Enterprise Risk Management

The AICPA has long recognized the impact that technology has on the accounting profession. In fact, for over two decades, we’ve been reaching out to members and key stakeholders to better understand how it can be effectively harnessed through our Top Technology Initiatives Survey.

Back in the early 1990s when the survey debuted, the technologies we take for granted today would have been impossible to fathom. In an era when only early adopters had digital answering machines, the idea of a personal computer, which could obtain almost any piece of information in the world was beyond most people’s comprehension. Now, we carry these devices around in our pockets, take pictures with them and call them phones.

Audit claims alleging failure to detect theft and fraud are not new.  However, their frequency and severity are increasing dramatically.  Between 2008 and 2010, the percentage of audit claims alleging failure to detect fraud and theft more than doubled, from 30 percent to nearly two-thirds of all audit claims.  Equally alarming, many claims arising from tax, bookkeeping, compilation and review engagements now include similar allegations.  By 2010, among all claims alleging failure to detect theft and fraud, 24 percent emanated from tax services, 17 percent from compilation and review services, 11 percent from accounting and other services, and 4 percent from investment advisory services. The remaining claims involved audits.

Almost 20 years ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), of which the AICPA is a member, produced the landmark Internal Control – Integrated Framework. With this published framework, COSO, an organization providing thought leadership and guidance on internal control, enterprise risk management and fraud deterrence, established a common internal control model against which companies and organizations may develop and assess their control systems. It became the world’s most widely used internal control framework.

But a lot has happened since 1992, such as the Internet! With advances in technology and business operations, the time was right for the framework to be updated so it could remain relevant and useful. In November 2010, COSO announced such a project. An online survey in January 2011 gleaned input from a broad audience. Last month COSO released the proposed updated Internal Control – Integrated Framework Exposure Draft to obtain input from the users of the framework and the general public. As a member of COSO, the AICPA has a representative on the COSO Board and a representative on the project’s Advisory Council.

No matter where you turn lately, the headlines have been focused on the situation surrounding News Corporation’s News of the World. The tabloid closed its doors recently in the wake of a massive voice mail hacking scandal. What’s interesting to me about this story is that a 168 year-old business fell because staff (and whomever else was in the know) was willing to subordinate their judgment and professional ethics in the interest of gaining a competitive edge to meet organizational goals.

It’s an extraordinary case, but for me it poses some important questions: to what lengths is my staff willing to go to move the business forward? What message does our board and management team communicate about our ethical commitment and the risks we are willing—and not willing—to take? What are we doing to make sure we don’t end up in a situation like that of the News of the World?