Being a CEO at a public company is clearly not as enviable a position as it once was. The passage of the Sarbanes-Oxley Act last summer, with its numerous penalties for corporate wrongdoing, means some CEOs could actually face prison time.
So it is surprising that, on the basis of our firm's recent experience, many CEOs of public companies only now seem to be waking up to the many different aspects of the law. And a number of states are now also considering the imposition of Sarbanes-Oxley guidelines on private companies.
Under the act, CEOs are held financially responsible for accounting restatements resulting from misconduct, with penalties including forfeiture of bonuses and any profits realized from the sale of company securities. CEOs must also personally vouch for their companies' statements and provide well-documented evidence that their internal control systems are adequate. Failures and restatements could result in jail time.
One key to understanding the new environment is knowing that a company's external auditors will be required to attest to the accuracy of its annual assertions. To do so, they will need supporting documentation prepared by management.
In other words, it's not good enough just to have an outside audit. Companies must convince their outside auditors that their internal controls are valid. They also have to provide evidence to the Securities and Exchange Commission, guaranteed with a signature. This requirement will most likely be in effect for fiscal years ending after Sept. 15, 2003.
All this creates a potential problem because internal controls typically have not been top of mind for CEOs--many of whom probably believed their control systems were adequate, but had no way to prove it if asked.
Internal controls are defined as processes created by a company's board, management and other personnel to provide reasonable assurances regarding the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations.
The best way to meet the requirements of Sarbanes-Oxley is to review internal financial controls, improve the mechanisms where necessary and ensure that the processes are well-documented. The most immediate actions that a CEO--along with the company's CFO, internal auditors and audit committee--can take to diminish potential...