Can Internal Control Stop Management Fraud?
Professor Manuel A. Tipgos provides an interesting discussion “Why Management Fraud is Unstoppable,” December 2002, but I would ask him to reconsider several points.
First, the Foreign Corrupt Practices Act of 1977 included an amendment
to the Securities Exchange Act of 1934 which clearly stated that:
(2) Every issuer which as a class of securities registered pursuant to section 12 of this title and every issuer which is required to file reports pursuant to section 15 (d) of this title— (A) make and keep books, records and accounts, which in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer; and (B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—(i) transactions are executed in accordance with management’s general or specific authorization; (ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements and (II) to maintain accountability for assets: (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
Doesn’t this amendment impose responsibility on top management for internal control?
Second, doesn’t the Treadway Com-mission Report, in Exhibit 1-2, imply that the entire organization, including the board of directors and the chief executive officer, is within the internal control environment? It seems clear to me that internal control is not below the top level of executives. It would help to have the author’s support for the statement that “[an] important shortcoming of the Treadway Commis-sion was its failure to authoritatively state that management is not above the controls recommended.” My reading of the report does not support such a shortcoming.
Finally, AU section 110.03 states that “Management is responsible … for establishing and maintaining internal control that will, among other things record, process, summarize, and report transactions…” The annual reports of many publicly owned companies include a statement, signed by key executives, often titled “Responsibility for Financial Reporting” that explicitly acknowledges this responsibility for internal control.
Professor Tipgos’ conclusion posits an interesting historical hypothesis: “[T]he accounting profession is truly the backbone of our financial markets because of its integrity and the confidence it has earned over 100 years of protecting the public trust.” Why has there been a failure to adhere to clear management responsibilities for internal control? Why has the profession not aided management in its responsibility? Professor Tipgos’ thoughts on those questions would be interesting.
Mary Ellen Oliverio, PhD, CPA
The Author Responds
To implement the provisions of the Foreign Corrupt Practices Act of 1977, an amendment to the Securities Act of 1934 was made requiring management to maintain a system of internal control to ensure accurate record-keeping, accountability for corporate assets, and adherence to GAAP. Professor Oliverio asks whether this amendment imposes “a responsibility on top management to be responsible for internal control.” The answer is “yes,” and this responsibility to implement a system of internal control is reinforced by the Treadway Commis-sion and the Committee of Sponsoring Organizations (COSO) report of 1992. We can probably generalize that all public companies have implemented a reasonably adequate internal control consistent with the “house of controls” proposed by COSO. Also, it must be emphasized that COSO requires total commitment from top management (the tone at the top) to promote control awareness or “commitment to controls” at all levels of the organization.
Between the “responsibility to comply” and “responsibility to implement” is a “zone of discretion and prerogatives” which top management enjoys and which defines management’s range of compliance. This zone was, wittingly or unwittingly, strengthened by COSO when it encouraged management to take ownership of internal control. The fundamental question is whether top management would allow itself to be subject to the controls it has instituted or implemented in the organization. In my view, this is the very question that would make internal control work to the extent that management wants it to work. This also explains why management overrides internal controls or freely manipulates transactions, Enron-style, to satisfy a goal or an objective. Besides, as I argued in the article, ownership gives management property rights to such controls and can do whatever it pleases.
Professor Oliverio requests support for my assertion that the Treadway Commission failed to authoritatively state that management is not above the internal control structure. The diagram that she cites shows that the whole corporate hierarchy, including the board of directors and the audit committee, is covered by such a control environment. In the absence of an express authoritative statement from the Tread-way Commission that top management is covered by internal control, does this exhibit imply coverage of top management, the board, and the audit committee? The exhibit shows that it does. I, however, disagree, for two reasons.
First, the exhibit is flawed because internal control cannot reach the board of directors, the audit committee, or even top management. Top management sponsors and designs internal control to operate below its level, essentially the operations area. Second, the relationship among these top levels of the corporate hierarchy is defined by the broader concept of corporate governance which includes internal control as a major component.
In my article, I suggested that the Treadway Commission created an illusion or false hope that management fraud is under control. Here’s why: The original name of the Treadway Commis-sion was the National Commission on Management Fraud, launched by COSO as a result of intense criticism and scrutiny of the accounting profession from the public, regulators, and the Congress in the wake of huge management frauds at the time, particularly Equity Funding and the Savings and Loan industry. The purpose of the commission was to study and understand management fraud and to formulate strategies to prevent its recurrence.
