Wednesday, March 30, 2005
Late Filings: Has Section 404 Become A Scapegoat?
Is The Sarbanes-Oxley of 2002 and the internal control provisions of Section 404 making it difficult for companies to file their financials on time?
That's certainly what critics of the landmark governance legislation would like others to believe.
They will no doubt point to the fact that according to Glass, Lewis, nearly 300 companies sought an extra 15 days so they can complete their 2004 year-end results. This compares with 59 companies that filed for extensions for filing their 2003 annual reports and 51 companies the prior year, according to the proxy research firm. This must mean companies are having trouble completing their internal controls assessments on time.
However, a closer look at the data shows that Sarbanes-Oxley and SOX 404 actually played a less significant role than the "anti-SOX" set would suggest.
posted by Brian Moran @ 2:13 PM
Corporate backlash over Sarbanes-Oxley
That sliver of the law, called Section 404, requires companies and third- party auditors to document, in rigorous detail, their procedures for assuring the accuracy of their financial statements. It further forces companies to disclose any weaknesses in those procedures, called internal controls.
Companies blame Section 404 for billions of dollars in auditing and legal costs that they say are out of whack with whatever safeguards investors might gain. Last week, thousands of publicly held companies scrambled to meet their first filing deadline under Section 404. Many filed for 15-day extensions.
The debate appears headed for a showdown between powerful corporate interests and shareholder-rights groups concerned that tinkering with Section 404 will lead to a weakening of hard-won antifraud measures.
"It's intense and it's costly and it's never enough," said Gregory Lichtwardt, executive vice president and chief financial officer of Conceptus Inc., a San Carlos maker of surgical devices with fiscal 2004 sales of $11.6 million. "We will spend $1.5 million (to comply with Section 404), between the cost of outside consulting and outside auditors."
posted by Brian Moran @ 10:58 AM
Tuesday, March 29, 2005
Red flags: At least 9 companies snagged by Sarbanes
The federal Sarbanes-Oxley Act is forcing public companies in Washington and around the nation to drag skeletons out of corporate closets and re-evaluate long-standing accounting practices.
After spending millions of dollars and putting in months of effort to comply with the law's Section 404, which kicks in this year, many companies are reporting serious problems with their internal controls.
At least nine public companies in Washington, ranging in size from smaller concerns like Internet security provider Watchguard Technologies Inc. to giants like Shurgard Storage Centers Inc., have reported deficiencies or "material weaknesses" in their internal controls. Even Starbucks Corp. was swept up in the fray. (See accompanying table.)
Eleven percent of public companies nationwide have reported such deficiencies or weaknesses, according to the Washington, D.C.-based CFO Executive Board, a division of business research company Corporate Executive Board.
posted by Brian Moran @ 10:53 AM
Monday, March 28, 2005
SOX Impact on Tax Accounting
Tough Audit Standards Boost Tax Coffers
NEW YORK (Reuters) - Corporate America is suddenly discovering it owes Uncle Sam a lot of money -- and investors are suffering as a result.
In the past few weeks a series of major companies, including photographic firm Eastman Kodak (NYSE:EK - news), ConAgra Foods Inc. (NYSE:CAG - news) and telecommunications company MCI Inc. (Nasdaq:MCIP - news), have disclosed that they need to adjust their financial results because they owe or may owe more taxes than initially reported in recent years.
On Thursday, for example, ConAgra said it had missed aggregate tax payments of between $150 million and $200 million for periods dating back to 2003.
This windfall for the Internal Revenue Service (news - web sites) is at least partly the result of the crackdown on company bookkeeping triggered by the accounting scandals of recent years.
In particular, section 404 of the Sarbanes-Oxley Act has forced companies to introduce tough new internal controls, while another part of the law prompted companies to use different accounting firms as tax advisors than they use as auditors.
In many cases this has effectively led not only to re-examination of accounts previously announced, but has also led to a fine-tuning of tax reporting systems.
"As companies tighten their internal control structures they are not only going to improve financial reporting but will also improve their tax reporting as well," said Roger Siefert, managing director at the accounting and litigation practice of investigative firm Kroll Inc.
TAX ACCOUNTS VS GAAP
The recent spate of tax errors also reveal the hazards associated with the dual accounting system in the United States, under which companies keep two sets of books. There is one main book, that follows GAAP (generally accepted accounting principles) accounting and is widely followed by investors, creditors and regulators.
