|
Section 302 404 & COSO's Internal Control Framework
1 - CORPORATE GOVERNANCE CONCEPTUAL FRAMEWORK
2 – COSO's Internal Control Integrated Framework
3 - SARBANES-OXLEY ACT 2002
SECTION 302
SECTION 404 & COSO's Internal Control Framework
Examples of - Management's Report on Internal control over financial reporting and certification of disclosure Exchange Act Periodic Reports (section 302)
4 – SECTION 404 IMPLEMENTATION
5 – COSO's GUIDANCE FOR SPC FOR IMPLEMENTING SECTION 404 OF THE SARBANES–OXLEY ACT
1. CORPORATE GOVERNANCE
The concept of Corporate Governance is not new. The expression Corporate Governance is used when referring to the government of the listed companies. The varied aspects related to the theme have been transformed and developed since the New York 1929 crisis.
It is worth pointing out that there are several definitions around this concept. Following the OECD definition, Corporate Governance is:
“The group of rules and practices that govern the relationship between managers, board of directors and shareholders of corporations, as well as stakeholders like employees and creditors.”
In the strict sense of the term, Corporate Governance would mean “the collective organization of decisions”. We can also say that is the system through which the companies are run and controlled.
As stated by Luis Ustariz, the good Corporate Governance practices have the following main objectives:
1-Encourage confidence in the financial markets;
2-Attract capitals;
3-Promote competitiveness;
4-Implementation of a system of internal control with an effective monitoring structure that assures the adequate administration and running of companies (specially those listed companies issuing securities);
5-Creation of value for the shareholder by maximizing the company’s earnings;
6-The defense of the investors rights and interests in varied aspects;
7-Balance between the interests of shareholders, directors and managers;
8-Transparency, objectivity and fairness in the treatment given to shareholders;
9-The defense of the company’s interests as a whole, including the stakeholders.
We can find five main actors within the framework of Corporate Governance:
1-The board of directors and its committees;
2-Senior management;
3- Internal audit;
4- External audit;
5 -Other stakeholders.
Corporate Governance has evolved from a financial concept, related only to the expected and desired investment return of shareholders, to another one that includes aspects linked to the same design of the organization, and according to the OECD definition has to do with the internal procedures through which companies are run and administrated.
As mentioned in the Harvard Business Review magazine in March 2003, shareholders invest money and managers are responsible for its effective administration. The board must supervise management’s performance, establish the company’s aims, counsel and control management by hiring, firing and offering compensations to its members. Likewise, the board should respond to the shareholders who are all in all the ones who elect them through their vote.
Management is responsible for the running of the company under the board’s mandate and must keep the latter informed about every aspect within its competence.
The key aspect for successful Corporate Governance lies in the interaction between the shareholders, management and the board. The three of them working together provide a number of controls and balances basic for the adequate functioning and integration of the company to the market.
Several countries prepared guides which contain provisions for good Corporate Governance and provide recommendations in key issues such as relationship between the board-management-shareholders, defining the role of each group, specially the board of directors, and the recruitment and remuneration of executives among others.
Criteria standardization and transparency in the financial markets are both key aspects in order to promote investment. As a result, nowadays the most important international organizations are providing financial, technological and research support to those countries which are still outside this reality so that they can finally implement an integrated Corporate Governance system.
2. Corporate Governance and internal control. Internal Control is an essential part of Corporate Governance. The importance of the former increased with the development and improvement of the concept of Corporate Governance. In fact, every model of Corporate Governance introduces the concept of internal control as a basic component for the company's success. (Actually it was in the list of objectives of a good CG framework)
This is due to the fact that the internal controls are carried out to help the company accomplish its aims, fulfill its mission, and conduct an effective and efficient risk management. As a result, one of the main management activities is the implementation and maintenance of an effective system of internal control.
This is due to the fact that the internal controls are carried out to help the company accomplish its aims, fulfill its mission, and conduct an effective and efficient risk management. As a result, one of the main management activities is the implementation and maintenance of an effective system of internal control.