Not long after its launching, certain sectors of corporate America protested the name of the commission, contending that such a name suggested that all management actions are fraudulent. A new name was adopted, the National Commission on Fraudulent Financial Reporting, and thereafter the Treadway Commission appears to be very careful in using the term fraudulent financial reporting as opposed to management fraud throughout the study. A rereading of the regular advisories of the study by James Treadway appears to suggest that management fraud was indeed being studied, but frustration as to what to do with it seemed to be mounting. This frustration is evident in one of Tread-way’s advisories, where he said, “I sometimes think that when all is said and done at our Commission, the main conclusion we may come up with is that top management should be honest and insist that everyone in the organization be the same.”
In my view, the Treadway Commis-sion was short of remedies to prevent or deter management fraud. Neverthe-less, it laid the foundation for corporate governance and directed the sponsor, COSO, to proceed with a study integrating the various concepts of internal control. All the while, I personally thought that management fraud was under control as a result of the Treadway Commission study and the COSO internal control report of 1992. The Enron crisis made me reconsider my view.
Does “Responsibility of Financial Reporting” in financial reports explicitly define management’s responsibility for internal control? My answer is a resounding “yes,” but this answer became the last piece of the puzzle when I placed it on the table with my public accounting experience of writing management letters and internal control memorandum to top management, the Treadway Commission report, COSO Internal Control, and the Enron debacle.
In the last few decades, management became very powerful and through its “zone of discretion and prerogatives” overwhelmed the power of the board of directors to the extent that the latter was reduced to rubber-stamping management’s wishes. This led me to my conclusion that only management itself can stop management fraud. The law, regulations, and statutes are deterrents but can’t stop management fraud altogether. The Sarbanes-Oxley Act? My answer is the same: It is only a deterrent, despite its increased penalties for perpetrators. For some time, however, maybe the next 10 years, management fraud will calm down because of public outcry.
What, then, could stop management fraud other than management itself? The answer is ethics, elevated to the next level, and the “rule of rules” or “rule of policies” adopted within the corporate organization, akin to the “rule of law” in our free society, to bring corporate rules and policies above the heads of top management, the board of directors, and the audit committee. President Bush echoed this sentiment when he exhorted corporate America to do the same. It will be a big job and the public will again look to the business schools to train our students how to handle ethical dilemmas. I thought we made excellent progress in integrating ethics into our curriculum with the help of the millions of dollars that Arthur Andersen spent two decades ago in training the business faculty of colleges and universities across the country. Unfortunately, Arthur Andersen itself succumbed to the problem.
For more than 30 years, one voice, that of Professor Abe Briloff, kept reminding us about the financial reporting excesses of corporate America with the approval of the large international accounting firms. But nobody listened. The bulk of the accounting profession, both in the practice sector and the academic community, hung a big sign on Professor Briloff: “troublemaker.” Now, Professor Briloff ought to be dancing in the street of every financial district across this country.
Finally, the accounting profession is in the dumps right now. Over the years, regulators and Congress allowed us to regulate ourselves, a privilege unheard of in most professions of our time. We held our heads high when answering the question raised by our critics: “Who audits the auditors?” Our answer: “We, the auditors!” With the passage of the Sarbanes-Oxley Act, almost every freedom we valued in the profession is taken over by the law. Even a code of ethics is legislated under the act. There’s no telling when we can, if ever, recover the glories of the profession built by our accounting forefathers for more than 100 years and handed to us on a silver platter. Indeed, we are irresponsible stewards!
Before I started answering Professor Oliverio’s letter, I replayed my tape recording of an exchange between Colonel Arthur Carter, then-president of the New York Society of Accountants, and Senator Alben W. Barkley of Kentucky regarding the proposal to establish a Corps of Federal Auditors to audit public companies during the hearings for the Securities Act of 1934. What an exchange:
Senator Barkley: Is there a relationship between your organization of
2,000 members and the organization of controllers, represented here yesterday
with 2,000 members?
Colonel Carter: None at all. We audit the controllers.
Barkley (surprised): You audit the controllers?
Carter: Yes; the public accountant audits the controller’s account.
Barkley (with a thundering voice): Who audits you?
Carter (proudly and thundering back): Our conscience!
Manuel A. Tipgos, PhD, CPA
Indiana University Southeast, New Albany, In.
©2006 The CPA Journal. Legal Notices
Visit the new cpajournal.com.