The second book is for income tax authorities and takes into account various allowances and adjustments. The adjustments usually include items like depreciation and depletion of various assets and other tax benefits put in place by policymakers.
Experts say stricter auditing standards are now helping companies detect when they previously made the wrong adjustments to GAAP books to arrive at the numbers submitted to the IRS.
"Essentially it boils down to 'did you include everything you should include in your tax returns?'," says Joshua Livnet, accounting professor at New York University's Stern School of Business.
The Internal Revenue Service also agrees Sarbanes-Oxley will make it easier for it to catch aggressive tax filers. "We think it will be healthy because the GAAP financials will be cleaner," said Bruce Ungar, the deputy commissioner for large and mid-sized businesses at the IRS.
Sarbanes-Oxley notwithstanding, Ungar says the IRS itself is becoming stricter with companies as well. From this year, it is asking companies to file a new document, Form M3, to detail how tax accounts were reconciled from GAAP accounts.
"It will shed more light on those returns and we will have a better mechanism to reconcile why the tax returns are different from the book numbers," Ungar said.
A key change in auditing practice this year has been the separation of tax compliance from auditing, allowing deeper probes into the way tax reconciliations have been made.
In the past, said Russell Wieman, a Detroit-based tax partner for accountants Grant Thornton, auditors would pay close attention to GAAP accounting but take only a cursory look at tax accounts.
"The auditor didn't typically spend a whole lot of time on things like depreciation," he said.
The taxman is, though, not always the winner.
AMCOL International Corp. (NYSE:ACO - news), an Arlington Heights, Illinois-based minerals company discovered this month that the IRS owes it at least $4 million after it reviewed results dating back to 1996.
posted by Brian Moran @ 9:03 AM
Thursday, March 24, 2005
Accounting checks delay 10-K filings
WASHINGTON (MarketWatch) -- Hundreds of publicly traded U.S. companies have missed the deadline to file expanded versions of their annual reports, citing the cumbersome requirements of legislation intended to crack down on corporate fraud.
Companies are largely blaming it on the Sarbanes-Oxley Act of 2002. The landmark corporate-reform legislation mandates audited statements attesting to the status of internal procedures for ensuring clean accounting.
In the debate leading up to the law's passage, many companies had said that the extra work would suck up resources, and cost money. It also appears to be taking companies' and auditors' time.
"This is the first time they're actually having to report on the status of their control structures," said Eisha Tierney Armstrong, managing director of the CFO Executive Board, a research firm based in Washington.
Between Jan. 1 and March 15, 2004, a total of 70 companies told the Securities and Exchange Commission they needed more time to file their Form 10-K, or annual reports, with the agency.
But this past March 16 was the deadline, and the number leaped to nearly 300 during this year's comparable period, according to a study by the CFO Executive Board.
That number rose to 469 companies as of last week, according to the SEC.
"The last-minute rush of requests for 15-day extensions wasn't unexpected," said Patrick McGurn, vice president of proxy-advisory firm Institutional Shareholder Services, in an e-mail interview.
Under the Sarbanes-Oxley law, which Congress passed in the aftermath of the Enron and WorldCom scandals, company officers in their annual reports must include an update on so-called internal controls to safeguard against bogus accounting.
An outside auditor must also certify the assessment made by top executives.
The letters written by company officials are worded carefully to leave little room for interpretation. In a filing by Atrion Corp. (ATRI: news, chart, profile) , Chief Executive Emile Battat writes the report contains no falsehoods or omissions "based on my knowledge."
Accounting firms are similarly striving to be unambiguous in their statements.
In their requests for more time, several companies have identified shortcomings in assembling their accounting controls.
None of this has caught the SEC by surprise. The agency has told companies it is willing to listen to their concerns about the law and is convening meetings next month to solicit opinions about how to improve the reporting requirements.
Earlier this month, SEC Chairman William Donaldson said he expected "a number of companies" to announce failure to complete reports on time. He also said it shouldn't be cause for alarm with investors.
Indeed, stock prices of the companies seeking deadline extensions generally haven't moved dramatically.
Corporate governance watchers say this season has been stressful on chief executives and companies who are filing these reports for the first time.
"The problem with [Sarbanes-Oxley] has been its complexity and the newness of the whole process," said John Palafoutas, chief lobbyist for the American Electronics Association. "CEOs have had their pants scared off them by their accounting firms."
