With all the talk about fraud since the big scandals of Enron, WorldCom and Tyco, it would only seem natural for companies to do whatever they can to prevent employee fraud. Yet companies have not radically changed their fraud prevention policies and procedures.
Sarbanes-Oxley is thought by many as the answer to fraud, but my experience shows something different. Sarbanes-Oxley was intended to restore faith in the integrity of corporations and executives, yet it hasn’t really had a measurable impact on fraud.
Rules under Sarbanes-Oxley created an expensive paperwork exercise for companies. They have reams and reams of paper that document what and how the company does in regards to financial data and operations. Yet that documentation itself doesn’t prevent fraud.
In many respects, Sarbanes-Oxley was feel-good legislation. Investors and users of financial statements wanted to feel better after the big corporate frauds became public. The government stepped in to require that public companies take action against fraud.
But in the rush to come up with something to pacify investors and the general public, the legislation lacked the impact for which everyone was hoping. Instead of requiring companies to proactively prevent and detect fraud, the law really requires just detailed documentation of procedures.
Along the way, Sarbanes-Oxley has cost companies hundreds of millions of dollars annually to implement. One estimate cited a total cost of more than $1 trillion. While this has been a huge money-making opportunity for consultants who make a living assisting with Sarbanes-Oxley compliance, what value did it really add for the corporate stakeholders?
There may have been some value derived from the exercise, but was it worth such a high cost? The cost to maintain the Sarbanes-Oxley documentation from year-to-year is significantly lower than the initial cost to comply, yet overall there has been an enormous cost to corporations.
Proactive companies have realized benefits from the work done to comply with Sarbanes-Oxley, even though the legislation requires few actual changes in the way business is done. Some companies have improved their basic internal controls, such as making enhancements to reconciliations, creating greater segregation of duties, and making digital data more secure.
Some companies have voluntarily improved period-end closing procedures and formalized the related accounting processes. The documentation required by Sarbanes-Oxley caused companies to evaluate some of these procedures and determine that more standardized procedures were needed.
The internal audit function of some corporations has taken on a bigger role. The internal auditors are becoming a stronger presence in terms of auditing a company’s risks and controls, and their work adds more value to the organizations. The board of directors plays a much more active role in many companies, becoming more engaged, especially in the area of controls and governance.
While proactive fraud prevention efforts were not required, some companies made improvements, but the number of companies who significantly engaged in this type of work was small. However, those companies that did take advantage of the opportunity to improve anti-fraud processes are surely in a better position.