Tag: auditor attestation on internal control

Do material weaknesses point to fraud risk?

It’s not just Dodd-Frank that has been roundly disparaged in some quarters, SOX 404(b)—the requirement to have an auditor attestation and report on management’s assessment of internal control over financial reporting—has also recently been much maligned. For example, at a recent House subcommittee hearing devoted to the reasons for the decline in the number of IPOs and public companies, a majority of the subcommittee members attributed the decline largely to regulatory overload, with a number of the witnesses training their sights directly on SOX 404(b). (See the SideBar below.) And then there are the legislative efforts to limit the application of SOX 404(b), such as the provision in the Financial Choice Act to allow certain time-lapsed EGCs another five-year exemption from the audit-attestation requirement. (See this PubCo post.) Whether you view these efforts as heavy-handed or not enough of a good thing, the notion that internal controls might diminish fraud risk remains controversial: some maintain that they are a strong deterrent, while others challenge that contention in light of management’s ability to override controls. A recent study by academics in Texas analyzed whether the strength of internal control significantly affects fraud risk. The result: the study found “a strong association between material weaknesses and future fraud revelation,” leading to the authors’ conclusion that “control opinions that do cite material weaknesses provide a meaningful signal of increased fraud risk.”