More than half of chief financial officers at companies reporting about weaknesses in their internal controls are changing jobs around the time that disclosures are being made, according to the CFO Executive Board.
It's also been an expensive season for companies, according to a report from Financial Executives International. The group surveyed 217 public companies with average revenues of $5 billion to measure compliance costs -- the money spent for software, consulting and external audits.
Those companies' total costs for complying with the law this year averaged $4.36 million, up 39 percent from the $3.14 million they expected to pay when surveyed in July 2004.
Courses have even sprung up in Sarbanes-Oxley compliance, like the one run by a company called Sarbanes-Oxley Group in Clifton, N.J. "There's one piece that's really missing -- that seems to be the education piece," said Sanjay Anand, who chairs the organization.
He said he expects more registrants for his classes. "This is not going to go away," he said.
Armstrong of the CFO Executive Board says that while investors may have given companies a "hall pass" on compliance with Sarbanes-Oxley's internal control requirements so far this year, "next year they may not be so forgiving."
posted by Brian Moran @ 8:54 AM
Monday, March 21, 2005
Gaining Strength From Sarbox
Sarbanes-Oxley compliance may be a burden, but it's helping some companies improve operations at various levels
By Steven Marlin
To hear many company executives tell it, the Sarbanes-Oxley Act has been a monumental burden, sucking up time and resources without making their businesses more competitive.
At MasterCard International Inc., complying with Sarbanes-Oxley financial-reporting regulations required 45,000 staff hours of work provided by its consultant, Deloitte & Touche, and its external auditor, PricewaterhouseCoopers. "The cost has been overbearing," says Chris McWilton, CFO at the charge-card company with $2.6 billion in revenue.
But MasterCard is trying to get something back from that investment. A post-mortem of its Sarbanes-Oxley compliance effort, looking at what worked and didn't work, found inconsistent documentation of financial controls, as well as ones that should have been automated. Among the lessons learned is that "standardization of processes minimizes the risk of misstatements on financial reports," McWilton says.
posted by Brian Moran @ 7:01 PM
Friday, March 18, 2005
Ignorance no defense
THE higher they are, the harder they fall. Bernard Ebbers, former WorldCom CEO, is no exception.
Little solace, perhaps, to former employees and investors who lost jobs and billions of dollars in the collapse of Ebbers' telecommunications giant. But for a chief executive snared in a greedy corporate web of epic proportions, it is justice at last after three years of waiting.
Ken Lay can't be sleeping well after Ebbers' convictions on all nine counts against him for securities fraud, conspiracy, and filing false documents in an $11 billion accounting scandal that drove WorldCom into the largest U.S. bankruptcy ever.
If the former Enron CEO goes with the same defense strategy that Ebbers' attorneys did, with assertions that the defendant was unaware that company executives directly accountable to him were cooking the books, acquittal may not be in the cards for Mr. Lay, either.
posted by Brian Moran @ 9:33 AM
Verdict sends ripples through Scrushy trial
BIRMINGHAM -- A prosecutor trying to send fired HealthSouth CEO Richard Scrushy to prison in a huge accounting scandal said the conviction of former WorldCom Inc. chief Bernard Ebbers on fraud charges Tuesday shows juries can "connect the dots" in complex financial cases.
Scrushy's defense said the trials present two vastly different scenarios, with Scrushy on trial on fraud charges in the city where he lives and is known for generous philanthropy. But an expert in corporate crime cases said the Ebbers verdict in New York was bad news for Scrushy.
"Bernie Ebbers had a much better chance of getting off than Richard Scrushy," said Paul Lapides, director of the Corporate Governance Center at Kennesaw State University near Atlanta.
Ebbers, who went on trial the same day as Scrushy, faces as long as 85 years in prison after being convicted on all charges in an $11 billion accounting fraud that bankrupted the telecommunications company he built from humble beginnings in Mississippi.
posted by Brian Moran @ 9:25 AM
Thursday, March 10, 2005
Law on CEO Awareness on Trial With HealthSouth's Scrushy
Fear began to overwhelm Weston L. Smith soon after Congress passed a law requiring top executives to vouch for the accuracy of their books.
Within days of the 2002 law, Smith refused to certify documents that he feared could expose him to prison time for inflating profit. Then, under pressure from co-workers, he wavered and agreed to sign them. Months later, the HealthSouth Corp. finance chief wavered again -- turning in the company he worked for and touching off the nation's first major prosecution of a chief executive under the new law.
