Avoiding Internal Control Failures
The SEC recently fined company MetLife for Internal Control Failures. For those of you not tuned into finance news, that might not seem particularly fun. And it isn’t. But paying fines to the SEC? That’s even less fun. Here’s the deal with Internal Control Failures and how these companies messed up. If you already know about Internal Controls and the repercussions of their failures you can jump down to the “Recent News” section.
What are Internal Controls Over Financial Reporting (ICFR)?
Well, let’s start by defining Internal Controls. Every company has them, a set of procedures that ensure compliance with their policies. While there are several types, the Internal Control Failures we’re talking about in this post are specific to a company’s financial reporting.
In 2002, Congress passed the Sarbanes-Oxley Act (SOX) in an effort to decrease corporate fraud. Remember the Enron scandal? This was essentially a response to that. It set up guidelines companies had to meet, guidelines that made it harder to commit corporate fraud. The SOX also put the SEC in charge of outlining how public companies had to comply with these new rules.
So what are Internal Control Failures?
Internal control failures are what happens with the internal controls a company has are flawed, so flawed “that a material misstatement in a company’s financial statements will not be prevented or corrected.” Examples of a material misstatement include inadequately prepared employees preparing financial statements, not correcting account balance errors, and personnel holding positions that conflict with compliance.
When someone notices that a flaw is possible in a company’s ICFR, it must be reported immediately. If they don’t, the company can face fines from the SEC. However, there is some wiggle room in the law.
Likelihood and Impact
Your company wants to do the right thing. But they also don’t want to suffer undo consequences. So they double checks their work, internally or by bringing in an auditor. The goal is to establish two things: how likely the flaw is to cause a financial misstatement and how much that would impact the business.
The SEC cracked down on MetLife because, for over 25 years, the company sent no more effort than two mailing over five and a half years apart to determine is customers were still alive. This allowed the company access to money that might have otherwise been used to cover claims. While MetLife paid 10 million, they are far from the only violators.
In the past three years, four companies were made example of by the SEC. Specifically, the government agency called into question the adequacy of companies Internal Controls. The companies in question did share that there were material weaknesses, but as in some cases they happened year after year, they weren’t doing enough about it. The SEC made it clear that penalties would be enforced until proper their ICFR’s were fixed.
What should your company be doing about this?
The SEC had set a precedent of tacking on the ICFR violations when a company was found at fault of other financial misconduct. These recently announced violations make it clear that ineffective ICFR’s are enough of a reason for the SEC to impose fines and pursue legal action. Granted, these companies took as many as seven years to fix their issues. But that’s no guarantee for respite if a company has only been offering material misstatements and doing nothing about them for fewer years.
Another way to ensure your company avoids internal control failures? Making use of use of products and platforms that provide a clear process and record. Take mileage reimbursement. There can be a lot of disparate, moving parts in a reimbursement process that isn’t built around a platform. Our platform ensures there’s a process to follow and a record for fair and equitable reimbursement. Whether these are being scrutinized by an auditor or the government, these pieces are something every company wants to be protected by.
Interested in more Finance related content? You can find it here.