Web www.software-risk.co.uk

Oil giant, BP has announced 252 people have been dismissed because of unethical behaviour. Here we look at how this can be applied to testing internal controls.

Note that the internal controls relevant for Sarbanes-Oxley are only those that relating to financial reporting.

Taking the COSO* framework construction of internal controls, we can compare them to BP's actions and words. When looking at the five elements of internal control, they should be looked at holisitically. No one, element takes precedence, and in this case,

Control Environment The top management at BP have stated that they intend to operate their business in an ethical but professional manner. In addition they have established that they intend to confront problems and deal with them. The tone has been set. In terms of this particular internal control, how the company interprets and implements the control environment will be the main determinant of its effectiveness.

In particular, a system has been put in place where employees have to report gifts over £26 in value to the company. This might be important for a company like BP which operates in volatile and corrupt parts of the world, where bribery is common place. This would remove or make more difficult a temptation. We assume the code applies to BP employees making gifts outward as well.

Most importantly, this has been communicated to all stakeholders, including shareholders.

Risk Assessment BP wants to be seen as a responsible corporate body. A failure to do this, in the current governance climate would be a nightmare. (Enron, after all was an energy company.)

They have established the risks, and with the corporate governance team are trying to mitigate them. Probably the second highest weighting, and one that it passes. However, BP's actions rather than its written procedures will be the important aspect again.

Control Activities BP clearly has policies in relation to business ethics. They have written procedures to follow. However in this instance the doubt relates to how strictly they are enforced.

Unethical behaviour would only become an issue in both the control activity and financial reporting senses if it led to an inaccuracy in the report.

An example, might be a local manager in bribery prone area, having total control over the statistics, that go to reporting oil reserves.

Information and Reporting BP will need to record information regarding the transactions of employees. Ideally they will have to find out if the transaction was done ethically or not. As discussed above this in our opinion is not the most important element.

Monitoring BP will need to monitor the progress of the controls over ethical behaviour. Both in relation to reporting deficincies and the degree to which they should be loosened or tightend up.

* Committee Of Sponsoring Organisations for the Treadway Commission.

Related Articles
SEC Proposes Years Exemption on 404
Sarbanes-Oxley Debacle
Republican Attack on Sarbanes-Oxley
COX - Sooner Rather than Later on SOX Reform
Caterpillar and Internal Controls
GAO Supports SOX Cost Claims
Panelists Named for Sarbanes-Oxley Roundable
Foreign Companies Repeating US SOX Mistakes

Similar Areas

Sarbanes-Oxley Items

Finance Items

Private Company Items

Management Items

Regulation Items

Selected Books

Keywords

BP

Business ethics

anti-corruption

Sarbanes-Oxley compliance

Sarbanes-Oxley

fraud

unethical behaviour

Sarbanes-Oxley Act

Energy companies

legal compliance

business relationships

internal controls

section 404

oil

COSO

Committee Of Sponsoring Organisations

financial reporting

control environment

BP management

management tone

internal control

control activities

bribery

information and reporting

monitoring