The Importance of Internal Controls:
From Singular Temptation to Worldwide Consequence
BUS 520
Julie Tennant
Adams State University
October 19, 2013
Table of Contents
Introduction
Internal controls begin inside operating procedures
A culture of ethics
Lack of control and control fraud
The financial crisis of 2007–2010
The scandals of Enron and Worldcom
The Sarbanes-Oxley Act (SOX)
Criticism of SOX
The rise of enterprise risk management (ERM)
The Dodd-Frank Wall Street Reform and Consumer Protection Act
Whistleblower provisions
Drawbacks of Dodd-Frank
The American oligarchy
Conclusion
Introduction
Temptation is a human condition, and self-control is the appropriate response. Given that organizations large and small are comprised of human beings, it’s crucial to understand the basic elements of self-control: a vivid awareness of future consequences, resisting the perception of helplessness and the tendency for tunnel vision, making a commitment to do the right thing, and accepting that anxiety and frustration are a part of the process (Hodgson, 2006). How does this reality translate to businesses made up of human beings? Large organizations are prone to temptation when the scale of business reaches a level of abstraction. Money becomes a game and the risk of failure can become diluted. Outright fraud can look like an acceptable status quo, creating a risk environment that can reach systemic proportions.
What can companies do about this situation? Internal controls are put in place in order to preserve a company’s assets by averting fraud. After the scandals of Enron and Worldcom, Congress stepped in with the Sarbanes-Oxley Act (SOX), forcing companies to reveal the internal controls and procedures they use to avoid large-scale failure and the subsequent evaporation of the hard-earned lifetime savings of millions of citizens. Five interrelated components emerge as companies organize to implement procedures to comply with SOX and shape a more controlled environment (Edmonds, 2011). A detailed procedure for helping shape this environment emerged with the practice of Enterprise Risk Management (ERM). Finally, The Dodd-Frank Act goes further, and addresses systemic risk in order to prevent the “too big to fail” problem: “the risk that a localized economic shock can have worldwide repercussions because of the interconnections between financial institutions” (Coffee, 2011). Government cannot assume that humans running such large companies, in charge of millions of citizens’ money, will resist temptation and govern themselves consistently.
Internal controls begin inside operating procedures
The skeleton of a company’s fiscal structure begins with budget and cost accounting processes. Getting into granular detail about projected revenues and expenses gives a shape to the firm’s operations.
In today’s world, the process of cost accounting achieves two very important objectives: 1) cost ascertainment, which “refers to the collection and analysis of cost and the linking up of production with different expenses at different stages of operation” p. 3 [http://site.ebrary.com/lib/adamsstate/docDetail.action?docID=10415464], and 2) cost reduction, which “aims at guiding the actuals towards the targets”—and employs executive action when it’s necessary to regulate when those actual costs stray from the targets. In essence, cost accounting gets into the finer details of the elements of material, labor, and expenses that come with the business. For shareholders and the general public, financial accounting takes care of just the baseline of reporting on the financial health of a company. Cost accounting goes deeper into operational detail, and can reveal areas of weakness or waste. “Cost accounting is not independent from financial accounting. Rather, it is an elaboration of financial accounting”. [http://site.ebrary.com/lib/adamsstate/docDetail.action?docID=10415647
Budgeting works alongside cost accounting, by providing a road map that links the financial actions to the strategic objectives of the firm. The projections of cost and revenue entered into proforma financial statements form the picture of the firm’s financial destination. “A budget is a planned result that an enterprise aims to attain” p. 562 and this budget is used properly when actual costs are reviewed side-by-side with budget line items. These proforma financial statements set the bar for performance.
