional help -- so small businesses can abide by the law, create jobs and grow our economy."
The bill follows a recent U.S. Government Accountability Office (GAO) report that found small public companies to be spending considerably more on implementing Sarbanes-Oxley, particularly Section 404 of the bill, which requires firms to establish internal control frameworks and to file internal control reports. The report found that firms with less than US$75 million in market capitalization were spending $1.14 in audit fees per $100 of revenue, compared to just $.13 per $100 for firms with greater than $1 billion in market capitalization. |
 Mark Edmead, MBA, CISSP, CISA, is president of MTE Advisors and has consulted with Fortune 500 and Fortune 1000 companies in the areas of information, system and Internet security, and regulatory compliance. Mark performs the required activities necessary to develop and present a complete analysis of internal control issues to SOX compliance and tax officers, disclosure committees, and audit committees. His tasks have included documentation of new or revised controls, evaluation of the design effectiveness of the new or revised controls, testing new or revised controls, identification of control deficiencies associated with new or revised controls, and monitoring of corrective action plans and documentation of remediation efforts. http://www.mteadvisors.com
ARTICLE INFO
Web Edition: 2006 Week 46, Doc #18490
 FREE ACCESS
Keyword Tags: Business Solutions, Compliance, Financial Management
|
|