12 Dec Corporate control begins with a strong board
Editor’s note: This is the second in a three-part series of op-ed pieces on corporate governance. The articles, part of WTN Media’s Boardroom Perspectives column, are written by associates in the Madison-based public accounting firm Candela Solutions, LLC.
Question: What is the most important corporate control?
Answer: A strong board. Some of you may be pondering, “Isn’t the company’s tone-at-the-top, established by the executive management team, the foundation for all controls?” Yes, but it is the board’s responsibility to hire, evaluate, compensate, and retain the CEO, thus making the board ultimately responsible for the company’s control environment.
Indeed, inattentive boards were a common thread behind the parade of financial frauds hitting corporate America this decade, as executive management teams were able to circumvent the financial reporting controls put in place to detect and prevent fraud. Elaborate schemes were set in motion to create misleading public financial information to gain personal benefit or to meet short-term Wall Street expectations. Boards fell asleep, fraud occurred, and shareholder value suffered.
As a direct result of board failures and the fraudsters who took advantage of the resulting opportunities, we have the Sarbanes-Oxley Act of 2002 (SOX). Audit committees, independent directors, executive compensation, code of ethics, overzealous external auditors, controls, controls, and more controls are now common subjects in committee meetings and board rooms. Yes, much of this renewed focus is healthy, but let’s not lose sight of the board’s primary duty to protect and represent the interests of the shareholders, which goes well beyond financial reporting controls.
The focus of Section 404 of SOX is on financial reporting controls. Unfortunately for many companies, this often means rearranging priorities at the expense of operational controls. Keep in mind that SOX-404’s focus is on the accuracy and completeness of financial statements, not on the company’s profitability, customer satisfaction, or any other operational objective. Consequently, a huge opportunity cost for many companies in implementing SOX-404 is the reallocation of resources from operational and non-SOX compliance controls to financial reporting controls.
Effective boards need to keep in mind their ultimate obligation is to serve shareholders to the best of their abilities. One way to accomplish this is by keeping internal controls visible. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines “internal control” through its framework entitled Internal Control – Integrated Framework:
“Internal control is broadly defined as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with applicable laws and regulations.”
I believe the majority of a company’s resources should be devoted to operational objectives. Simply stated, if a company cannot add value for shareholders, it might as well close up shop, thereby allowing owners to invest funds in a more profitable manner. Many SOX-404 compliance themes and tools, although not required, should also be considered for the vast domain of operational and compliance objectives. This includes documenting and testing operational processes, as well as keeping the board and management properly focused on the achievement of objectives in all three of areas noted in the COSO definition of internal control.
Yet, in many companies, boards continue to trek down a risky slope due to misconceptions of their role and the lack of healthy skepticism in their CEO, who may also serve as chairman of the board. Here are five key principles that strong boards should follow in promoting a healthy control environment:
• Recruit a multi-disciplined group of competent directors, with the majority of them being independent.
• Either prohibit the same person from holding both the CEO and chairman of the board positions, or have strong board committees consisting solely of independent directors who make key decisions pertaining to audit, executive compensation, and director nominations.
• Promote a board culture that is a bit contentious while interjecting a healthy dose of accountability over management and both internal and external auditing functions.
• Budget adequate resources at the board level for risk assessments, education, and monitoring achievement of objectives in the three areas noted in the COSO definition of internal control.
• Periodically evaluate board performance to hold directors, committees, and the entire board accountable.
And remember, strong boards equal great companies.
Other Boardroom Perspectives
• Jerry Norton: Auditors paying more attention to IT woes
Other articles by Ron Kral
• Ron Kral: The Big Picture of SOX 404
• Ron Kral: Technology Implications of Sarbanes-Oxley
• Ron Kral: Commentary: Is our “Biosphere” too cheesy?
• Online service makes board connections
The opinions expressed herein or statements made in the above column are solely those of the author, and do not necessarily reflect the views of the Wisconsin Technology Network, LLC. WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.