Paul Zimbardo's  Instablog

Paul Zimbardo
Send Message
DISCLAIMER: Each article or comment written by this author is intended as general information only, and is not intended to provide specific advice, or due diligence to be relied on. As such, the information presented in any article or comment does not consider any reader’s personal investment... More
My blog:
Follow Paul on Twitter!
  • As a Consequence of the Frauds and Restatements Which Culminated in the Early 2000s, Regulators Focused on Internal Controls To Proactively Prevent Misstatements 0 comments
    Jan 5, 2010 10:55 AM | about stocks: HURN

    This is the final of three academic papers which I wrote this past semester while pursuing my Masters in Accounting about forensic accounting concepts. While this is especially pertinent for accounting professionals, I am a strong believer that all finance and investing professionals should at least be familiar with the procedures that are employed in preparing and auditing financial statements. This paper was prepared on December 2, 2009.

    As the economy and financial transactions continue to evolve, they often outpace the standards which are created to govern them. In addition, complex organizations and financial accounting rules present the opportunity for fraudsters to engage in deceptive activities. Another factor was the overall strength of the economy during this era. For example, the technology bubble caused the Nasdaq to reach a height of 5,000 versus 2,100 today. The high-tech stock bubble was due to unreasonable, irrational expectations and mispriced risk. As a result of these forces there was widespread pressure, opportunity, and rationalization for fraud and other misstatements. When all three elements of the fraud triangle are present, the environment is primed for inferior financial reporting quality. These factors led to the record-breaking bankruptcies and restatements that finally forced the regulators to act. The cornerstone piece of regulation was the Sarbanes–Oxley Act of 2002 (“Sarbanes”). Sarbanes will be discussed extensively below but one of the most significant provisions was that requirement that managers of public companies assert to the quality of their internal controls and have an independent auditor attest to those assertions. In order to understand why regulators targeted internal controls, it is important to first examine some of the largest frauds of this time period that caused the sweeping act.

    Despite being neither the first nor the largest bankruptcy of this time, Enron’s $63.4 billion bankruptcy in December 2001 was the highest profile of the time period due to its wide stock ownership. Enron began as a traditional utility company but its primary business quickly turned to packaging its utilities as financial instruments and derivatives. These instruments were marked-to-model (because no market existed) and the gain was recognized up-front, even if these transactions would ultimately bear no profit. Underlying these transactions was the use of Special Purpose Entities (SPEs) to conceal liabilities from the balance sheet. As a result of this manipulation and override by senior managers, Enron suffered dramatic losses when the energy market weakened. This caused a domino effect with the capitalization of SPEs and forced bankruptcy, thereby destroying the retirement and savings of employees and investors.

    Another bankruptcy that epitomizes the early 2000s is Peregrine Systems. Peregrine engaged in improper revenue recognition techniques to inflate the company’s revenue and stock price. The core fraud involved parking transactions in which Peregrine improperly recognized revenue for software contracts that the company had not completed. These agreements were non-binding sales that were entered into with the sole purpose of meeting analysts’ earnings expectations. Another practice used to inflate revenue was the premature recognition of legitimate sales by holding the books open at the end of quarters and the year end. To remove the phony receivables from their books, the receivables were commonly written off as one-time charges related to acquisitions. Making the fraud even more outlandish was the fact that Peregrine’s entire senior management team was involved in the scheme to pump the company’s stock price.

    The final straw for regulators was the $100 billion dollar bankruptcy of WorldCom which was the largest in US history at the time (surpassed by Lehman Brothers). WorldCom was a telecommunications service provider that acted like a high-growth company: the company became the industry leader by completing at least 65 acquisitions, which they accounted for very aggressively. As its stock price climbed, WorldCom pursued even riskier acquisitions financed with inflated equity. The company understated operating expenses by improperly releasing reserves held against operating expenses as well as by underreporting “line costs” (expenses with other telecom companies) by capitalizing these costs on the balance sheet rather than properly expensing them as incurred. The second vehicle for the fraud was overstating revenues by creating fictitious “corporate unallocated revenue accounts.” In addition to the inappropriate accounting, the founder and CEO, Bernard J. Ebbers received substantial off-the-book loans. The failures of Enron and WorldCom made the frauds much more personal as average investors suffered significant retirement losses: regulators could not avoid the public outcry.

