Massive corporate fraud scandals
involving Enron, Tyco and other companies forced Congress to take a fresh look at public company auditing. Since
then, laws have toughened and companies
have been forced to endure more scrutiny of
their financial statements than ever before.
But, simply installing internal controls,
auditors and auditing committees does not
ensure that fraudulent financial reporting will
be detected, according to Bill Wagner, shareholder/director of Sommer Barnard PC.
Smart Business spoke with Wagner about
why it’s difficult for companies to detect
fraudulent reporting and what to do to
ensure all financials are properly disclosed.
Why is fraudulent reporting hard to detect?
Contrary to popular belief, fraudulent financial reporting is not obvious. Companies hire
auditors who review records and typically
certify that financial statements ‘fairly present’ the financial position of the company, in
conformity with generally accepted accounting principles. Audit committees and the
lawyers they work with don’t typically have
the degree of oversight to go out and look at
the company’s physical assets and decide
appropriate amortizations. They might not
know whether the company should set up an
expense as a prepaid expense or expense the
transactions as they go along, or whether the
company should record prepaid receipts
instead of accounting for the income as it’s
earned. That’s why audit committee members need to ask tough questions of the company’s auditor, on the record, to understand
how transactions are handled and how they
affect profit and loss statements.
Didn’t Sarbanes-Oxley (SOX) fix this?
When Congress passed SOX, it intended to
provide a comprehensive framework to
reform oversight of public company auditing,
improve the quality and transparency of companies’ financial reporting, and strengthen
auditors’ independence. SOX has been evolving. For example, effective Sept. 10, 2007, the
Securities and Exchange Commission (SEC)
issued a final rule requiring CEOs and CFOs
to disclose ‘significant deficiencies’ in the
design or operation of internal control over financial reporting that’s reasonably likely to
adversely affect the company’s ability to
record, process, summarize and report financial information to the external auditor and
audit committee. Specifically, the SEC’s guidance provides for a top-down, risk-based
evaluation of a company’s assessment of its
internal control over financial reporting.
Before the new rule, SOX required a company to certify that it disclosed any ‘material
weakness’ in the internal controls. The SEC
decided to strengthen the amount of oversight by broadening what must be disclosed.
The majority of those commenting on the
SEC’s proposed rule felt that the proposed
definition would permit the exercise by management and independent auditors to determine those deficiencies that are important
enough to merit attention by those responsible for oversight of financial reporting. But,
requiring further disclosures by management
isn’t enough to protect an audit committee
member who isn’t diligent.
What are audit committees to do?
During a round-table discussion in 2002,
Warren Buffett, chairman of Berkshire
Hathaway, suggested that every audit committee should ask the company accountant
or auditor, on the record, the following:
- Is there a range of accounting methods
that could have been used to prepare the corporation’s books? If so, would you have handled the preparation of the books differently
than the way management handled it? If so, is
the difference material or immaterial? - Do you know [assuming you’re talking
on a quarterly basis] of any operational or
accounting facts that I as an audit committee
member should know about in which revenue or expenses were moved from one
quarter to another, or of any abundance of
orders on March 29, or a lot of bill and hold,
or extended terms that I wouldn’t know
unless a trade survey was conducted? - On a scale of 1 to 10, with 10 being most
aggressive, how would you rate this company’s accounting in terms of aggressiveness,
and what would it take to go from a 9 to a 10?
Audit committee members need to understand how transactions are handled and how
they affect profit and loss statements. Once
they understand the basics, they’ll zero in on
more direct questions to examine the company’s handling and reporting of its finances.
Auditors have to be prepared to answer the
tough questions. Audit committee members
need to ask if the auditor is aware of any
operational or accounting activities that had
the effect of moving revenue or expenses
between quarters, like trade loading, bill and
hold, extended dating or anything used to
bolster a weak quarter.
As Buffett explained, do you want
Doberman Pinschers or Cocker Spaniels on
the audit committee? With Dobermans, it’s
easier for the auditor to report back to management that the audit committee or directors are concerned. Reporting must be less
aggressive or managers will get reported and
have to answer to the audit committee, board
of directors or shareholders.
By informing the auditors and management
that these questions will be asked at every
audit committee meeting, it can modify
behavior because the auditors and management won’t want any record that will be subject to someone, like a class-action plaintiff’s
lawyer, looking at it critically at a later date.
BILL WAGNER is a shareholder/director of Sommer Barnard PC
and has represented audit committees, corporations, and officers
and directors in developing internal controls to address fraudulent financial reporting and conduct internal investigations. Reach
him at [email protected].