A culture of ethics
Pressure to perform can be a positive catalyst or an excuse for toxic behavior. Situational factors on the job influence ethical decision making and the risk of fraud. Reward systems, job roles, and organizational culture can all contribute to the way an individual will frame an ethical dilemma. Within that are further breakdowns of framing mechanisms: 1) issue-related, meaning that we categorize the intensity of concern over a situation, e.g., if you were a bartender, you might give away free drinks to some friends while not remotely considering it OK to take $20 from the till; and 2) context-related, meaning that we are social animals and we look around us to see what level of morality is happening, and use this as guidance for our own behavior. [http://books.google.com/books?hl=en&lr=&id=CdGQSil8jswC&oi=fnd&pg=PR5&dq=Key+features+of+ethical+misconduct:+opportunity,+pressure,+rationalization&ots=DLE5F3s4KZ&sig=cSfqtquJ4-4LN7vgOpv9FIMbiuY#v=onepage&q&f=false]
According to xx Edmonds in Survey of Accounting (xx), the auditing profession has determined that there are three elements present in a fraud situation: 1) an opportunity has come up for the individual to get something for free, 2) pressure from superiors or peers to perform can lead to an individual looking for an easy break, 3) the individual can rationalize that his or her actions are OK because “everyone else is doing it.” [Edmonds, p. 138–139]
Lack of control and control fraud
What happens when control is manipulated for the personal agenda of the people in power? A CEO can selectively hire and fire individuals, thereby removing these checks and balances.
“Control frauds” are seemingly legitimate entities controlled by persons that use them as a fraud “weapon”…CEOs are able to] to convert firm assets for personal benefit through seemingly normal compensation mechanisms. The short-term profits cause stock options to appreciate. Fraudulent CEOs following this strategy are guaranteed extraordinary income while minimizing risks of detection and prosecution”. [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1590447]
Given this temptation—minimal risk in the way of seizing an opportunity—it’s not difficult to understand how a fraudulent activity can become masked in rationale.
The financial crisis of 2007–2010
Benjamin Franklin said, “Neither a borrower or a lender be.” He could have predicted the danger of the business of lending money without prudent evaluation of risk. The financial crisis of 2007–2010 can be attributed to the rationalization of risky financial practices that were deemed acceptable. “Several factors are unique to this crisis: the transfer of assets from the balance sheets of banks to the markets, the creation of complex and opaque assets, the failure of ratings agencies to properly assess the risk of such assets, and the application of fair value accounting. (http://ideas.repec.org/p/iuk/wpaper/2009-02.html)
An example of how the line between rationalization and potential for fraud is illustrated by a financial process called securitization. In this practice, assets are pooled into interest-bearing securities and repackaged for purchase by investors. Because the interest and principal payments are passed through to these investors, the issuing body can dilute the credit risk. Furthermore, when they transfer those assets from their balance sheet to the balance sheet of the investor, the credit risk becomes more opaque: “Many of the loans were not kept on the balance sheets of those who securitized them, perhaps encouraging originators to cut back on screening and monitoring borrowers, resulting possibly in a systematic deterioration of lending and collateral standards” (http://www.imf.org/external/pubs/ft/fandd/2008/09/pdf/basics.pdf)
Securitization has been around since the 18th century and an early example was the use of farm railroad mortgage bonds. Even then, the lack of control over risk evaluation contributed to the panic of 1857. This was forgotten, of course, and its use became widespread again, especially in the housing market in the 1990s. By 2006, it is likely that there were internal pressures to sell more and more without properly evaluating risk. “An increase in loan packaging, marketing and incentives such as easy initial terms, and a long trend of rising housing prices had encouraged borrowers to take on difficult mortgages in the belief they would be able to quickly refinance at more favorable terms” (http://www.scribd.com/doc/79733599/Financial-crisis-of-2007%E2%80%932010).
Financial giant J.P. Morgan Chase was found guilty of massive fraud from the securitization of billion of dollars’ worth of mortgage-backed bonds based on defective mortgages. Investors lost billions and housing market suffered By 2017 the company will have paid $13 billion in fines—the largest amount paid to the federal government by any one company. $4 billion will go to homeowners whose mortgages were handled by J.P. Morgan, as well as to neighborhoods affected by the blight of rundown and abandoned homes resulting from the evictions, foreclosures, and prolonged vacancies resulting from the financial crisis (http://www.npr.org/blogs/thetwo-way/2013/11/19/246143595/j-p-morgan-chase-will-pay-13-billion-in-record-settlement) .
