FINALLY THE DIFFERENCE BETWEEN LARGE AND SMALL PUBLIC COMPANIES HAS BEEN RECOGNIZED

By Jason Dollar

There is a recognized distinction between small companies and large companies when related to assessing internal control. Since the implementation of the Sarbanes Oxley Act of 2002, many have felt that this was not necessarily the case for public companies. As time has passed, we are now realizing that smaller companies cannot be expected to place the same amount of costs into organizing and controlling the internal control environment as larger companies. Because of this, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has issued a report titled “Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting.” Through this report, COSO shows its realization that section 404 of the Sarbanes Oxley Act as the major factor in a company’s evaluation of its internal control over financial reporting. It also realizes that smaller companies have had a more difficult time implementing 404 and provides insight into ways of managing their controls cost-effectively.

One of the most important factors to consider for a small business is the cost-effectiveness of the control structure. Companies incur large costs each year to implement, test, and assess their internal controls. Smaller companies must be aware that the costs of these factors should not outweigh the benefits. For this reason, COSO has pointed out several ways of controlling those costs while still maintaining a sound internal control structure.

COSO points out several factors that are essential for a small business to implement a sound internal control structure. At the forefront of this list is the tone at the top. Many small businesses many not realize the importance of this function, but while it may be the control with the smallest cost to implement; it is often the most effective. Management, whose style and operating tone reflect an environment of sound effectiveness in internal control, may alleviate many problems that could otherwise be encountered if the operating style was lackadaisical or uninterested. If the employees see the head individual of the organization acting in a certain manner, they are likely to follow. The important factor is that management act ethically and responsibly in its everyday activities.

Segregation of duties is also on the forefront of COSO’s list. This control, while many times hard to implement at a smaller institution, should not be taken lightly. While it cannot always be enforced, it should be implemented when at all possible. Segregation of duties is a large determent of fraud because it does not allow one individual to authorize, process, and record a transaction all by himself. Someone should be checking behind him to ensure that the transaction is factual, reliable, and accurate.

Another important issue to consider in smaller business is management override. Although controls are in place and may be functioning correctly, many times is a small business management has the ability to override a decision simply by choice and with no consequences to consider. COSO points out that “The most effective approach to mitigate the risk of management override of internal control starts with the company’s commitment to competence and ethical behavior.” A whistleblower policy is an effective control to combat management override. A whistleblower policy provides opportunities for employees to inform upper management or the audit committee of actions by other employees or by senior management that seem fraudulent or unusual. The policy provides job security for this individual by preventing him/her from being fired because he “blew the whistle.”

The overall control monitoring in any business is the responsibility of the Board of Directors and the Audit Committee. For this reason COSO points out that small businesses should have the committees in place and functioning correctly in order to assess and evaluate the company’s internal control structure. It is important that certain members of these bodies be qualified accounting personnel and be independent of the business itself. COSO also points out that these bodies should continue to employ the knowledge of external auditors.

All companies regardless of size must implement a control structure that reduces risk to an acceptable level. A common mistake in smaller companies is that they feel that they do not have the people or the resources to implement these controls, so they relay on “after the fact” monitoring. Management should always consider the five essential components of internal control:

• Control Environment
• Risk Assessment
• Information and Communication
• Monitoring
• Control Activities

If a good internal control environment is in place, is cost effective, and is functioning properly, small businesses should be able to function effectively and reliably, which will go along way in preparing them for Sarbanes Oxley section 404.

Contact Nichols, Cauley & Associates by Email, phone, or online form with your questions.

Site visitors should keep in mind that the content is generally designed to be of general applicability. Particular state laws, regulations and special contractual provisions can greatly impact rights, responsibilities and legal obligations. Only a competent attorney, accountant or other professional looking at all the pertinent facts and circumstances of a particular situation can provide definitive guidance for you. Please refer to our important legal discalimer which can be accessed from the bottom of any BankAudit.net webpage.