Like them or not, external auditor requirements for corporate financial reporting have been proven “highly effective” in detecting corporate fraud, according to a recent study from the American Accounting Association.
And while Sarbanes-Oxley Act auditing requirements — or any other auditing requirements for that matter — are typically considered to be cumbersome and costly by corporate executives, the risks associated with not auditing (even if your company isn’t required to do so) can be even costlier, especially if and when fraud is detected.
For instance, the typical organization loses 5 percent of its revenues to fraud each year, according to the most recent Report to the Nations on Occupational Fraud & Abuse, which was published in 2014 by the Association of Certified Fraud Examiners. The report also highlighted that more than 22 percent of the cases in the survey resulted in losses of at least $1 million, and the median loss amounted to $145,000.
The costly nature of fraud is why fraud detection is so important — and in effect, why external audits are potentially equally important. The American Accounting Association study, published in Auditing: A Journal of Practice and Theory, suggests a link exists between weak internal controls on financial reporting and a higher risk of undisclosed accounting fraud at public companies.
That link “is an important consideration when weighing the costs and benefits of Sarbanes-Oxley,” according to a recent New York Times article, “Sarbanes-Oxley, Bemoaned as a Burden, Is an Investor’s Ally.” Such a consideration has become of great interest lately, as Congress considers rolling back some of the act’s regulations.
Still, even if companies believe external audits can save them from the perils of fraud, they are still left with the frustrations associated with complying with Sarbanes-Oxley and other auditing requirements.
First, requirements and regulations are always changing — meaning organizations have to keep pace with those changes and then change their own processes in order to meet those constantly evolving obligations.
Second, keeping pace when the rules are always changing costs time and money. It can in fact take a real toll on an organization’s resources. Without adequate staff, tools or technology, organizations might find themselves diverting resources away from business performance just to stay compliant.
Third, not only do organizations have to keep their processes and reporting in line with the evolving rules and requirements, they have to keep the technology they use to support their compliance efforts up-to-date as well. And for companies that invested in technology early in the Sarbanes-Oxley era, and now have “legacy systems” in place, this can be a real struggle.
Fortunately, in the last several years integrated risk management technology has matured significantly to make compliance and audit management more agile. Because such technology is now offered as software-as-a-service, it touts benefits like rapid deployment and modification; improved productivity for auditor and auditee; a reduction in reliance on IT staff; and an overall reduction in cost.
This enables companies to focus on problems — whether it’s fraud or any other issues an audit might highlight — instead of focusing on keeping technology working.
Learn more about Riskonnect’s Integrated Risk Management corporate compliance and oversight solutions, mentioned by Gartner, here.