Internal Control for fixed assets

Following the financial disasters at Enron, WorldCom and many others, Congress mandated in the Sarbanes-Oxley Act (SOX) that all publicly traded companies have a system of Internal Controls. Further, companies must evaluate them at least once a year and a report must then be provided to shareholders. An additional requirement is for the independent auditor to report on its evaluations of those Internal Controls.

Under Section 404 of the Sarbanes-Oxley Act of 2002, management is required to assess the effectiveness of the Company’s internal control over financial reporting as of the end of each fiscal year and report, based on that assessment, whether the Company’s internal control over financial reporting is effective.

Management of the Company is responsible for establishing and maintaining adequate internal control over financial reporting. The Company’s internal control over financial reporting is designed to provide reasonable assurance as to the reliability of the Company’s financial reporting and the preparation of external financial statements in accordance with generally accepted accounting principles. Internal controls over financial reporting, no matter how well designed, have inherent limitations. Therefore, internal control over financial reporting determined to be effective can provide only reasonable assurance with respect to financial statement preparation and may not prevent or detect all misstatements. Moreover, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

Based on the Company’s processes and assessment, as described above, management has concluded that, as of ________ , the Company’s internal control over financial reporting was effective. The effectiveness of the Company’s internal control over financial reporting as of __________ has been audited by an independent registered public accounting firm, as stated in their report, which appears herein.

This SOX mandate incorporates all financial aspects of a company’s business, including revenue recognition, valuation of securities, provision of adequate reserves, and so on. Many companies have spent literally millions of dollars to be in compliance with SOX. Further, the annual testing of these Internal Controls is a major responsibility of top management, which must personally sign a compliance statement with serious potential consequences if the report is in error.

There is, however, for many businesses one operating area that may not be in ‘Control’, at least as far as the word is defined in SOX. By definition, the directive requires that control totals (the property record detail and totals) accurately reflect the underlying fixed assets. Many companies have significant discrepancies between what is shown in their property record system and actual assets physically present. In the next series of blog posts, we’ll discuss Internal Control required by SOX with specific reference to Fixed Asset Management.