Call it the intersection of convergence and compliance: Companies trying to obey Sarbanes-Oxley’s internal control provisions are finding that not only must they evaluate the controls their own operations—but also those of partners with whom they may form an alliance.
In general, the risk that the internal controls of a collaborative effort won’t catch an error is small. Still, according to a survey by the Institute of Internal Auditors of more than 150 auditing executives, the damage that could occur to a company if any controls do fail is large. This is particularly true in the case of joint ventures.
Sedatole
“A joint venture would have more Sarbanes-Oxley implications because it is a legal entity,” says Karen Sedatole, an assistant professor of accounting at the University of Texas at Austin, who helped oversee the IIA survey. “It will affect your financial reporting.” Indeed, more than half of the respondents to the survey said they implemented new controls over their partner firms as a result of Sarbanes-Oxley, Sedatole says.
Increasingly important in joint ventures is the inclusion of a right-to-audit clause in the contract, which 67 percent of respondents said they plan to exercise. Companies also are using more SAS 70 reports, in which a third party such (often an auditor) provides an evaluation of the internal controls of a company, the survey found. That report can then be provided to any of a company’s partners or customers to provide assurance about their control systems.
Ryan
“There’s risk if you don’t set up a joint venture in a way that gives you at least some ability to gain comfort that the internal controls environment is sufficient,” said Russell Ryan, a partner at the law firm King & Spalding and a former attorney with the Securities and Exchange Commission.
Joint ventures offer companies the advantage of having formal procedures because they are a distinct business entity with a complete set of operations, from the establishment of a board of directors to the creation of accounting processes. As such, they may be easier to monitor and control than a more informal alliance.
Upstream, Downstream
Joint ventures can be grouped into four categories. So-called “upstream” and “downstream” ventures follow a supply chain. Upstream ventures are formed when a company collaborates with a supplier, as Dell does with software
manufacturers; downstream ventures are the inverse, when businesses form partnerships for distribution purposes. Other ventures include those for marketing and research and development, she said.
One common risk that companies may face when forming a joint venture is the reliability, and accountability, of the personnel overseeing the venture. Companies need to make sure that people in the joint venture are accountable for their performance.
Often, however, the types of risks firms face in forming a joint venture depend on the objectives of the partnership, Sedatole says. Similarly, different controls are used for different types of alliances. In research and development ventures, for example, a commonly used control mechanism is a periodic review of a partner’s financial information. The financial viability of a partner is particularly crucial in research and development ventures because the outcome of the venture’s projects is highly uncertain—and many times, at least one partner in the venture is a startup with lots of technology but little business history. So companies need to know that their partners can handle the possibility of a project failing.
That same logic is employed in accounting principles, Sedatole says; research and development is expensed instead of capitalized on financial statements because the future benefits are uncertain.
Setting up an authorization process for decision-making also is crucial in research and development ventures, Sedatole adds. “In the process of taking R&D projects from an initial concept through to a viable product, businesses rely more heavily on having a series of authorization levels within a joint venture to make sure everything is passed off by the appropriate authority before it goes forward,” she says.
RISK BREAKDOWN
Strategic risks in joint ventures, as outlined in "Managing Strategic Alliance Risk: Survey Evidence of Control Practices in Collaborative Inter-organizational Settings," published by The IIA Research Foundation:
Innovation risk
Risk that strategic partners will not maintain adequate levels of innovation to support the firms needs.
Intellectual Property Risk
Risk that your strategic partner will make inappropriate use of proprietary information in a manner that could negatively affect the firm.
Product Failure Risk
Risk that faulty or non-performing products or services from your strategic partners expose your company to sanctions from endcustomers.
Misaligned Incentives Risk
Risk that strategic partners have incentives to take actions that would hurt your firm (e.g., relationships with your competitors).
Partner Lock-In Risk
Risk that the choice of a specific strategic partner locks the firm into a relationship with negative long-term consequences for the firm.
Outside Scope Risk
Risk that the alliance will create products or services outside the scope of the original agreement.
Managing Strategic Alliance Risk: Survey Evidence of Control Practices in Collaborative Inter-organizational Settings (Institute Of Internal Auditors, Jan. 2006)
Marketing ventures often rely on ongoing reviews of non-financial performance indicators such as customer satisfaction, because they face large reputation-related risks, the survey found. Upstream ventures tend to emphasize formal review processes for selecting their partners, while downstream ventures often use the informal monitoring of partner operations, according to Sedatole.
All alliances rely heavily on contract terms to assist them in mitigating risk. The terms can range from specific payment terms or delivery dates to specifying cost-sharing arrangements or safeguards for assets, Sedatole says.
If a company owns more than half of a venture, “the most
conservative course would be to] treat it as you would your own company in terms of making sure you’ve got internal controls,” Ryan says. “Or at least assume that you may be held to a standard where that’s essentially part of your own internal controls and disclosure controls.” If less than 50 percent of a venture is owned, companies should proceed in good faith by educating themselves on the venture’s internal controls and by trying to be reasonably assertive in making sure that the controls are sufficient, he adds.
When forming the venture, companies should specify in the agreement the ability to conduct some type of periodic review on controls and request some type of report from the people who are in charge of overseeing them, Ryan also says. Companies even could request some type of certification from the joint venture’s chief accounting or financial officer that is roughly consistent with the type of certification required by Sarbanes-Oxley.
But the most fundamental means of mitigating risk in joint ventures is conducting thorough due diligence before engaging in a partnership, says Alexandra Lajoux, chief knowledge officer at the National Association of Corporate Directors and an author of books on mergers and acquisitions. That could include a review of financial statements, operations and management, as well as reviews for potential legal exposures—including any issues that may arise from structuring the transaction itself.
“The decision to form an alliance as a joint venture is itself a control decision,” Sedatole says. Companies need to start by making “sure they identify an appropriate partner.”
No comments yet