Of course this was only one aspect of the damage wrought. The value of securities tied to real estate plummeted, and banking system became illiquid. Investors lost confidence and global stock markets were impacted, with securities experiencing large losses in 2008–2009. “Economies worldwide slowed during this period as credit tightened and international trade declined” (http://www.scribd.com/doc/79733599/Financial-crisis-of-2007%E2%80%932010)
The scandals of Enron and Worldcom
While the rationalization of risky securitization became part of the status quo, “creative accounting” became prevalent as organizations tried to cover up their losses. Auditors took advantages of legal loopholes that distorted financial statements and confused shareholders and analysts. “Deceptive accounting by Enron…Worldcom and others was a consequence of financial crises, rather than a cause—a devious attempt to cover up the looming danger of bankruptcy by exaggerating income and/or hiding debts” (http://books.google.com/books?id=9rBTY25Q5ncC&pg=PA19&dq=enron+and+worldcom&hl=en&sa=X&ei=RJOkUoL7Go7bqwHQ4YDwAw&ved=0CDsQ6AEwAg#v=onepage&q=enron%20and%20worldcom&f=false) Arthur Andersen, the auditing firm for Enron, allegedly knew all about the company’s problems but did nothing to reveal them to the public, and may have even helped to deceive the public. They eventually collapsed after a criminal conviction for shredding Enron documents. (http://site.ebrary.com/lib/adamsstate/docDetail.action?docID=10063894&p00=revenue%20recognition%20enron ) Also, in the 1990s, the auditing and accounting system experienced a dramatic rise in the use of restatements—in which, after issuing financial statements, a company would report a material inaccuracy and revise the previously-issued statements. The use of restatements are not designed to restate the truth; however, many firms did just that. At Worldcom, financial restatements were instead manipulated to show growth, which later proved to be false. “…billions of dollars in ordinary operating costs had been improperly recorded as capital expenditures, thus reporting a $662 million loss as a $2.4 billion profit” (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=447100)
The Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act (SOX) of 2002 mandates that the CEO takes responsibility for ensuring that financial controls are in place. Section 302 requires the CEO to certify the quarterly financial reports, and Section 404 requires a statement by that CEO that internal controls are in place and the financial reporting is reliable. The framework for these controls include five interrelated components: 1) a control environment, in which the integrity and values of the company set the tone of daily business in the firm, 2) risk assessment, in which potential distortions to the financial statements can be identified and mitigated, 3) control activities, which are designed to eliminate the potential for fraud, 4) information and communication, which includes assessment of the technology used for this, and 5) monitoring, in which those internal controls are assessed over time—and their success or failure to address risk is evaluated (Edmonds, xx, pp 126–127). This framework provides the context for the organization’s ethical “report card”—more importantly, it is meant to ensure that financial statements are accurate.
Sections 302 and 404 of SOX are probably the most contentious parts of the Act. They require the CEO to sign off on a system of internal controls, and to evaluate and report how those controls are working. How exactly can the CEO make sure that the company is set up to report properly and avert fraud? An organization formed in 1992, called the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that is made up of five nonprofit entities—the American Accounting Association, the American Institute of Certified Public Accountants, Financial Executives International, the Institute of Internal Auditors, and the Institute of Management Accountants. COSO published a document called Internal Controls—An Integrated Framework. This document was meant to help publicly-traded companies comply with the requirements of SOX 404. It was updated in May 2013 to cope with increasing complexity in regulation and the rise of technology. (http://www.coso.org/documents/coso%20mcnallytransition%20article-final%20coso%20version%20proof_5-31-13.pdf) COSO’s 2013 framework for internal controls is now articulated in 17 principles, based on the five components:
It is also important for any service organizations to be evaluated for proper internal controls. A company may have their own internal controls in place, while using a service provider for part of their operations that does not. “In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers” (http://sas70.com/sas70_SOX404.html). The Statement on Auditing Standards No. 70 (SAS70) is now recognized as a necessary part of SOX 404 compliance. Not just the service organization—the firms that use that service organization—must be evaluated and an official opinion issued regarding their system of internal controls. For example, many companies use Software-as-a-Service (SaaS) for greater business agility and the reduction of opportunity cost as a result of less efficient information technology. At the same time, with critical data located outside their firewall, they also expose themselves to the risk of data theft or external system attacks.
