Sarbanes-Oxley revolutionized the auditing profession. Section 404 imposed stringent requirements for disclosure of the state of a company’s internal controls and financial reporting. The company’s independent auditor is required to report on the effectiveness of the company’s internal controls, and include bribery, theft and fraud. The requirements are intended to prevent a material misstatement of the company’s financial statements.

The key term of art surrounding Sarbanes-Oxley is “materiality.” The fundamental disconnect in this regulatory area is the fact that funding a bribery scheme in the context of a multi-billion dollar company will rarely, if ever, reach the point of “materiality.”

As a result, independent auditors are not required to look beyond those transactions that fall on the material side of the equation. Companies therefore do not receive any assurance or critical information concerning improper use of corporate funds for bribes.

The bottom line is that an independent auditor can certify that the company’s internal controls are effective without determining whether corporate funds are being used for bribery.

Hence, companies now turn to “forensic” auditors to look through their books to locate potential bribery payments. Again, in multi-billion dollar global companies, this is like looking for a needle in a haystack. But forensic auditors have some valuable tools and approaches to identify potential bribery payments.

Looking at a company’s trial balances, forensic auditors are adept at selecting potential accounts used for disguising improper payments, and then testing these accounts by sampling some of the transactions. It is not a foolproof system or approach, but it is a worthwhile exercise that can provide important insights.

Compliance officers should consider engaging forensic accounting services as an important tool for monitoring and testing financial transactions. It does not make sense to pay exorbitant fees to conduct a forensic examination of every country. Instead, compliance officers should tailor such an audit to a limited number of high-risk countries or business activities. Such audits can be conducted on a multi-year schedule and targeted to certain countries each year.

A significant bribery scheme may be carried out with access to petty cash or other sources of cash that do not require significant authorizations and approvals. Interestingly, more companies are eliminating petty cash funds and relying on corporate credit cards for small transactions.

In China, for example, I have witnessed bribery schemes carried out by allocating weekly cleaning supply purchases (albeit $7000 per week) to fund a bribery scheme. Again, these transactions and the total amount of money never amounted to “material” amounts that would impact the company’s financial statements, but the impact a bribery scheme, if discovered, could be significant (and material).

From the compliance perspective, it is important to key the program’s focus on relevant sources for cash and improper funding. Once the universe is established, a compliance officer, in coordination with internal audit, should design and implement appropriate strategies to identify unauthorized uses of corporate funds and bribery risks.

Sarbanes-Oxley transformed the auditing profession, at least for independent auditors who prepare annual financial statements and verify a company’s internal controls. Unfortunately, Sarbanes-Oxley left behind scrutiny of other important, non-material transactions that can create significant risks to a company’s financial condition. That issue will eventually be addressed, either by the auditing profession, prosecutors and/or the courts, and even Congress