Great article from my dear friend and mentor Clark Keeler at Burr, Pilger, Mayer:
In a 2007 interview, Michael Koss, the CEO of Koss Corp., complained bitterly about the burden of Sarbanes-Oxley (SOX). He said hours wasted in audit committee meetings would be better spent on “strategic planning.” Considering the $31 million fraud at a company with only $38 million in annual sales, it looks like Mr. Koss was in fact wasting his time. I’m not sure what they talked about at those audit committee meetings, but apparently it wasn't internal controls. The fraud at Koss triggered a fire-storm of litigation that may yet destroy the company his father founded.
Here’s the tip: Think Seriously About Internal Controls.
Many corporations have developed what I call a “compliance mentality” when it comes to internal controls; doing just enough to satisfy the requirements of SOX. The sad truth is that internal controls don’t get much more than “lip service” at most U.S. companies. Almost every fraud I see, and I see a lot of them, involves inadequate segregation of duties and inadequate supervisory review; both are basic internal controls. Good internal controls will prevent most frauds from happening and find them faster when they do occur. The difference between a small fraud and one that involves millions is typically a matter of time; in my experience it’s about a year. If you’re not thinking seriously about your internal controls, you’re “whistling past the graveyard”.