Criticism of SOX
There is some controversy over whether SOX was a policy blunder. Some insist that the Act was formed amidst chaos, and think that compliance should be voluntary and not mandatory. “SOX was enacted as emergency legislation amidst a free-falling stock market and media frenzy over corporate scandals shortly before the midterm congressional elections” (Romano, p. 2). Extensive academic literature suggests that the mandates will not benefit investors, for example, the Section #301 of SOX that requires an independent auditing committee was found to have no effect on improving performance or the perception of value (p. 17). Challengers maintain that government jumped beyond its jurisdiction by empowering the Securities and Exchange Commission (SEC) to regulate what should be the business of the states. The cost of compliance to SOX is part of the argument; if SOX was repealed, not all firms would be affected. “companies with annual revenues over $5 billion projected external consulting, software and additional audit fees of $2.8 million, compared to a projection of $220,200 by companies with annual revenues under $25 million” (p. 188) The other perspective is that states are in a better position to regulate than the federal government because 1) they are closer to the corporations and less likely to make mistakes, and 2) they operate in a competitive environment, as the corporations choose a particular state for their domicile and can change if they want, and 3) this competition forces the regulating body to stay in step with the changing business environment. There are incentives for states to constantly improve their regulating process, as franchise and exchange listing fees—not to mention more political constituents—are at stake.
The rise of enterprise risk management (ERM)
Managing risk has always been important, from the time of insurance for sailing ships, to the recent accounting scandals. Companies have historically doled out the job of watchdog to the specific departments involved—e.g., human resources will worry about occupational safety, while research & development will worry about design failure (http://site.ebrary.com/lib/adamsstate/docDetail.action?docID=10486685&p00=enterprise%20risk%20management). However, as time passed, it was learned that many risks can be prevented through control systems, and a wider view of risk management emerged. The concept of enterprise risk management (ERM) was developed in the 1990s to be an integrated, systematic approach to managing all risks facing an organization. COSO reports that there are over 80 different frameworks for ERM used throughout the world. Generally the five perspectives of ERM are financial, accounting, supply chain, information system, and disaster management. (http://books.google.com/books?hl=en&lr=&id=iRL0TCMJEZsC&oi=fnd&pg=PR5&dq=enterprise+risk+management&ots=JhaUenFnu8&sig=s-uQ0XJHAs51zSiZlFRfXP12ELk#v=onepage&q=enterprise%20risk%20management&f=false) ERM essentially changed the comment “That risk is not my responsibility” to “That risk is everyone’s responsibility.”
While much of ERM may have begun as a strategy for compliance to SOX mandates, surveys from hundreds of companies across North America and Europe have reported that ERM has added a significant level of value to their organizations, in the form of better informed decisions, greater management consensus, and increased accountability. “Those organizations that had fully implemented ERM were better able to accomplish strategic planning, and had a stronger ability to understand and weigh risk tradeoffs” (p. 11) In accounting, ERM provides a structure of internal controls designed to identify specific risks in order for the company to take the appropriate response. Risks are necessary to doing business and provide opportunities. “Every organization can be viewed as a specialist at dealing with at least one type of risk” (p. 40). The “risk appetite” of a firm can be identified through the process of ERM, and the response to that risk is chosen from a menu of options described as the four T’s: treating a risk, terminating a risk, transferring a risk, or taking a risk (p. 38).
