Financial accountability Featured

7:35am EDT September 21, 2006
It’s been four years since the Sarbanes-Oxley Act was signed into law. Although private companies and nonprofit organizations are generally exempt from its provisions, many such organizations have found that certain aspects of the act can enhance their overall operations. It has raised the bar for what constitutes best practices in governance and expectations regarding internal control.

“Many companies are taking the idea of improved governance and accountability seriously and are recognizing how it benefits their organization,” says Gema Ptasinski, a partner at Vicenti, Lloyd & Stutzman LLP. “It helps to reduce risk of fraud, it increases confidence and credibility with stakeholders, and it results in having a stronger entity.”

Smart Business spoke with Ptasinski about what types of provisions make the most sense for private companies, the role of audit committees, and how to develop internal controls.

What types of private companies might want to voluntarily adopt the Sarbanes-Oxley provisions?
Companies that are going public will need to spend some time and money to show that they can comply with the act. Prior to an IPO issue, a private company will want to look into the provisions of the Sarbanes-Oxley act sections that require management to take responsibility for internal controls over financial reporting and conducting a year-end assessment of the internal control structure.

Companies considering mergers or being acquired by a public company will also need to show compliance. If you’re looking for investor funding and have documented internal controls and governance policies, you will be more attractive and able to secure investor funding.

Also, companies with absentee owners might consider the governance features of the act to help ensure that professional management is doing a good job.

Finally, some organizations are receiving pressure from board members, auditors, attorneys and investors to implement certain ‘best practices’ of the act.

What types of best practices make the most sense for private companies?
Private companies may want to consider having the CEO and CFO sign a financial statement certification. This acknowledges responsibility for the financial information being accurate and demonstrates their leadership and competence.

A second best practice would be the formation of an audit committee. The audit committee should be independent of management and should be composed of individuals who have financial expertise.

Additional best practices include developing codes of ethics and conflict-of-interest policies to set the tone of expected behavior for all employees and in light of the potential risk of fraud in any organization, providing an anonymous fraud reporting mechanism.

If an audit committee is formed, what is its role?
Committee members are responsible for interviewing and hiring the audit firm and ensuring independence of that firm. They’re also responsible for ongoing communication with the audit firm regarding the results of the audit. They should provide oversight of the fraud prevention program and assist the board of directors in fulfilling oversight responsibilities. A best practice for an audit committee — or for a board if there is no audit committee — is approving nonaudit services performed by the auditor, such as comments on candidates for executive positions and tax services.

How can a private company determine if the audit committee has a financial expert?
Sarbanes-Oxley defines a financial expert as someone who either has education or experience as a public accountant, auditor, CFO, controller, or has performed similar functions. When a company is thinking about qualified committee members, it should find individuals who have an understanding of Generally Accepted Accounting Principles and experience in preparation or auditing of financial statements for comparable entities. They should also have experience with internal controls and understand audit committee functions.

What resources are available to help an organization develop a code of ethics or a fraud hotline?
The AICPA (American Institute of Certified Public Accountants) offers a wide variety of information on their Web page at It has an anti-fraud resource center, a sample code of conduct and ethics, and information about audit committee effectiveness. There are service organizations that provide assistance in developing a fraud hotline.

Public companies are required to attest to and report on the internal control assessment made by management. Should private companies go that far?

Developing accounting and reporting policies and procedures is always a good practice for any organization. Considering the effectiveness of the internal controls in place is the key to minimizing fraud risk and risk of errors. An organization may want to consider establishing an internal audit function or committee. If resources and expertise are not available within the organization, they can consider outsourcing this function.

GEMA PTASINSKI is a partner at Vicenti, Lloyd & Stutzman LLP. Reach her at (626) 857-7300 x243 or