Since opening statements six weeks ago, the criminal trial of Smith's former boss, Richard M. Scrushy, has underscored how high the stakes have become for top corporate executives. Under the law, key executives at more than 12,000 companies are required personally to vouch for the numbers they provide regulators and investors in securities filings. If those numbers are phony, they face a maximum of 20 years in prison.
But that law is only now beginning to be tested in court.
Lawyers and governance experts across the nation are closely watching the trial in Birmingham as a bellwether for the strength of the new law. Members of Congress designed the measure as a way to hold executives accountable, after former chief executives at Enron Corp. and WorldCom Inc. claimed ignorance of huge frauds that helped force their companies into bankruptcy protection and cost investors billions of dollars.
For his part, Scrushy contends that he was duped by subordinates. While prosecutors have not produced documents tying Scrushy to the fraud, they have amassed more than a dozen guilty pleas from HealthSouth officials, including all five of the company's former finance chiefs, who agreed to testify against Scrushy in exchange for leniency in sentencing.
"An acquittal in this case would severely undermine the utility of the criminal certification statute in future prosecutions," said Michael L. Zuppone, a former Securities and Exchange Commission lawyer who now represents business clients.
The threat of prison time may be the biggest force driving business leaders to promote good corporate practices in the past few years, experts said. Losing a case such as the Scrushy prosecution, in which the government has audiotapes of the defendant and so many corporate insiders lining up to testify, could help contribute to a growing backlash against government regulation of business interests.
"The certification symbolically brought home to CEOs and CFOs that it's not just a general idea of responsibility but that it's very specific," said Peter C. Clapman, senior vice president and chief counsel for corporate governance at TIAA-CREF, a New York investment firm.
So far, regulators have used the new requirement that top officials certify their companies' numbers to pursue a smattering of other cases. SEC regulators have filed at least six other civil enforcement cases against corporate officials using the measure, which is part of a broader package of corporate reforms known as the Sarbanes-Oxley law. Criminal authorities proceeded in at least two of those cases, now pending in federal courts in Oregon and New York.
"The certification requirements make it much harder for top management to pass the buck by blaming lower-level employees or a rogue subsidiary for improper accounting that leads to inaccurate financial statements," said Washington corporate defense lawyer W. Neil Eggleston.
To prevail in a criminal case, however, government lawyers must prove that the executives intended to break the law -- typically a tough case to make since corporate officials rarely leave a paper trail if they are engaging in fraud, said former SEC lawyer Jacob S. Frenkel.
That burden may be even more insurmountable at large companies, where top executives have tried to build structures to protect themselves by forming multiple layers of checks and balances since the law took effect in the summer of 2002.
Many chief executives and finance chiefs require employees further down the chain of command to prepare their own written certifications, modeled on documents the top officials must sign. The process helps top executives establish a record that they took reasonable steps to ensure accurate numbers.
Colleen S. Cunningham, chief executive of Financial Executives International, a trade group for finance officials, said about 90 percent of public companies require the heads of individual business units to sign their own internal certification letters.
"It just adds an extra degree of comfort," Cunningham said. "If someone doesn't sign it, you're scratching your head and saying, 'Maybe I should spend more time at that unit.' "
Legal experts say the principle of chief executive awareness lies at the heart of the ongoing Scrushy trial, where three former HealthSouth finance executives already have testified that Scrushy ordered them to "fix" or "help" the numbers to meet ambitious earnings targets dating to the mid-1990s. In all, prosecutors say, a long-running fraud at the rehabilitation hospital chain amounted to $2.7 billion.
Smith, who has yet to be sentenced on related criminal fraud charges to which he pleaded guilty in 2003, is expected to take the witness stand later this month in the government's case.
William T. Owens, Smith's friend and former colleague, testified last month that Smith agitatedly told him in August 2002, less than a week after the Sarbanes-Oxley law passed, that he "just couldn't sign the certifications and was quitting."
U.S. Attorney Alice H. Martin, who is leading the Scrushy prosecution, successfully batted back an attempt last year by defense lawyers to have the law declared invalid because it was allegedly too vague for the average corporate official to understand.