The Dodd-Frank Wall Street Reform and Consumer Protection Act
While Sarbanes-Oxley aims to mitigate the damage to investors by inaccurate financial reporting through a structure of internal controls, the Dodd-Frank Act, signed into law in 2010 takes broader strokes: “An Act…To promote the financial stability of the United States by improving accountability and transparency in the financial system, to end ‘too big to fail’, to protect the American taxpayer by ending bailouts, to protect consumers from abusive financial services practices, and for other purposes” (http://thomas.loc.gov/cgi-bin/query/D?c111:6:./temp/~c111KzHp3X:b0:). Although Dodd-Frank is criticized for being “an incoherent mess,” its 2,319 pages can be boiled down to a couple of clear objectives: to limit the risk of contemporary finance (perjoratively called “shadow banking,” of which securitization is one form), and to limit the damage caused when a large financial institution fails. (http://site.ebrary.com/lib/adamsstate/docDetail.action?docID=10441454&p00=dodd%20frank)
The first objective aims to eliminate the backroom deals and require that financial instruments such as derivatives be cleared and traded on exchanges. A derivative gets its value from the performance of another asset. For example, an airline may purchase an oil derivative; a contract that states that the airline will be paid if the price of oil rises before the end of the contracted period. What happens if the bank that sold the derivative fails? With Dodd-Frank, this deal would go through a clearinghouse so that if that bank failed, the clearinghouse would cover the contract, or negotiate an alternative contract. This directly reduces the risk to both parties, while requiring these deals to be put on exchanges increases financial transparency, indirectly reducing the risk to the financial system in general. (http://site.ebrary.com/lib/adamsstate/docDetail.action?docID=10441454&p00=dodd%20frank)
The second objective is aimed at institutions with at least $50 billion in assets—these are deemed “systemically important” (“too big to fail”). The Dodd-Frank Act requires these institutions to keep a larger amount of capital as a buffer against the danger of failing. If regulators discover that the institutions is in default or in danger of default, they can get the Federal Deposit Insurance Corporation (FDIC) to take over as receiver and liquidate it.
To accomplish these two objectives, the Dodd-Frank Act creates new regulators: the Financial Stability Oversight Council, which “is charged with identifying risks to the financial stability of the United States; promoting market discipline; and responding to emerging risks to the stability of the United States’ financial system” (http://www.treasury.gov/initiatives/fsoc/Pages/home.aspx). In 2013, the insurance giants Prudential and American Insurance Group have been designated as systemically significant. “Once the designation is final, the Federal Reserve takes over their supervision, imposing requirements that are still being formulated” (https://mninews.marketnews.com/index.php/insurance-industry-worldwide-shudders-fsocfed-take-over?q=content/insurance-industry-worldwide-shudders-fsocfed-take-over). Companies have 30 days to fight the designation, even though it is unclear exactly what measures of supervision will be imposed by the Federal Reserve.
Whistleblower provisions
An important provision of the Dodd-Frank Act builds on what SOX started with a provision that companies set up a confidential channel to the Securities and Exchange Commission (SEC) to report financial misconduct. Section 922 goes further by setting up a bounty program that pays the individual between 10 and 30 percent of any funds recovered in excess of $1 million recovered by dint of the “original information” provided by that individual. The intention of this provision is to reinforce the need for companies to have a solid ethics program in place, because the provision outlines that the individual should first work internally to report the problem. The whistleblower provision theoretically acts as another risk management component—the financial misconduct should ostensibly be identified and corrected before an SEC violation is allowed to occur. (http://www.tnwinc.com/resources/dodd-frank-whistleblower/)
The “necessary evil” that is the whistleblower provision was borne out of the stigma that “tattletales” have experienced historically. People have generally considered them to be troublemakers. In the case of Enron, Sherron Watkins was able to shed light on the intricate layers of financial fraud taking place—without the protection that makes any retaliation to whistleblowing a felony, it is not clear whether she would have come forward. Cynthia Copper from Worldcom had s similar experience. Her “suspicions arose when a concerned official in the wireless division told her the accounting department had taken $400 million from his reserve account and used it to inflate WorldCom’s income” (xxx). Although the CFO was hostile and told her to back off, she investigated secretly and discovered “that in 2001, billions of dollars in ordinary operating costs had been improperly recorded as capital expenditures, thus reporting a $662 million loss as a $2.4 billion profit” (pdf whistleblower). These experiences seem to reinforce the idea that oversight is not enough to mitigate the systemic risk of financial fraud.
Drawbacks of Dodd-Frank
Problems with the Dodd-Frank Act include two themes: one, the “systemically important” institutions are given special treatment; “they will be able to borrow money more cheaply than banks who are not in the club” and in essence gain a competitive advantage (p. 9), and, two, there are no constraints on when regulators can jump in and create a kind of partnership between the government and the Wall Street giants. These large players can become a channel for political policy. All the FSOC needs to do is be able to say they think the institution is in danger of default and a threat to financial stability. (http://site.ebrary.com/lib/adamsstate/docDetail.action?docID=10441454&p00=dodd%20frank)
A universal principle of the rule of law—that the rules are clear and transparent—is made muddy by these themes.
