I recently read an article discussing how approximately $1.2 billion in cash went missing from the coffers of MF Global Holdings, simply “vaporizing” in the wake of the company’ s collapse, according to The Wall Street Journal. It seems astonishing that they didn’t have the internal controls  in place that would have prevented this from happening: the CEO and CFO certified that the company’s internal controls were effective less than 90 days before the company went bankrupt.

The following controls—which are always part of our standard reviews—could have prevented this massive loss.

Segregation of duties (SOD): Traditional internal control systems rely on assigning certain responsibilities to different individuals or segregating incompatible functions. The general premise of SOD is to keep an employee or group of employees from being in a position to perpetrate and conceal errors or fraud in the course of their duties by preventing one person from having both access to assets and the responsibility for maintaining the accountability of those assets. The principal duties to be segregated are custody of assets, authorization or approval of transactions affecting those assets, and recording or reporting related transactions.

Monitoring controls: Monitoring can refer to evaluations of internal controls, either ongoing or separate. These evaluations enable management to determine whether the components of internal control continue to function over time, identifying deficiencies and communicating them in a timely manner to the people responsible for taking corrective action and to management and the board.

Fraud controls: The risk of fraud can increase significantly when three factors—pressures/incentives, opportunity and rationalization, commonly referred to as the “fraud triangle”—are all present. Of the three, opportunity can most effectively be managed to address fraud risks by designing and implementing a control environment that prevents, detects and deters most fraudulent behavior, whether it’s conducted by employees, vendors, consultants or senior management.

Simply put, if these three controls had been in place, the money would not have disappeared. Therefore, the internal controls never existed.

In a March 2 CNBC interview, Marc Andressen was asked what one thing Washington could do to increase job creation and innovation in Silicon Valley. He replied by saying “attack regulation” and went on to specifically mention Sarbanes-Oxley. In his view, Sarbanes-Oxley was put in place to prevent the next Enron or WorldCom but, in reality, it has just about killed the tech IPO. Founders want to keep their companies private for as long as possible, or forever.

I can certainly understand and applaud that founders desire to keep their companies private—but I think that has more to do with keeping control over the operations and direction of the company, focusing on long-term strategic goals and not being distracted by short-term returns to investors. Focusing on the business rather than the return to investors seems like a healthy approach to running a company.

When asked what specifically is the problem with Sarbanes-Oxley, Andreessen stated that it introduces an entirely new category of regulations, controls and responsibilities for companies’ finance staff, legal staff, board and audit committees—which translates into an enormous amount of time, energy and attention on the part of management when they are trying to focus on building their business. He went on to say that he is not in favor of another Enron or WorldCom, but the companies he works with are not out to defraud anybody. The big frauds haven’t come out of Silicon Valley.

I suspect Marc Andreessen knows more about the companies he invests in than the average investor knows about the companies in their portfolios. And that, I think, is the point of Sarbanes-Oxley: providing accurate and timely financial information to investors and to management. The Enrons and WorldComs may not have come out of Silicon Valley, but I believe we were the poster children for the stock option backdating scandals a few years back. While I agree that the vast majority of companies are not out to defraud anyone, it’s a slippery slope. In my experience, small private companies are not staffed appropriately to deal with the accounting implication of unusual transactions, and not adequately staffed to make sure mistakes are detected and corrected before publishing financial statements. Without proper objective oversight, the pressure to achieve certain operating results—or to be viewed as someone who believes in and supports the business—can cause a well-intentioned person to go astray. While founders are busy building their business, they won’t fund finance appropriately if they do not value it as a strategic part of the business. That’s fine if it’s just the founders’ money at risk, but when you are raising money in the public market you’ve taken on additional obligations and responsibilities. Those additional categories of regulations, controls and responsibilities that Sarbanes-Oxley brings to the table become essential.