A little over four years ago, the Sarbanes-Oxley Act (SOX) was signed into law. The most significant provision was Section 404, which requires corporations to conduct an annual assessment and report on the effectiveness of their internal financial controls.
While SOX applies to publicly traded companies, the office of the New York State Comptroller instituted the requirement in response to the much-reported school district scandals on Long Island. The New York State Attorney General has also applied comparable provisions to not-for-profit entities. As expected, these concepts are filtering down to smaller and smaller companies. In fact, this year The American Institute of Certified Public Accountants has issued eight statements on auditing standards, focusing on the internal control and risk assessment issues highlighted in SOX. While early application of these statements is recommended, application is not required for audits conducted prior to calendar year 2007.
While SOX has the most name recognition regarding the internal control issue, publications of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) are the real authority. COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal control and corporate governance. The group established the most popular framework for internal controls, focusing on the tone set by top management, internal accounting and audit function and establishment of audit committees. A new guidance initiative for smaller businesses is expected as the period for comment has expired. The guidance is expected to reinforce the broad applicability of the integrated framework to organizations of all sizes.
Control and Compliance
Given this environment, this may be a good time to review the basic internal controls that should be in place in any small business—including your building. Internal control is a process implemented by an entity’s board of directors, management and other personnel. The internal control process is designed to provide reasonable assurance of the effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations.
In the past, many building boards simply accepted the internal control processes they inherited from their managing agents. The amount of board oversight over the managing agent varied a great deal, depending on the relationship between management and board. It could be formal, or less than formal. Regardless of the cordiality of the relationship however, it is imperative that all boards understand and exercise their oversight responsibility. No better internal control exists than curious board members utilizing a scheduled approach to review of the day-to-day issues affecting their building. This should include a review of the monthly management report, paid invoices, bank statements and reconciliations prepared by the managing agent. While such detailed review can be assigned to the treasurer and/or a finance committee, each board member should not be afraid to ask questions and request information until they fully understand the issues being presented to the board.