Why doesn’t the government just break up the big banks, like they did in 1933 with the Glass-Steagall Act, that separated commercial and investment banks? Sanford Weill, a former chief executive of Citigroup, was initially in favor of larger and larger deals that would make is company rich. Later, he and his colleague “apologized for creating a lumbering giant that needed multibillion-dollar bailouts from the government (http://dealbook.nytimes.com/2012/07/25/weill-calls-for-splitting-up-big-banks/?_r=0).
The American oligarchy
The allure of power could be one reason why the big banks weren’t just broken up. The thirteen largest banks have become akin to an oligarchy; they have created political power because of their economic power. Through campaign contributions, these bankers are assumed to be credible, because “people who were making so much money had to know what they were talking about” (p. 6) That is why these banks were allowed to use “huge balance sheets to place bets in brand-new financial markets, stirring together complex derivatives with exotic mortgages in a toxic brew that ultimately poisoned the global economy” (p. 4 http://books.google.com/books?hl=en&lr=&id=R9ux1t5e05QC&oi=fnd&pg=PA3&dq=johnson,+stiglitz,+brandeis+break+up+big+banks&ots=mG0alySX1s&sig=RHy-gOajC7QSw7GFt-OUM8rs-lk#v=onepage&q&f=false) In America, we like to think that oligarchies are a problem that other countries have. However, a Russian businessman that trades political support and cash for government favors is not much different than the American reverence of triumphant capitalism.
Conclusion
It seems that for every step taken to prevent fraud, other problems arise. Are the provisions of Sarbanes-Oxley necessary and beneficial to the protection of investors, or was SOX an emotional reaction to the financial scandals that shocked the nation—and a policy that threatens to undermine the rule of law? Will the hundreds of laws contained in the Dodd-Frank Act fulfill their objectives of preventing “too big to fail”—or does the Act ironically solidify the political and economic power of the megabanks?
A recent study analyzed the behavior of dozens of Fortune 500 companies to see if there was a relationship between corporate social responsibility and its opposite—corporate social irresponsibility. Elaine Wong from the University of California studied the KLD scale—the measure of a firm’s environmental, labor, and philanthropic activity—and found that for each good deed, another ethically questionable or negative deed was performed. The practical explanation for this is that companies must respond to different stakeholders, so they tend to take turns: do something good for the citizens that is not necessarily good for the shareholders, and then you get to switch that around next time. The implication is compared to what happens at the individual level: we carry around a kind of moral currency that allows us to bank the good deeds and helps us rationalize the bad deeds. Science correspondent Shankar Vedantam explains:
“So I think the point of the research really, is that we have to be vigilant of the possibility that doing good can make us feel entitled to do bad. And look, we’ve just come out of the Thanksgiving holiday weekend, and a lot of Americans eat healthy through the year, so when it comes to Thanksgiving, they say OK, we can pig out. And it turns out the way we think about morality is a lot like the way we think about calories. (http://www.npr.org/2013/12/03/248320196/examining-flip-side-of-a-firms-social-responsibility-record)
Does this mean we can never be safe from fraud, and that internal controls will always be fundamentally flawed because of human weakness in the face of opportunity or pressure? How can organizations avoid the inevitable tendency to abuse the power that comes with financial success, when the worship of money is still so prevalent in our society? How can individuals remain ethically strong when temptation blurs the reality that the money is tied to real people’s futures, and instead becomes an abstraction, such as a complex derivative or a balance sheet so large it defies any practical relation?
One answer is information. We are still in the prime of the information age, and the landscape of financial analysis is changing constantly. Much of the fraud underlying the scandals of Enron and Worldcom can now be avoided by the increased transparency that is now possible with new technology. The Extensible Business Reporting Language (XBRL) now levels the information playing field by creating a common format for financial information in order to make faster comparisons across companies and across industries. “The widespread adoption of XBRL would mean that both humans and intelligent software agents could operate on financial information disseminated on the Web with a high degree of accuracy and reliability” (http://www.sciencedirect.com/science/article/pii/S1467089500000129).