    This is merely a sampling of a few of the major bankruptcy-frauds of the time and there are countless other high-profile examples such as Adelphia. Common themes in these frauds include a lack of management integrity, weak corporate governance, and minimal accountability for actions. All of these factors relate to the components of internal controls. In general, the safety nets in place to ensure reliable, accurate financial reporting were failing. Management was too preoccupied with managing earnings and stock option rewards too ensure that controls or reliable financials were in place. Audit committees viewed audits as commodities and generally provided minimal oversight. Auditors were complacent in this as they were guilty of failing to pursue audit red flags due to conflicts of interests related to non-audit fees. Another key problem for auditors was that they relied on self-regulation via peer reviews which did not enhance audit quality. Lastly, the regulators appeared to be asleep at the wheel, preferring to investigate the crash rather than actively prevent companies from failing.

    Now that you understand the magnitude of the egregious conduct, the question is why regulators turned to internal controls as the cure for the problem. The Committee of Sponsoring Organizations (COSO) defines internal controls as “a process effected by an organization’s structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives.[2]” The objective of internal controls is to ensure that the company is working towards its objectives, as well as make certain that there is reliable financial reporting and compliance with applicable laws and regulations. Internal controls place the burden on management to establish a framework for their organizations to continue successfully. Despite the clear importance of internal controls, companies have generally resisted their implementation because they are extremely costly and it was difficult for them to see the immediate return. “A FEI (Financial Executives International) 2007 study indicated that, for 168 companies with average revenues of $4.7 billion, the average compliance costs of Sarbanes 404 were $1.7 million.” Additionally, fewer than 25% of the respondents believed that the costs exceeded the benefits[3]. Notwithstanding these compliance costs, internal controls requirements are hardly a new phenomenon and have a history of use in the United States.

    The U.S. Foreign Corrupt Practices Act of 1977 (“FCPA”) focuses primarily on antibribery but does include “Books and Records and Internal Control Provisions”, which require that public companies “keep books and records that accurately reflect business transactions and to maintain effective internal controls.[4]” While the FCPA laid the foundation, the Sarbanes-Oxley act brought internal controls to a new level. When “former President George W. Bush signed [Sarbanes] into law, he [stated that] it included ‘the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt.[5]’” It is likely that neither the President nor the regulators knew at the time how significant of an impact Sarbanes would have on financial reporting due to its strengthening of internal controls.

    Sarbanes and its emphasis on internal controls was able to fix the financial reporting “safety net”. The focus of management was returned to successfully operating the business due to increased legal requirements. Specifically, senior managers had to sign the financial statements as well as establish, monitor, and report on internal controls. Violations could carry significant personal penalties and the increased potential jail time provided the necessary force to improve financial reporting. Sarbanes also enhanced the regulations for the audit committee by requiring that each audit committee have a financial professional. The audit committee was given the responsibility of providing oversight for the audit to minimize conflicts of interests. Perhaps the most significant provision next to the internal control requirement was the separation of services that auditors could provide for their public audit clients. To further reduce the conflict of interest for auditors, Sarbanes prohibited auditors from providing certain services, such as bookkeeping and financial system design, to their audit clients because they would effectively be auditing their own work. Another important element of Sarbanes was the creation of the Public Accounting Oversight Board (PCAOB) which would provide continuous feedback for auditors to finally bring about improvements in audit quality. As mentioned above, the most significant inclusion in Sarbanes is Section 404: Management Assessment of Internal Controls.