In her opening statement to jurors in January, Martin highlighted wildly inaccurate securities filings signed by Scrushy -- who she said spent more than $200 million on fancy cars, diamond jewelry and waterfront property, mostly in profit from sales of HealthSouth stock, between 1996 and 2002.
"Richard Scrushy gave phony numbers to the public," she said. "The purpose was to make HealthSouth look like it was making more money than it was."
posted by Brian Moran @ 9:15 AM
Time to reassess 404 compliance
Dual-listed companies should take time to reassess their compliance programmes for section 404 of the Sarbanes-Oxley Act, experts have warned.
The advice comes after the decision to extend the deadline for non-US companies by a further year.
Last week the US Securities and Exchange Commission, headed by William Donaldson, announced that companies registered with the body but listed in other countries now have until their financial year ending on or after 15 July 2006 to comply with section 404.
Before this policy change, many UK companies were rushing through a compliance programme to meet the tight deadline.
'Given the burdens in designing and implementing Section 404 compliance for smaller and non-US companies, this extension strikes the right balance,' said SEC's director of corporation finance Alan Beller. 'Companies should use the extension to improve the quality of their efforts.'
With an additional 12 months to meet the stringent requirements of section 404, which demands company directors and auditors make public statements on the effectiveness of internal control, businesses are being advised to take advantage of the breathing space and look at the direction their projects are going in.
'Now is the time for companies to step back, look at their plans and decide if it is still the best way forward,' said Fiona Sheridan, director in business risk services at Ernst & Young.
But she warned that this process must not be dragged out and cause compliance programmes to drift.
'If, companies begin trying to maximise value from the project, it could cause a loss of momentum,' Sheridan said. 'Objectives could shift and they could become complacent.'
posted by Brian Moran @ 9:04 AM
Wednesday, March 09, 2005
Audit Committees Take Aim at Fraud
By Gary Larkin, Managing Editor, Audit Committee Insights
When it comes to malfeasance, audit committees face a Herculean task in this post-Enron world: assessing the risk of management overriding internal controls, which can lead to financial statement fraud.
An average of 25 months passes between financial statement fraud being perpetrated and its discovery, according to "Report to the Nation on Occupational Fraud and Abuse," a report by the Association of Certified Fraud Examiners. By the time financial reporting fraud has been discovered, the damage has already been done to the company's reputation -- as well as its coffers.
The stakes could not be higher. Financial reporting fraud has more than doubled since 1998, to 7 percent of frauds committed, according to the KPMG Forensic Fraud Survey in 2003. And consider that while financial reporting fraud makes up a small percentage of total corporate crime, it represents a large majority of total costs from malfeasance. The average annual cost was more than $250 million for companies suffering from fraudulent financial reporting, according to the KPMG survey.
But for audit committees, making sure that management does not override internal financial controls seems nearly impossible. Other than a good whistleblower system, how can audit committees help stem financial reporting fraud?
To begin, they can improve communications with key parties involved in the financial reporting process, and come to the realization that the risk of fraud exists at every organization.
That's part of the message of "Management Override of Internal Controls: The Achilles' Heel of Fraud Prevention," a document from the Antifraud Programs and Controls Task Force of the American Institute of Certified Public Accountants.
"Our [report] outlines specific steps audit committees can take to address the risk of management overriding established internal safeguards," says John Morrow, AICPA vice president of business and industry. "Had audit committees taken these steps, many financial frauds may have been prevented."
The AICPA task force defines management override of internal controls in several ways. It can be misstating the nature of transactions, recording fictitious transactions, changing the timing of recognition of real transactions, abusing reserves to manipulate results, and altering records related to such transactions.
These types of management overrides allegedly occurred at Enron, WorldCom, and HealthSouth.
The consensus among audit committee members, academics, and auditors who collaborated on the AICPA document is that audit committees must build a strong internal communication network through which the possibility of management override of internal controls is discussed.
"I would put the audit committee into executive session and have them ask, 'where are we vulnerable, where can management be overriding internal controls, where are they concealing it?'" says Mark Beasley, an accounting professor at North Carolina State University who sat on the task force.
"I would bring the external auditor and internal auditor into separate executive sessions," he says.
Beasley goes as far as calling for representatives from human resources and general counsel to attend executive sessions. "If we are seeing things on the HR side where people are leaving the company because they are uncomfortable, that may be a sign something's wrong," Beasley says.