Increased transparency with the ease of information flow is one ingredient toward a world more safe from greed and fraud. Perhaps this will help create a shift from the American worship of financial success to a new respect for the worldwide consequence of real, systemic ethical practice in business. “Responding to enhanced customer information -coupled with consumers’ increasing ability to react- companies may be expected to develop even stronger cultures of responsibility, proactively seeking to increasingly honour their moral obligations to society in the 21st century” (Bhavani).
References
Ackerman, A., & Patterson, C. (2013, September 16). J.P. Morgan to agree to ‘London whale’ fines bank to admit wrongdoing as part of SEC settlement. The Wall Street Journal. Retrieved from http://online.wsj.com/news/articles/SB10001424127887323527004579079411558707586
Coffee, J. (2011). Systemic risk after dodd-frank: Contingent capital and the need for regulatory strategies beyond oversight. Columbia Law Review, 111(795), Retrieved from https://litigation- essentials.lexisnexis.com/webcd/app?action=DocumentDisplay&crawlid=1&doctype=cit e&docid=111 Colum. L. Rev. 795&srctype=smi&srcid=3B15&key=85ae808b71a0ffe7023273dcb82ce9b3
D’Arcy, S. (2001). Enterprise risk management. Manuscript submitted for publication, Finance, University of Illinois at Urbana-Champaign, Champaign, IL, Retrieved from http://business.illinois.edu/~s-darcy/papers/erm.pdf
Edmonds, Thomas (2011). Survey of Accounting. McGraw-Hill Higher Education, Third Edition.
Fadun, O. (2013). Risk management and risk management failure: Lessons for business enterprises. International Journal of Academic Research in Business & Social Sciences, 2(1), Retrieved from http://web.ebscohost.com.adams.idm.oclc.org/ehost/pdfviewer/pdfviewer?sid=39045e5d- 50e5-4330-9147-e13aa5140b45@sessionmgr10&vid=4&hid=14
Gleason, C., Jenkins, N., & Johnson, B. (2008). The contagion effects of accounting restatements. The Accounting Review, 83(q), 83-110. doi: http://dx.doi.org/10.2308/accr.2008.83.1.83
Hodgson, R. (2006). Resisting temptation: a psychological analysis. British Journal of Addiction, 84(3), 251–257. doi: 10.1111/j.1360-0443.1989.tb03457.x
Johnson, K. (2011). Addressing gaps in the dodd-frank act: Directors’ risk management oversight obligations. University of Michigan Law Review,45, 55. Retrieved from http://heinonline.org/HOL/LandingPage?collection=&handle=hein.journals/umijlr45&div =5&id=&page
KPMG. (2011). The dodd-frank act: Could there be accounting consequences?. KPMG: Cutting Through Complexity, Retrieved from http://www.kpmg.com/Global/en/IssuesAndInsights/ArticlesPublications/Documents/dod d-frank-accounting-implications.pdf
McNally, J. (2013). The 2013 COSO framework & SOX compliance. Strategic Finance, Retrieved from http://www.coso.org/documents/coso mcnallytransition article-final coso version proof_5-31-13.pdf
Resource Global Professionals. (2012, January 1). Top 10 finance & accounting issues for 2012. Retrieved from http://www.resourcesglobal.com/blogs/fna/redirect.php?/archives/21- Top-10-Finance-Accounting-Issues-for-2012.html
Romero, R. (2004). The sarbanes-oxley act and the making of quack corporate governance. (Master’s thesis, Yale Law School) Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=596101
Securities & Exchange Commission. (n.d.). What is interactive data and who’s using it? Retrieved from http://www.sec.gov/spotlight/xbrl/what-is-idata.shtml
Swanton, M. (2013, September 27). Dodd-frank ruling is a mixed blessing for employers. Inside Counsel Magazine, Retrieved from http://www.insidecounsel.com/2013/09/27/dodd- frank-ruling-is-a-mixed-blessing-for-employer
Waters, M. (2013, September 30). How to prevent a future national financial crisis. National Mortgage News, 37(38), Retrieved from http://web.ebscohost.com.adams.idm.oclc.org/bsi/detail?sid=cdea4369-0a6e-4377-ad9d- 7294fc2c1b57@sessionmgr113&vid=1&hid=114&bdata=JnNpdGU9YnNpLWxpdmU=