The Securities and Exchange Commission in US plans to vote today to require executives of public companies to attest that their firms have controls in place to detect accounting mistakes and fraud.
The rule will require managers to evaluate whether they have adequate rules to prevent employees from committing fraud and to sign off on the rules as part of an annual report filed with the SEC.
Congress, in the Sarbanes-Oxley Act last year, directed the SEC to address the problem of lax financial controls at public companies. SEC officials declined to comment on the rules before they are released.
Faulty internal controls, or the failure of companies to issue and follow clear rules about how financial statements are prepared, were cited by regulators in several major accounting frauds, including those at Rite Aid Corp. and WorldCom Inc.
“Internal controls can be a significant deterrent to management fraud,” said Douglas R. Carmichael, chief auditor of the new federal accounting oversight board. “They're not a foolproof solution, but they have a lot of potential for improving the situation.”
Securities lawyers noted, however, that internal controls cannot prevent all frauds. For example, top managers can always try to order underlings to record fraudulent numbers. At Livent Inc., a theater production company, managers enlisted a technology wiz to create a computer program that allowed staffers to override the accounting system, according to SEC documents.
Likewise, strong internal controls may not have alerted investors to problems at Enron Corp., experts said, because the company's outside accountants, board members, and others all bent the rules.
Experts said a new emphasis on internal controls is a positive step, but they warned that the reforms could be toothless if companies are not pressed to make a careful, thorough evaluation that's made available to the public.
“Some companies are going to take this very seriously,” said James D. Cox, a professor of corporate law at Duke University. But others, Cox said, are likely to use “boilerplate” language to describe their internal systems for detecting and preventing financial fraud, thus providing no new insight for investors and regulators.
Several publicly traded companies have expressed some concern about how far they must go to document their financial controls and how much time the process will take.
The SEC is considering whether to give companies more time to comply with the rules, which initially were set to take effect with annual reports for companies whose fiscal year ends Sept. 15.
“Internal controls are motherhood and apple pie,” said Colleen A. Sayther, president of the organization Financial Executives International. “No one would argue against having controls and evaluating them. … Time is really the issue.”
A partner at one Big Four firm estimated that the cost of an audit could double based on the new internal control rules.