According to a recent report by The Association of Certified Fraud Examiners, organizations lose about 6 percent of their revenue to occupational fraud and abuse. The study also noted that occupational fraud was most commonly detected by a tip from an employee, customer, vendor, or an anonymous source.
You don’t have to tell Thom Weatherford about the value of inside information.
Years ago, when serving as CFO of Ungermann Bass (then owned by Tandem Computers), Weatherford received a tip from an employee that a country manager was coercing workers to record “revenue that wasn’t really revenue.” Weatherford launched an internal investigation, which ultimately confirmed the employee’s disturbing allegation. “Luckily, there was no harm on the revenue side,” recalls Weatherford. “But there was always that potential.”
Weatherford, who recently retired as finance chief of analytics software maker Business Objects, still serves on the boards of two companies. He says the ugly incident at Ungermann Bass provided a valuable lesson that might have otherwise gone unheeded. “It did bring up that maybe our internal controls could be strengthened,” he acknowledges.
Turns out the internal controls at a lot of companies could stand some strengthening. Over the past 18 months, shareholders have witnessed a seemingly endless parade of corporate scandals, revenue restatements, and Securities and Exchange Commission investigations.
To restore some faith in corporate accountability, lawmakers have attempted to ratchet up the control function at publicly traded companies. Part of that ratcheting up involves expanding the role — and responsibilities — of audit committees.
But legislators and regulators also seem intent on making it easier for whistle-blowers like the Ungermann Bass employee to rat out their bosses. The Sarbanes-Oxley Act of 2002, for example, includes a proposed rule requiring audit committees to establish procedures for the receipt, retention, and treatment of anonymous and confidential complaints by employees on accounting or auditing matters.
The SEC plans on issuing the final rules governing the compliance notification systems by April 26. SEC spokesman John Heine says the Commission could come out with the final rules even sooner. Either way, publicly traded companies must be in compliance with the law within a year of its publication in the Federal Registrar.
There’s just one problem. Observers say the current design of the SEC’s complaint notification system is so vague that they’re not quite sure what compliance entails.
Take Gary Barton, senior audit manager at J.C. Penney Co. Barton says he believes the retailer will be able to comply with the proposed system without using one of the many third-party providers that offer hotline services. But Barton also concedes that he’s been meeting with compliance officers at other companies to figure out best practices for addressing the whistle-blower requirements of Sarbanes-Oxley.
And the audit manager acknowledges that uncertainty about the new law may eventually force him to contact an outsourcer. “If we go further and they tell us where the complications are,” he says, “then we’ll look further into outsourcing.”