Internal Controls Aid More Than Sarbox Compliance

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Enron brought on Sarbanes-Oxley, the increasing threat of identity theft has resulted in various and sundry data privacy laws, and a focus on environmental responsibility led to legislation like the EU's Waste Electrical and Electronic Equipment directive or the Restriction on Hazardous Substances directive.


The push toward globalization is also affecting the corporate regulatory environment, according to the national leader of KPMG's U.S. forensics practice, Richard H. Girgenti. In an interview with The Metropolitan Corporate Counsel, Girgenti says the move to globalize -- either by outsourcing to save money or by moving into developing markets to broaden exposure for their products and services -- has created new risks and challenges that companies need to address:

Unfortunately, the harsh reality is that corruption is rampant in many of the poorest countries, and companies and regulators are increasingly challenged to deal with this problem. For many years, the Foreign Corrupt Practices Act (FCPA)... was infrequently enforced... In 2007, there were 15 bribery prosecutions brought by the Department of Justice and 16 enforcement actions by the Securities and Exchange Commission -- double from the previous year. In 2008, the number of prosecutions is expected to exceed that of last year.

From an IT perspective, it doesn't seem the FCPA requires internal controls that are much different from those required by Sarbanes-Oxley. The FCPA enforcement Web site provides, in part:

[The record keeping and accounting provisiosns] require (1) that books, records and accounts are kept in reasonable detail to accurately and fairly reflect transactions and dispositions of assets, and (2) that a system of internal accounting controls is devised (a) to provide reasonable assurances that transactions are executed in accordance with management's authorization...

The provisions also require that the controls allow for the recording of assets so that proper reports may be filed with regulators, that access to those assets is restricted to those with management approval, and that the record of assets be periodically compared to actual assets so that discrepancies can be quickly resolved.