Blog

sox_part_2_blog
March 20, 2019 3:43PM

How to Create Strong Internal Controls to Avoid Fines

Now that financial reporting tech has become so expansive and accessible, analysts are predicting more vigilance from auditors than ever before. Therefore, when trying to protect your company from reporting slip-ups and accounting no-nos, the best measure you can possibly take is to create strong and detailed internal accounting controls.

Fines That Will Knock Your SOX Off

The Sarbanes-Oxley (SOX) Act of 2002 was established to crack down on corporate fraud. The act mandates strict reform of financial disclosures and created the Public Company Accounting Oversight Board as its auditing watchdog. For some companies, an independent annual audit is a requirement for further checks and balances.

A corporate officer who does not comply or even accidentally submits an inaccurate certification is subject to a fine up to $1 million and ten years in prison. If an inaccurate certification is submitted purposely, the fine goes up to $5 million and twenty years in prison. Therefore, to keep your company from getting red-flagged and free of fines, scrupulous internal accounting controls are a must.

Internal Controls You Already Have

Luckily, you likely already have some internal controls in place to assist with oversight and error-proofing.

  1. Your Board of Directors

Your board of directors is responsible for your company’s ethical culture and transparency; issuing thorough financial reporting and effective control policies and procedures helps maintain these goals.

  1. Internal Auditing Team

You also likely have internal auditors—in the form of common roles like Controllers and CFOs—to provide the framework for compliance and regulate the company’s financial reporting.

Internal Controls: Processes & Best Practices

In addition to the watchful eye of your board and meticulous regulation by your controller and internal auditing team, establishing procedures and best practices are key, especially if members of your internal audit team are ever replaced. Best practices include cross-checking and creating redundancies to ensure the reduction—and ideally the elimination of—errors and fraud incidents. Having multiple eyes on the data is always advised. Moreover, access control and the reduction of access to certain data is vital, eliminating the chance of people “messing with your sheets.”

Along this same line of thought, according to the Association of Certified Fraud Examiners, theft, or misappropriation of assets, makes up the majority of fraudulent activity. These thefts are either direct stealing, bogus expense claims, or taking other property, and are usually conducted by employees. This is another motivating reason driving home the point to initiate and maintain strong internal controls and access controls.

Is It Still Fraud If You Didn’t Mean It?

If it’s not fraud, it’s negligence. In some cases where fraud isn’t intentional, it is dubbed negligence. An auditor’s liability for general negligence when conducting an audit is confined to the client. This means your company is liable for your auditor’s negligence and still subject to severe legal ramifications.

In 2010, the  U.S. Securities and Exchange Commission (SEC) filed enforcement actions against Citigroup and two of its executives for allegedly misleading investors about the company's exposure to subprime mortgage-related assets.

While the Citigroup incident is not a cold hard case of negligence, it’s a valid lesson learned that “unintentional fraud” leads to overwhelming negative attention and puts a company in question on the SEC’s and the Public Company Accounting Oversight Board’s radar for potential non-compliance.

Automating and streamlining internal controls

The most common “system” for digital reporting and tracking is Excel. However, Excel is far from the best tool available. Excel spreadsheets are too prone to error. Requiring manual entry and often times conversion from one format to another, there are just too many opportunities for data to be input incorrectly or removed. When it comes to financial reporting, Excel requires too much to keep track of, offers too many variables for error, and allows too many things to fall between the cracks.

Instead, opting for a real estate-specific reporting software can help align your data, making it easy to control, automate, and report for both auditors and investors.

For MRI Software Users

MRI’s Report Design is a comprehensive report writer that includes an extensive range of user interface customization tools to simplify report design and to increase efficiency and accuracy. If you require increased flexibility and power to build custom operational reports such as financial statements, variance reports, rent rolls, and sales reports, MRI’s Report Design module is what you’re looking for. MRI’s Report Gateway can also provide SSRS reports to aid financial statements.

For Yardi Users

Yardi’s SQL Service Reporting Services (SSRS) reports, Yardi Spreadsheet Reporting (YSR), and Yardi’s Audit Table are three tools any Yardi user will find beneficial when creating custom financial statements and reports that meet SOX Act standards. Specifically, Yardi SSRS reports and YSR can be customized to generate any report directly from Yardi’s dashboard rather than initializing a manual data dump to Excel. This allows you to get the data you need in the exact format your require and in a faster time-frame. Within Yardi’s Audit Table, you can turn on controls within certain system objects for more detailed tracking including timestamps of user activity and data changes.

Security Settings

One of the quickest ways to establish stronger internal controls is by making use of software security settings. A good starting place is to link users to specific properties or modules, so they can only perform actions for the properties they are meant to be working on. Within Yardi’s Voyager, you can control a user’s ability to post transactions to prior and future accounting periods. This can prevent unauthorized changes to periods that were already reported on, helping to eliminate data errors. Yardi’s security features allow group user permissions and over 5000 individual permissions to help you specify what users can do and see within the system.

Within MRI, you can use Virtual sites to segregate data available to users based on location. Making the best use of Roles and Classes will help specify functionality available to the user including full access, view only, add, update, and delete. When the need for specific reporting comes along, data can be parsed by specifying what accounting basis is seen by which groups of people. In both Yardi and MRI, it’s a best practice to make use of Read Only functionality for users who have no need to make changes to the system, but still want or need to see the data.

Establishing the right security settings takes time and forethought. Auditors want to see internal controls in place, and beyond looking at your security features—depending on the scope of the audit—they may want to test the security settings. So, you need to be confident that users really don’t have access to things that they shouldn’t have. Likewise investors are going to feel reassured to know you’ve set up detailed and specific security features.

How to Get Started & Stay Streamlined

If you’re sold on implementing a real estate software solution like MRI or Yardi, or upgrading your modules to get more robust features, ensure your new automated reports are accurate and contain precisely what’s needed for audits and to avoid fines.

How? Make sure to install and implement the technology professionally.

If your company already takes advantage of a real estate software solution, it’s important to know the intricacies of the technology, not just the basics. After all, your company’s invested a great deal of time and money to move toward modernized reporting; it’s important to make sure they are getting the value they deserve. We recommend hiring a consultant to set up your customized reports and train your team how to use them properly to avoid inaccurate financial statements and the resulting penalties.

Additionally, both MRI and Yardi can now generate compilations of reports, or report books, for quarterly meetings. In some cases, it actually costs you more to compile these on your own by having employees on payroll doing repetitive work and creating more room for errors. It may seem like an extra spend to add on these custom or enhanced solutions, but in the long run, it could end up saving you money—and without a doubt, save you time and eliminate errors.