Massive corporate fraud scandals involving Enron, Tyco and other companies forced Congress to take a fresh look at public company auditing. Since then, laws have toughened and companies have been forced to endure more scrutiny of their financial statements than ever before.
But, simply installing internal controls, auditors and auditing committees does not ensure that fraudulent financial reporting will be detected, according to Bill Wagner, shareholder/director of Sommer Barnard PC.
Smart Business spoke with Wagner about why it’s difficult for companies to detect fraudulent reporting and what to do to ensure all financials are properly disclosed.
Why is fraudulent reporting hard to detect?
Contrary to popular belief, fraudulent financial reporting is not obvious. Companies hire auditors who review records and typically certify that financial statements ‘fairly present’ the financial position of the company, in conformity with generally accepted accounting principles. Audit committees and the lawyers they work with don’t typically have the degree of oversight to go out and look at the company’s physical assets and decide appropriate amortizations. They might not know whether the company should set up an expense as a prepaid expense or expense the transactions as they go along, or whether the company should record prepaid receipts instead of accounting for the income as it’s earned. That’s why audit committee members need to ask tough questions of the company’s auditor, on the record, to understand how transactions are handled and how they affect profit and loss statements.
Didn’t Sarbanes-Oxley (SOX) fix this?
When Congress passed SOX, it intended to provide a comprehensive framework to reform oversight of public company auditing, improve the quality and transparency of companies’ financial reporting, and strengthen auditors’ independence. SOX has been evolving. For example, effective Sept. 10, 2007, the Securities and Exchange Commission (SEC) issued a final rule requiring CEOs and CFOs to disclose ‘significant deficiencies’ in the design or operation of internal control over financial reporting that’s reasonably likely to adversely affect the company’s ability to record, process, summarize and report financial information to the external auditor and audit committee. Specifically, the SEC’s guidance provides for a top-down, risk-based evaluation of a company’s assessment of its internal control over financial reporting. Before the new rule, SOX required a company to certify that it disclosed any ‘material weakness’ in the internal controls. The SEC decided to strengthen the amount of oversight by broadening what must be disclosed.
The majority of those commenting on the SEC’s proposed rule felt that the proposed definition would permit the exercise by management and independent auditors to determine those deficiencies that are important enough to merit attention by those responsible for oversight of financial reporting. But, requiring further disclosures by management isn’t enough to protect an audit committee member who isn’t diligent.
What are audit committees to do?
During a round-table discussion in 2002, Warren Buffett, chairman of Berkshire Hathaway, suggested that every audit committee should ask the company accountant or auditor, on the record, the following:
- Is there a range of accounting methods that could have been used to prepare the corporation’s books? If so, would you have handled the preparation of the books differently than the way management handled it? If so, is the difference material or immaterial?
- Do you know [assuming you’re talking on a quarterly basis] of any operational or accounting facts that I as an audit committee member should know about in which revenue or expenses were moved from one quarter to another, or of any abundance of orders on March 29, or a lot of bill and hold, or extended terms that I wouldn’t know unless a trade survey was conducted?
- On a scale of 1 to 10, with 10 being most aggressive, how would you rate this company’s accounting in terms of aggressiveness, and what would it take to go from a 9 to a 10?
Audit committee members need to understand how transactions are handled and how they affect profit and loss statements. Once they understand the basics, they’ll zero in on more direct questions to examine the company’s handling and reporting of its finances. Auditors have to be prepared to answer the tough questions. Audit committee members need to ask if the auditor is aware of any operational or accounting activities that had the effect of moving revenue or expenses between quarters, like trade loading, bill and hold, extended dating or anything used to bolster a weak quarter.
As Buffett explained, do you want Doberman Pinschers or Cocker Spaniels on the audit committee? With Dobermans, it’s easier for the auditor to report back to management that the audit committee or directors are concerned. Reporting must be less aggressive or managers will get reported and have to answer to the audit committee, board of directors or shareholders.
By informing the auditors and management that these questions will be asked at every audit committee meeting, it can modify behavior because the auditors and management won’t want any record that will be subject to someone, like a class-action plaintiff’s lawyer, looking at it critically at a later date.
BILL WAGNER is a shareholder/director of Sommer Barnard PC and has represented audit committees, corporations, and officers and directors in developing internal controls to address fraudulent financial reporting and conduct internal investigations. Reach him at firstname.lastname@example.org.