Via an extensive information network that includes external and internal auditors, the compensation committee, and key employees, an audit committee improves the likelihood that it will discover management override of internal controls.
"The audit committee has to constantly assess the integrity of management," says Dan L. Goldwasser, an audit committee member for New York-based pharmaceutical company Forest Laboratories. "There are things to look for. The easiest way is to keep tabs on management's perks."
Goldwasser, who served on the task force and also is a partner with the law firm of Vedder, Price, Kaufman & Kammholz in Chicago, believes the audit committee should be responsible for guiding internal and external auditors in reducing the risk of management override of internal controls.
Les Hand, a partner with KPMG's forensics practice, advised the AICPA task force. He sees the audit committee as vital to stopping financial reporting fraud.
"The audit committee plays an important role in the detection process by helping ensure the company's fraud risk plan is in place and that meetings are held with key gatekeepers," Hand says.
Hand cites an idea that one of his clients decided to try as a fraud prevention measure. An audit committee Hand has worked with brainstormed with management, internal audit, and the external auditor to identify key strategic risks. Then, each leader of the company's business units made a presentation, quantifying major financial reporting fraud risks.
"The business unit leader has to talk about what controls there are," he adds. "The audit committee says, 'tell me how you monitor that.'"
Dana Hermanson, an accounting professor at Kennesaw State University in Kennesaw, Ga., suggests that middle and lower management should be a part of any information network. Hermanson has found that CEOs or CFOs were implicated in more than 80 percent of financial reporting fraud from 1987 to 1997.
"In an accounting fraud setting, boards [that interact] only with the CEO and CFO may just be talking to the main perpetrators of the fraud," he says. "Because so many accounting frauds are orchestrated by top executives, boards and audit committees need access to personnel beyond the small group of top executives."
In addition to an information network and whistleblower program, the AICPA task force recommends that audit committees maintain skepticism towards management and strengthen their understanding of the business. They also should brainstorm to identify fraud risks and use the code of conduct to assess financial reporting culture.
"The idea is they have to be skeptical," says Michael P. Glynn, technical manager of Audit and Attest Standards for AICPA. "They can't take the management's word on everything. The audit committee has to be aware that management isn't going to come up and say, 'We're overriding controls.'"
Glynn explains that often financial reporting fraud isn't done maliciously, but instead can happen when management is about to miss an earnings target.
Energy trader Enron and telecommunications company WorldCom (now MCI) are two of the most prominent examples of alleged financial reporting fraud. Enron overstated its earnings by more than $580 million from 1997 to 2001, and then in 2001's third quarter posted a $638 million loss.
An SEC investigation soon after discovered Enron's infamous special purpose entities, or off-balance sheet partnerships, were allegedly used to defraud investors. In the past year, fraud indictments were handed out to former Chair and CEO Kenneth Lay, former COO Jeffrey Skilling, former chief accounting officer Richard Causey, and several other executives.
WorldCom's alleged fraud was not as complex, but was historic in its size -- $11 billion. The telecommunications giant's former CEO Bernard J. Ebbers and former CFO Scott Sullivan have been charged with fraud, conspiracy and making false regulatory filings. As part of a plea-bargain agreement, Sullivan pleaded guilty in exchange for testifying for the federal government against Ebbers.
They have been accused of a revenue recognition scheme from September 2000-July 2002 that greatly inflated company earnings to meet Wall Street targets.
Enron is a small shell of its former self; MCI recently announced that Verizon was buying the former telecom giant.
"In the case of WorldCom, revenue was coming in too low," Glynn says. "There was a quarter where the company was missing its earnings target. They decided to take some expenses off the financial statement. So then the expenses were smaller and the net revenue was higher."
A key to detecting any type of financial reporting fraud is to look for red flags, industry observers say. These red flags may include low employee morale, employee turnover in the accounting department, pressure to meet unrealistic financial targets and infighting among top management.
"The audit committee should encourage the right tone at the top, and be sure that any potential 'red flags' are explored and resolved to the audit committee's satisfaction," says Scott A. Reed, a partner with KPMG's Audit Committee Institute.
Those red flags serve as leads for forensics professionals, who can follow an electronic trail of company and personal e-mail to track alleged wrongdoers.
"In all the years I've been doing this," says KPMG's Hand, "I can say about 90 percent of the [fraud] cases have turned on electronic data. E-mail traffic is what gets people."
posted by Brian Moran @ 10:06 AM
Tuesday, March 08, 2005
Oversight Over Financial Controls
Oversight Systems has released the 3.0 edition of its software, which specializes in what the company calls "transaction integrity monitoring."