Tendencies in the definitions, practices and applications of internal control are related to the increasing dependence on technology, and to the changes in the internal and external corporate environment. Two aspects are considered of utmost importance; one is the effect the relationship between various levels of stakeholders can have on the internal control of a company, and the second is the interaction between the internal control and risk management.
Historically, the term "internal control" was applied almost exclusively within the accounting profession. As the auditing of financial statements evolved from a process of detailed testing of transactions and account balances towards a process of sampling and testing controls, greater consideration of a company's internal controls became necessary in planning an audit.
If an internal control component had been adequately designed, then the auditor could limit further consideration of that control to procedures to determine whether the control had been placed in operation.
Accordingly, the auditor could rely on the control to serve as a basis to reduce the amount, timing or extent of substantive testing in the execution of an audit. Conversely, if an auditor determined that an internal control component was inadequate in its design or operation, then the auditor could not rely upon that control. In this instance, the auditor would conduct tests of transactions and perform additional analyses in order to accumulate sufficient, competent audit evidence to support its opinion on the financial statements.
The Committee of Sponsoring Organizations of the Treadway Commission ("COSO"), formed in 1985, undertook an extensive study of internal control to establish a common definition that would serve the needs of companies, independent public accountants, legislators and regulatory agencies, and to provide a broad framework of criteria against which companies could evaluate the effectiveness of their internal control systems. In 1992, COSO published its "Internal Control Integrated Framework". The COSO Framework defined internal control as "a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives" in three categories: Ø effectiveness and efficiency of operations;
Ø Reliability of financial reporting;
Ø Reliability of financial reporting; Ø Compliance with applicable laws and regulations.
COSO further stated that internal control consists of: (encompasses the following 5 fundamental aspects)
Ø The control environment;
Ø Risk assessment;
Ø Risk assessment; Ø Control activities; Ø Information and communication;
Ø Monitoring.
Ø Monitoring.
The scope of internal control therefore extends to policies, plans, procedures, processes, systems, activities, functions, projects, initiatives, and endeavors of all types at all levels of a company.
Internal controls are implemented to achieve the company's goals and accomplish its mission, minimizing the surprises which can be encountered in the way. It enables management to deal in a dynamic and competitive environment, managing the changing demands and priorities of consumers, as well as restructuring for a future growth.
As the COSO report is the result of a wide fraud research, many would argue that it presents internal control from a negative perspective, emphasizing only on preventing or detecting fraud and error. On the contrary, this report views internal control from a much more positive and balanced way, as a management central responsibility when leading the entity towards the fulfillment of its objectives.
COSO is the internal control framework adopted by the different U.S. regulatory entities such as the AICPA (The American Institute of Certified Public Accountants), the PCAOB and the SEC.
Corporate Governance problems in cases like Enron and WorldCom
Corporate Governance problems in cases like Enron and WorldCom
As we mentioned in the introduction, we have seen huge collapses of big corporations during the last years. Our investigation allowed us to conclude that most of the fraud perpetrated was carried out through bad corporate accounting practices due to a poor or inexistent Corporate Governance framework.
One of the big corporations that went bankrupt was Enron, company that became the worst corporate scandal of the U.S..
The former was not an isolated case; there were many other companies that issued false reports such as WorldCom. Below, we will analyze what happened in both cases, to what extent we can hold the professionals managing the companies responsible for what had happened, and the problems of Corporate Governance these two companies had.
a. Enron
In 1985 after federal deregulation of natural gas pipelines, Enron was born from the merger of Houston Natural Gas and InterNorth, a Nebraska pipeline company. At first it was mainly dedicated to the energy business (traditional services) and afterwards diversified its activity to the electricity field.
In 1985 after federal deregulation of natural gas pipelines, Enron was born from the merger of Houston Natural Gas and InterNorth, a Nebraska pipeline company. At first it was mainly dedicated to the energy business (traditional services) and afterwards diversified its activity to the electricity field.
The amount of its financial operations enabled Enron to become one of the world's biggest energy companies, with sales over 100 billion dollars in its last year period.
