Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

To Test Internal Controls, Ask: How Long?

The speaker was a national partner in a big accounting firm. What he said was simple and profound: “When it comes to internal controls, ask yourself how long it would take to detect an improper payment. Would it take a year, a quarter, or a month? That’s how you test your company.”

The room full of controllers, internal auditors, accountants, and lawyers was quiet.

The speaker continued: “Companies routinely go the extra mile vetting suppliers, agents, and joint venture partners. But when that’s done and the decision is made to work with the third party, what then? Will the controls in place uncover improper payments the intermediary might make to government officials? Who’s checking third-party invoices to confirm the services rendered are worth the amount of the invoice?”

Someone in the audience asked how deep into the invoices the review needs to go. What are best practices for internal controls?

“There’s no easy answer,” the speaker said. “But again, ask yourself how long it would take to discover improper payments by your suppliers. The longer the time, the weaker your argument that the company didn’t act ‘knowingly’ in paying bribes indirectly through the third party.”

*     *     *

The internal control provisions at 15 U.S.C. Section 78m(b)(2)(B) require issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that–

(i) transactions are executed in accordance with management’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

Share this post


1 Comment

  1. A worthy successor to the well known, "where else" question for anti-bribery compliance is the "how long" question. I love it, and I think it's 100% on the money (no pun intended).

Comments are closed for this article!