A recent fraud case caught my attention as it brought to life the concern I expressed in a November post (Small companies may get SOX audit relief). I wrote that “internal controls will always be a crucial piece of the business that streamlines financials and paves the way for airtight fraud prevention, regardless of audit requirements.”

Here we are less than two months later, and CFO Magazine is reporting on the fallout from a fraud case that could have been avoided with a better check on internal controls. The article cites the case of Koss Corporation, a small public company that was not subject to an internal controls audit and  which appears on the surface to have lacked sufficient segregation of duties — they paid dearly for it. A company Vice President is accused of skimming more than $4.5 million for personal expenditures over a two year period — a loss that a thorough audit of internal controls may well have uncovered or prevented.  As James D. Ratley, President of the Association of Certified Fraud Examiners indicated in the article, the fraud may have been prevented with the knowledge that auditors would be coming in to specifically audit internal controls.

This example will weigh heavily for those arguing against the permanent elimination of the audit requirement for non-accelerated public companies.

On the heels of a study that points out the imbalance in proportionate costs for small companies to comply with SOX, Accounting Today reports that The House Financial Services Committee voted that small and midsized public companies should be exempt from Sarbanes-Oxley audit requirements.

The result is a pending bill (Investor Protection Act) that will continue making its way through the legislative process.  But if it does progress it will be a game-changer for companies with market caps under $75 million, as the cost of audits has proven significant enough to alter companies’ strategy and perhaps even hold them back from peak performance. CFO magazine highlights the relief of small companies everywhere in this recent story, in which they note that:

Many financial executives say an exemption would mean the same level of integrity in their financials but with less cost. “We have a fairly good system of internal controls, and we’d like to keep that for our own well-being as much as anything else,” says Marty Schwenner, CFO of digital-power and motion-control systems manufacturer Magnetek, a company whose market cap dropped it from the accelerated filer range to the nonaccelerated filer range this year. “We view internal control as something that’s our responsibility whether or not Congress tells us it’s something that is.”

Mr. Schwenner took the words right out of my mouth, and I applaud his sense of obligation.  Internal controls will always be a crucial piece of the business that streamlines financials and paves the way for airtight fraud prevention, regardless of audit requirements.  We encourage non-accelerated filers to enjoy the potential relief of the exemption, but to remain vigilant when it comes to maintaining and monitoring their financial controls.

In November of last year we called attention to pending changes to the privacy law in Massachusetts that protects state residents’ personal information, and we’ve also just come out with a Perspectives article that details the steps to compliance.  However, good news for companies who deal with this kind of personal data: On February 12, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) once again revised its personal information security regulations and postponed the effective date until January 1, 2010.

This means more time to digest the new regulations and act accordingly.  To that end, we’ve scheduled a webinar to review the standards on Tuesday, March 10, and we invite you to register and listen in.  We will be sure to report back after the online event!