Internal Controls Aid More Than Sarbox Compliance

Lora Bentley

Enron brought on Sarbanes-Oxley, the increasing threat of identity theft has resulted in various and sundry data privacy laws, and a focus on environmental responsibility led to legislation like the EU's Waste Electrical and Electronic Equipment directive or the Restriction on Hazardous Substances directive.


The push toward globalization is also affecting the corporate regulatory environment, according to the national leader of KPMG's U.S. forensics practice, Richard H. Girgenti. In an interview with The Metropolitan Corporate Counsel, Girgenti says the move to globalize -- either by outsourcing to save money or by moving into developing markets to broaden exposure for their products and services -- has created new risks and challenges that companies need to address:

Unfortunately, the harsh reality is that corruption is rampant in many of the poorest countries, and companies and regulators are increasingly challenged to deal with this problem. For many years, the Foreign Corrupt Practices Act (FCPA)... was infrequently enforced... In 2007, there were 15 bribery prosecutions brought by the Department of Justice and 16 enforcement actions by the Securities and Exchange Commission -- double from the previous year. In 2008, the number of prosecutions is expected to exceed that of last year.

From an IT perspective, it doesn't seem the FCPA requires internal controls that are much different from those required by Sarbanes-Oxley. The FCPA enforcement Web site provides, in part:

[The record keeping and accounting provisiosns] require (1) that books, records and accounts are kept in reasonable detail to accurately and fairly reflect transactions and dispositions of assets, and (2) that a system of internal accounting controls is devised (a) to provide reasonable assurances that transactions are executed in accordance with management's authorization...

The provisions also require that the controls allow for the recording of assets so that proper reports may be filed with regulators, that access to those assets is restricted to those with management approval, and that the record of assets be periodically compared to actual assets so that discrepancies can be quickly resolved.

Add Comment      Leave a comment on this blog post
Jun 3, 2008 4:12 AM Burton S. Liebesman Burton S. Liebesman  says:
Your comments on WEEE and RoHS is another link from quality management ro Sarbanes-Oxley and COSO. The Electronics and Communications divisionof the American Society for Quality has committees on Sarbanes-Oxley, RoHS, and Nano Technology. We have published and made presentations on these subjects showing the value of quality management in improving responses to SOX and the organization's bottom line. I've published papers linking ISO 9001 to SOX Compliance. Interested parties can e-mail me requests for related papers. Reply
Jun 4, 2008 11:47 AM L Araujo L Araujo  says:
Going for : "Unfortunately, the harsh reality is that corruption is rampant in many of the poorest countries, and companies and regulators are increasingly challenged to deal with this problem." is the easy way to try to put the problem outside and to others. Let's not forget that Enron is just one example and that all of them are in developed countries [isn't Sarbanes-Oxley USA, is USA one of many poorest countries?].Awarness, is helpful and if with a good business process approach and method even better combination to desing effective business processes reliable enough to deal with corruption in a rich or poor country. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.