    Similar to the SEC’s approach with materiality in SAB 99, it would have been inappropriate for regulators to have developed precise procedure for all companies; however, more overriding guidelines were more suitable. By requiring companies to report on their internal controls and have them audited by their external auditor, the SEC is able to avoid a one-size-fits-all solution that shifts the burden to determine adequacy to the individual companies. For example, if one company identifies a certain area as a weakness, they are required to take additional measures to compensate for it.  In addition, the SEC was clearly offended by the pattern of conduct in the industry. In the past frauds would follow a predictable, reactive pattern:

    • Management and/or employees engage in fraudulent conduct
    • Fraudulent activities are detected by whistleblowers, internal auditors,
    • Board of directors engages investigative counsel and forensic accountants to probe the extent of damages and the parties involved
    • Corporations restate their earnings and take other corrective personnel actions if necessary
    • SEC may begin and investigation, potentially leading to an enforcement action and remedial measures
    • Significant economic losses occur along the way

     In sum, regulators focused on internal controls to change the orientation of anti-fraud measures from a reactive to proactive stance. This allowed companies to avoid the costly pattern above and rely on less expensive preventative measures. Sarbanes does look expensive in isolation but the cost estimates fail to take into account the costs associated with misstatements.

    While internal controls appear to have been effective, there is certainly argument on either side of the debate. Former Federal Reserve Chairman Alan Greenspan and SEC Chairman Christopher Cox are supporter of Sarbanes and there are numerous studies which indicate that Sarbanes has improved investor confidence. On the other hand, there are many detractors who believe that the costs far exceed the benefits. A December 2008 Wall Street Journal editorial argues that Sarbanes is making it too costly for companies to register on stock exchanges in the United States by citing the National Venture Capital Association. “In all of 2008 there have been just six companies that have gone public. Compare that with 269 IPOs in 1999, 272 in 1996, and 365 in 1986.[6]” While it is true that Sarbanes is expensive, the fact that IPOs have been declining since well before Sarbanes was passed should negate the authors point. The fact that only eight companies went public in 2008 is most likely due to the credit crisis and plummeting stock market. One notable Congressman who opposed Sarbanes is Congressman Ron Paul who cosponsored the Due Process and Economic Competitiveness Restoration Act because he believed that Sarbanes “has raised the costs of doing business, thus causing foreign companies to withdraw from American markets and retarding economic growth.[7]” Recently Sarbanes was permanently amended to exclude companies with market capitalizations under $75 million from Section 404. Clearly the debate regarding the effectiveness of Sarbanes is far from over.

    Unfortunately the rate of financial misconduct has only accelerated since the early 2000s as SEC investigations continue to set annual records; however it is likely that much of this relates to the financial crisis of 2008-2009. Despite these regrettable statistics, I believe that Sarbanes was effective at improving both audit quality and investor confidence. It is true that compliance is expensive but one only needs to examine Siemens and its $1.3 billion fine for evidence of how costly inappropriate conduct can be. Regulators correctly focused on internal control reporting by management and the auditor because it is a relatively cost effective way to proactively prevent misstatements and their associated costs.

    [1] Baue, William Restatements of Annual Filings Continue to Rise. Social Funds 27 January 2004.

    [2] Internal Controls – Integrated Framework 2010.

    [3] FEI Survey: Average 2007 SOX Compliance Cost $1.7 Million 30 April 2008.

    [4] The FCPA Explained. Foley & Lardner.

    [5] Bumiller, Elisabeth Bush Signs Bill Aimed at Fraud In Corporations. New York Times. 31 July 2002.

    [6] Malone, Michael S. Washington Is Killing Silicon Valley. Wall Street Journal.

    [7] Paul, Ron. Repeal Sarbanes-Oxley! Speech Before The House of Representatives. 14 April 2005.

    Disclosure: No Positions
    Stocks: HURN
Back To Paul Zimbardo's Instablog HomePage »

Instablogs are blogs which are instantly set up and networked within the Seeking Alpha community. Instablog posts are not selected, edited or screened by Seeking Alpha editors, in contrast to contributors' articles.

Comments (0)
Track new comments
Be the first to comment
Full index of posts »
Latest Followers


More »

Latest Comments

Most Commented
Instablogs are Seeking Alpha's free blogging platform customized for finance, with instant set up and exposure to millions of readers interested in the financial markets. Publish your own instablog in minutes.