{"id":16470,"date":"2010-03-16T06:00:55","date_gmt":"2010-03-16T11:00:55","guid":{"rendered":"http:\/\/www.sequenceinc.com\/fraudfiles\/?p=16470"},"modified":"2015-04-23T08:24:13","modified_gmt":"2015-04-23T13:24:13","slug":"small-filers-struggle-with-internal-controls-over-fraud","status":"publish","type":"post","link":"https:\/\/www.sequenceinc.com\/fraudfiles\/small-filers-struggle-with-internal-controls-over-fraud\/","title":{"rendered":"Small Filers Struggle With Internal Controls Over Fraud"},"content":{"rendered":"

\"\"Compliance Week<\/em> – Melissa Klein Aguilar<\/em><\/p>\n

A large school of thought has developed to support the argument that non-accelerated filers should be exempt from compliance with Section 404(b) of Sarbanes-Oxley, which requires external auditors to review and attest to the strength of a company\u2019s internal controls.<\/p>\n

But as much as non-accelerated filers denounce the burden of Section 404(b) compliance, they\u2019re still confronted with one stubborn counter-argument: fraud happens.<\/p>\n

The $31 million fraud uncovered this winter at Milwaukee-based Koss Corp.\u2014small in dollar numbers, but huge relative to Koss\u2019s $32 million market capitalization\u2014is a powerful reminder that fraud can menace investors in small public companies just as much as it does to investors in large ones. Congress is still debating whether to exempt small filers from Section 404(b) compliance permanently; the latest deadline has small filers starting compliance for fiscal years ending on or after June 15, but regardless of that debate, experts say small filers still have ample reason to examine their internal controls\u2014and easy ways to improve them without breaking the bank.<\/p>\n

Numerous studies indicate that small companies are particularly vulnerable to fraud. The Association of Certified Fraud Examiners\u2019 \u201cReport to the Nation\u201d on occupational fraud estimates that U.S. organizations lose 7 percent of their annual revenues to fraud. Those with fewer than 100 employees suffered the highest median loss, $200,000.<\/p>\n

Even without Section 404(b) compliance forcing a stern look at internal controls over financial reporting, \u201cThere are plenty of things Koss\u2019s management could have done to look at its internal controls and procedures,\u201d says Tracy Coenen, a forensic accountant and fraud examiner at Sequence Inc. \u201cNo one was stopping them. It\u2019s clear that its executives were asleep at the wheel.\u201d<\/strong><\/p>\n

Coenen says the types of fraud that might affect small companies do slightly differ from those at large companies. Still, overall fraud risks are largely the same between the two, she says. \u201cThe major difference is that smaller companies have less wherewithal to absorb a fraud.\u201d<\/p>\n

One of the most common frauds at smaller companies is simple asset misappropriation\u2014that is, theft, usually of company money. Especially in today\u2019s poor economy, \u201cscams that put cash in people\u2019s pockets, such as direct embezzlements or kickback schemes, are typically the biggest category of fraud,\u201d says Jonathan Turner, managing director at investigative consulting firm Wilson & Turner.<\/p>\n

Smaller companies are also more likely to have fewer controls in place to prevent fraud. A recent study of 24 U.S. non-accelerated filers (roughly 0.5 percent of the 5,000 non-accelerated filers out there) by consulting firm Lord & Benoit found that all of them had at least two means of embezzling funds without being detected except by chance, including check signing, wire transfers, cash receipts, and fictitious employees. In all, the study, \u201cFrauds in U.S. Non-Accelerated Filers,\u201d found a whopping 1,338 control deficiencies even in that small sample\u2014an average of 56 per company.<\/p>\n

Bob Benoit, president of the firm, says the top fraud risk among the group was a single person\u2019s power to both sign checks and enter accounting transactions\u2014for example, a bookkeeper who has the freedom to write checks to himself and cover it up in the bank reconciliation. At large filers those two tasks would be split between two employees, but small companies say they lack enough personnel for such segregation of duties. Poor segregation of duties also created a similar risk for electronic fund transfers, Benoit says.
\n
\nCoenen, for one, doesn\u2019t buy the argument that small companies can\u2019t sufficiently segregate accounting duties. \u201cIf you have three people\u2014an owner, a bookkeeper and an outside accountant\u2014you can segregate duties and it won\u2019t cost any money,\u201d she says.<\/strong><\/p>\n

Surprise reviews of records and documentation are another effective control that won\u2019t cost much money, Coenen says. Ideally they should be done several times a year by an outside auditor, but even spot-checks by management can work, she says; just making employees aware that someone might inspect their work helps.<\/p>\n

A third option is job rotation, which works well as a check in accounting departments with at least five employees. Each employee in the group is cross-trained to do some tasks done by another, with group members periodically swapping duties.<\/p>\n

Benoit and others admit that control recommendations for smaller companies require \u201ccreativity.\u201d The Committee of Sponsoring Organizations (COSO) acknowledged as much in 2006, when it published an internal control framework specifically for small companies. \u201cSuggestions need to be right-sized and relevant to the size of the accounting department and the industry,\u201d he says. \u201cA top-down approach is absolutely essential to architecting an effective control structure in a smaller public company.\u201d<\/p>\n

Experts also warn that applying Section 404(b) to smaller companies\u2014assuming Congress does let that happen, which is not at all clear\u2014won\u2019t be a panacea to prevent fraud anyway.<\/p>\n

\u201cThere is simply no way to eliminate fraud,\u201d Turner says. \u201cWell-designed systems will minimize its impact and identify a scheme faster, but no combination can stop it.\u201d<\/p>\n

While a legislative mandate such as Section 404(b) does provide a push for some companies to pay more heed to internal control than they otherwise might, Coenen says diligent companies will take steps to strengthen their controls regardless of any rule obligating them to do so. Conversely, when an executive is intent to commit fraud, \u201cSOX means nothing. They\u2019ll find a way around it,\u201d she says. \u201cEthical behavior and a corporate culture of integrity have to be demanded by shareholders and other stakeholders. Regulation won\u2019t fix that.\u201d<\/p>\n

Coenen says the downside is that SOX may have lulled investors into a false sense of security that fraud isn\u2019t a concern because the law will protect them.<\/strong><\/p>\n

Turner says SOX is helpful in requiring executives to reassess their fraud risks regularly, since smaller organizations and the risks they face can change rapidly. At the same time, however, a small company\u2019s need to be dynamic and responsive to fast-changing market conditions also increases the risk that its employees will view compliance as a go-through-the-motions exercise, he warns.<\/p>\n

\u201cAt smaller companies with limited time and resources and tons of things on their plate, the odds go up that it becomes a checklist instead of a useful tool for critical examination,\u201d he says.<\/p>\n","protected":false},"excerpt":{"rendered":"

Compliance Week – Melissa Klein Aguilar A large school of thought has developed to support the argument that non-accelerated filers should be exempt from compliance with Section 404(b) of Sarbanes-Oxley, which requires external auditors to review and attest to the […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[16,1659],"tags":[],"class_list":["post-16470","post","type-post","status-publish","format-standard","hentry","category-auditing-regulations","category-internal-investigations"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p6Z0e-4hE","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/posts\/16470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/comments?post=16470"}],"version-history":[{"count":0,"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/posts\/16470\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/media?parent=16470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/categories?post=16470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sequenceinc.com\/fraudfiles\/wp-json\/wp\/v2\/tags?post=16470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}