One of the incorrect accounting practices used by Enron was to transfer debt from its financial statements to "special purpose entities" which were created to hide liabilities from investors, as well as to avoid or minimize paying taxes.
We can mention as main violations to basic accounting principles the following:
a) there were transactions that were not included in the financial statements
b) recognition of revenues in only one year from contracts accrued in 10 years;
c) transactions done through subsidiaries were booked as income;
d) overstatement of benefits;
e) at the same time quarterly results were distorted and negative results were hidden through the manipulation of assets and financial instruments;
f) the reports submitted were incomplete and deceitful.
The fixed idea to increase the company's earnings through these practices was directly related to the fact that the executives' remuneration policy was tied to the performance of the company.
Auditing firms were to blame for several other causes and, as mentioned by Jorge Sanchez Henriquez and Marianela Moraga, some of them are:
a) Lack of independence. Andersen not only offered auditing services but also non audit ones, such as investment advice and accounting counseling. The income that Andersen received for the latter was higher than the money earned through the auditing services. This situation helped to increase dramatically the audit risk;
b) Andersen, the auditing firm hired by Enron to carry out the internal audit (Enron was the first company to use internal audit outsourcing) used to have among its staff former internal auditors and managers from Enron, the same professionals who carried out the auditing services for the company;
c) Since Enron started, it never changed the auditing firm or the groups of work. The audit partner was pressured to "let fishy things happen";
d) Andersen violated generally accepted auditing standards which led to a major ethical and legal problem;
e) Andersen destroyed evidence, expressed an opinion that did not reflect the real condition of the company;
f) It didn't investigate adequately, showing its lack of independence up;
Every accountant at Enron as well as executives, managers, board, audit committee, internal and external audit were well aware of all the fraudulent practices that were carried out by the company, the hidden debt it had and the wrong accounting practices it applied. The accountant, head of the audit work, confessed having obstructed legal investigations, which all together leads us to face the serious ethical problem of chief executives and professionals involved.
b. WorldCom
In the 90', WorldCom was an important company dedicated to the telecommunications industry, completing several mega-deals and acquiring more than 60 firms in the second half of the 90'. During the year 2001, WorldCom witnessed the decline in sales and surge in its debts. This was due to the drop of long-distance call prices and the appearance of cell phones. At the same time, a dip in the company's profits took place, and it became very difficult to meet the analysts' expectations regarding the profitability of the company.
As a result, the company started with fraudulent maneuvers in its operating and accounting system.
Among the most important causes of its failure we find:
a) Violation of basic accounting principles. They recorded expenses as assets. This accounting maneuver let them minimize losses, and at the same time, improve the cash flows of the company, so it would appear attractive to investors covering its real situation. This expenses were amortized throughout many years in stead of affecting the appropriate year;
b) The company didn't provide the necessary and adequate information to investors preventing them from evaluating their investments accurately, in this way violating many legal requirements regarding the presentation of financial statements in the U.S..
In March 2002, the SEC requested information from WorldCom because the financial statements presented by it showed profits when its main competitor AT&T was losing money.
When the former occurred, the internal audit also started digging up to discover the supposed illegal maneuvers, unveiling the mentioned accounting irregularities. In June 2002, the internal audit team contacted the company's audit committee to ask for documents supporting numerous capital expenditures but the supporting documents were never found.
The internal audit deep investigation regarding the procedures carried out by the company started when the SEC observed WorldCom's financial statements. Once more, the lack of good Corporate Governance practices becomes evident jeopardizing ethical values and good behavior of professionals.
Not surprisingly, the investors have lost confidence in the information related to the performance of the companies as well as in all the people involved in its preparation.
As a result of the mentioned situation, we can conclude that all the problems were due to a lack of an appropriate Corporate Governance framework. Its main concepts such as shareholders protection, safeguarding of their interests, a balanced treatment among them, and an efficient internal control system, were not respected. The unethical behavior and lack of values from members of the board of directors and high ranking executives led to the fraudulent incidents we described previously.
|
Hebrew 
