Ed. Note-today I continue my interviews of thought leaders in the compliance space. Today I visit with Henry Mixon, a noted internal controls expert. 

1. Where did you grow up?  I grew up in Birmingham Alabama.
2. Where did you go to college and how did that help inform your professional career? I graduated from the University of Alabama in 1967. While in college, I was President of Beta Alpha Psi, the accounting honorary fraternity. In that capacity I had the opportunity to meet many business leaders. Those contacts helped shape my professional goals. I also believe I received my degree from one of the top accounting programs in the US at the time, so my technical background and campus experiences in extracurricular activities also helped shape my professional goals. I also attended law school evening classes at Samford University, while working full time as a CPA. That legal training definitely helped in my career.

3. You were in the US Army, retiring as a Captain. Where were you posted and what was your service experience?I received a commission through the ROTC program at the University of Alabama. I began active duty in January 1968 at Ft. Campbell, Kentucky. I was programmed in my active duty orders to go to Vietnam as a Psychological Warfare Officer, being in country January 1969. But, the Army being what it was then, I never received my orders. So, I took the advice of the Colonel I reported to: “If the Army wants you to go somewhere, it will tell you.” I stayed at Ft Campbell for the rest of my active duty.
4. What has been your professional experience? I was with Arthur Young & Company (now E&Y) for 25 years, retiring as an Audit Partner. I worked in the National Office in New York City, the Birmingham Office, and the Salt Lake City office (where I was partner in charge of the Audit Department). I then joined Transco in Houston as Vice President of Internal Audit.   I also served for a time as Corporate Controller for Transco. After Transco was acquired by The Williams Companies, I shifted to a fraud-related career. I became a Certified Fraud Examiner. My career experience then included Jefferson Wells International as National Director of Forensic Services, UHY Advisers as a Principal in Litigation Services, and Morgan Garris Consulting as Managing Director. A few years ago, I formed Mixon Consulting Inc., which specializes in internal controls, fraud investigation, and forensic accounting.
5. How long have you been working on internal controls? As an audit partner, my focus was always more on internal controls than on technical accounting. I always believed that a company’s financial statements could be correct only if the company had effective internal controls. My fraud investigation work is driven by the internal control premise. To find a fraud perpetrator, you must be able to hypothesize how the fraud was committed and then figure out how control weaknesses allowed the fraud to occur. So, my entire career I have been an internal control person. It was only after I began fraud related work that I really got the training and experience in “thinking like a perpetrator.” That is the only way you can be successful. That ability and experience has served well in evaluating and designing FCPA-related controls because, in order to design a control, you must first be able to identify the actions the control should prevent. I have found that even many experienced CFO’s and Controllers do not have that ability.
6. Do the new COSO standards really change much or could they be characterized as fine-tuning? I believe the 2013 update was to take into account the changes in the business environment. So, it was fine tuning. The overwhelming majority of respondents preferred to retain the same basic framework as the original model. However, certain new sub-objectives were added. For example, one new sub-objective is that an internal control framework will not be considered effective unless it takes into account compliance with laws and regulations, such as FCPA. That acknowledgment is, I believe, very significant when designing a system of effective controls for FCPA purposes, because the original framework was geared more towards what are called “GAAP” controls — those designed to result in accurate financial statements.