Your bilingual back office in Japan

accounting, financial, and consulting articles on Japan
Internal Control

How Sarbanes-Oxley Relates to Your Operations in Japan
By Thomas J. Kelley

The subject of internal control has never been known to inspire much passion or heated discussions at cocktail parties. It was never the talk of the town. Until, that is, Enron, WorldCom, and the Sarbanes-Oxley Act.

Still, it is a widely misunderstood topic. Most people associate "good internal control" with a guy in green eyeshades making sure nobody steals the cash. In contrast, "bad internal control" conjures up a picture of that same guy in green eyeshades stealing the cash himself or falsifying financial statements. It seems as if we have forever linked internal control and green eyeshades. We shouldn't.

What is internal control?

Internal control is just another word for management. Good internal control is synonymous with good management, and bad internal control with bad management. A well-run business must:

  1. Produce financial information that is complete, accurate, and timely, and reflects validly authorized transactions.
  2. Protect assets from loss or theft.
  3. Comply with applicable laws and regulations.
  4. Operate with maximum profitability and optimum efficiency.

These four items are known as the objectives of internal control and achieving them defines a well managed company.

Procedures in well-managed businesses

In addition to locking up the cash, there are literally thousands of procedures that management implements to meet these objectives. Among other things, a well-managed business:

The definition of internal control is not new with Sarbanes Oxley

In 1985, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed following some well-publicized business failures. COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal control, and corporate governance. It is considered the authoritative source on the issue of internal control.

COSO has defined internal control as a process "designed to provide reasonable assurance regarding the achievement of …[the four objectives stated above]". This definition was also adopted by the accounting profession and the Securities and Exchange Commission (SEC).

The goal of any business is to make money (objective 4 above). However, if a business fails to implement the procedures necessary to achieve objectives 1 through 3, it will operate chaotically and never achieve this goal. On the other hand, if a business seeks to be perfect in achieving objectives 1 through 3, it is burdened with so many procedures that nothing gets done including making money.

Thus the concept of "reasonable assurance" that the objectives are achieved with the procedures in place. An effective system of internal control features management procedures at a level somewhere in the middle, closer to perfection than to chaos, but nevertheless short of perfection.

The Sarbanes-Oxley definition and the question to management

Sarbanes Oxley adopts the COSO definition and is basically asking management to publicly state whether they (i.e., their internal control systems) are effective. It's a pass/fail kind of statement. Either we are effective as defined or we are not.

Ineffective management is either doing or failing to do something that could result in the production of financial statements that are wrong in a material way. Although such an admission would have other adverse consequences, under Sarbanes Oxley it is not a criminal offense to admit to ineffective management or controls.

It may, however, be a criminal offense to get it wrong, i.e., to state that we are effective and to be subsequently shown that we are not. The obvious subjectivity of all of this together with the criminal penalties has management rightfully concerned. Furthermore, management is increasingly contending that the fourth goal of effective control/management (maximum profitability/optimum efficiency) is not the focus of this legislation and is being rendered more difficult to achieve because of the time and expense of accumulating the backup documentation supporting the conclusion. Nevertheless the Act is unlikely to go away and we will therefore have to deal with it.

How does Sarbanes-Oxley affect operations in Japan?

As we have seen, the four objectives above are universal components of good management. Whether or not we are subject to Sarbanes Oxley we should be honestly asking and answering the Sarbanes Oxley question, i.e., "are we effective?" or, put another way, "are we reasonably assured that we are achieving the four internal control objectives?"

One way to do this is to think about the significant risks inherent in our business that might prevent us from meeting the objectives and to make sure we have done all we can reasonably do to neutralize these risks. From the perspective of any foreign company operating in Japan those significant risks might include the following.

Failure to adequately understand the financial information that is provided to the foreign headquarters. (Objective 1)

Typically financial information in the local office is produced on a statutory basis and goes through some form of translation before being submitted to the home office. In this case translation means changes to the locally produced numbers in order to conform them to accounting principles in the home office country. Therefore from the perspective of the home office it is important to be sure that the information received is in a form that is understandable and useful. Just as important is to have a clear understanding of the nature of the translation adjustments.

Lack of transparency in matters of judgment (Objective 1)

To the extent that financial information is based on judgment (bad debt and warranty reserves, revenue estimates etc.) are local office judgments transparent to the home office? This of course is a two way street with both the home and local office having the same understanding of the conditions in which the local business operates.

Unauthorized transactions (Objectives 1 and 2)

The home office presumably has procedures for authorizing revenue and expense transactions which in some way will apply to the local office. Time and distance, however, increase the risk that these procedures will be circumvented. Do we have some procedure in place to provide some level of review over local office authorization decisions?

Inadequate protection of assets and records (Objective 2)

Ask yourself the following questions:

Tax and regulatory non-compliance (Objective 3)

These questions will help you sort out the compliance of your company:

Failure to continuously improve (Objective 4)

Continuous improvement implies continuous change, and managing change is always difficult. Individuals and cultures react differently to change. Thus cross-cultural management of change is doubly difficult.

Nevertheless, with all due respect for the cultural differences, there should be procedures and incentives in place to encourage and ensure a continuous review of everything done in the local office with an eye to doing it better, faster, and cheaper.

Thomas J. Kelley consults with HTM on their internal controls and the internal controls of its clients. He is a member of the faculty at the Albers School of Business, Seattle University, conducting courses in auditing, and financial and managerial accounting. A partner in Arthur Andersen & Co. from 1972 to 2002, and most recently the managing partner of the Audit and Business Advisory Practice in the CIS countries (former Soviet Union) responsible for 500 audit and consulting professionals.

read-clients-saying-icon Testimonials

Email-icon Email us or call +81-3-5789-7900