Stop us if you’ve heard this one before. A top executive of a public company suddenly resigns. This person had bypassed the company’s processes and procedures to move forward with a huge transaction that really should have been approved or at least communicated to the board. Other mishaps that could have been prevented with proper internal controls have come to light as well.
The stock price drops as the company’s worth and its future are questioned in the days that follow. The information the company has previously put out about its financials faces skepticism.
Such a public scenario is fairly rare to see over a decade after the passage of the Sarbanes-Oxley Act, but companies are at risk if something is off with their “tone at the top.” Set by the board of directors and carried out by senior management, the tone lays out the ethical climate as well as the foundation for internal controls.
A poor tone at the top opens up the company to a higher risk of fraudulent activity. It could feed the temptation or make it possible for someone or some people to successfully do something wrong and not get detected for a while. This is especially true at companies that discourage any questioning of authority.
To stay grounded and preserve a good tone at the top, companies need to do the following:
Communicate often: The board and the senior management team lead by example in the way they communicate. Have an open-door policy and be transparent with what’s going on at the company, with frequent updates, including regular company meetings. Under a culture of communication, employees are less likely to think secrecy is acceptable.
Give internal controls a voice: It’s a topic that should have a spot on the agenda of the audit committee for conducting free-flowing discussions with external auditors when management is not present. Also check in with outside experts on ideas for strengthening the company’s internal controls.
Expect accountability: Make it clear everyone is accountable for their actions and what they observe. Outline expected behaviors in the workplace with a code of conduct and business ethics policy that is revisited periodically.
Finally, a best practice is to have all employees annually acknowledge they have read the company’s code of conduct and send a reminder letting everyone know they have access to an anonymous whistleblower hotline and shouldn’t fear retaliation if they need to use it. SOX mandates that employees who report fraud suspicions are protected, but it’s up to the company to remind employees that the tool is available and that the board and senior management values it.
All of these points are in management’s interest. We were once brought in to help a company after an employee made a report on a whistleblower hotline that unraveled a two-year-old fraud. Six quarters of financial results had to be restated because two sales executives had orchestrated an environment to recognize revenue earlier than allowed under GAAP. Their orchestrations included colluding with the customer to take delivery of product earlier than needed, forged documents and misrepresentations to company management and auditors.
How could the executives get away with it? The company lacked a proper tone at the top. Without this key foundation, companies are in effect encouraging employees to break the rules.
Theresa Eng, a member of RoseRyan’s dream team, is a superstar whether she’s working with a client or rallying her coworkers to volunteer for a good cause. Her areas of expertise include financial planning and budgeting, finance operations, and SOX.
Michelle Perez was honored in 2012 with RoseRyan’s coveted TrEAT Award, which honors a guru who has best exemplified our firm’s values (Trustworthy, Excel, Advocate and Team) throughout the year. She excels at SOX testing and documentation, finance management, general accounting, audit prep and support.