These days, the most obvious application for such software would seem to be for
compliance purposes, and indeed Oversight gets a lot of business driven by the Sarbanes-Oxley Act (SOX). But, as Oversight Systems likes to point out, a system installed to meet a compliance requirement can have ongoing strategic value.
In the case of Oversight Systems, this value comes from the product's ability to catch financial irregularities generally, be they cases of outright fraud or simple mistakes.
Chris Rossie, VP of business development for Oversight Systems, explains further. "We come with pre-programmed integrity checks, with the reasoning that auditors and fraud examiners use," he says "It's a series of tests that determines whether something is worth further examination."
Oversight implements this approach by mapping processes (e.g. customer and vendor creation) and making sure that every step in a given process is regular. Rossie stresses that Oversight can catch things that can't usually be found within the content of an enterprise resource planning (ERP) system. For example, Oversight can identify a single order that an ERP order will read as two or more orders (with, for example, a -01 added to the original).
Oversight also catches problems outside ERP. Rossie tells the story of one customer in particular. "Someone did a bulk data loaded that changed a vendor name and address to that of an employee," he recalls. "After the check run, they changed it back to the original vendor name. That occurred outside the ERP system." Still, Oversight, which has no problem working with historical and forensic data, had no problem identifying just what had gone on in this case.
Oversight provides its own portal in which users can examine irregularities in real-time. The company also has a reporting tool.
posted by Brian Moran @ 9:45 AM
Monday, March 07, 2005
Oversight 3.0 Expands Continuous Monitoring to Order-to-Cash and Financial Accounting & Reporting
Fortune 1000 reduce their compliance costs and drive tangible business benefits
ATLANTA – March 7, 2005 – Oversight Systems Inc. today announced the launch of Oversight 3.0, which extends its transaction integrity monitoring solutions for the order-to-cash and financial accounting & reporting business processes. As a virtual auditor, Oversight continuously monitors 100 percent of the transactions and business activities in financial systems in real time to evaluate the compliance of every transaction and prevent losses associated with errors, misuse and fraud.
"Most executives aim to minimize their ongoing SOX compliance costs, but progressive companies recognize the potential to improve their businesses in the process," Oversight Systems CEO Patrick Taylor said. "Oversight automates the analysis and testing steps in an audit, which reduces Sarbanes Oxley monitoring and testing expenses. Oversight's real-time analysis prevents costly errors within procure-to-pay, order-to-cash, and financial accounting & reporting processes."
For more than a year, Fortune 500 companies have relied on Oversight for real-time validation of their procure-to-pay transactions. The order-to-cash and financial accounting & reporting capabilities in Oversight 3.0 identify suspicious transactions and control exceptions, such as:
Unauthorized discounts and credits
Unauthorized write-offs for receivables
Shipments without invoices
Segregation of duties violations
Duplicate journal entries
Invalid journal entries to an account
Misclassified general ledger adjustments
"Increase investment in technologies that automate testing your internal controls," said John Hagerty, vice president of research at AMR Research. "Key technologies can reduce the cost of SOX compliance upwards of 25 percent, as compliance has been a mostly manual, people-intensive process. Most companies cannot (and should not) maintain this level of manpower, though the need for compliance will not shrink. Without new technology, companies will continue to overspend on internal employees and external consultants; manual processes also lead to higher external audit costs."
In automating the testing and analysis of auditors and fraud examiners, Oversight continuously monitors the business processes and all underlying transactions that drive financial reporting. The Oversight Controls Library links an organization's key risks and controls with specific audit tests. These tests, or Integrity Checks, encapsulate the best practices of auditors and fraud examiners, which are applied to every transaction.
Oversight captures and logs all activities, transactions and alerts in its Secure Audit Lockbox, which maintains a record of each step of every transaction. Oversight delivers more than 100 packaged reports for compliance and day-to-day operational requirements. Users can also create their own customized reports using either the Oversight interface or third-party reporting tools.
About Oversight Systems, Inc.
Oversight Systems is the leading provider of independent, automated transaction integrity monitoring solutions. By combining the expertise and experience from security, fraud, audit and enterprise software development professionals, Oversight Systems is redefining how enterprises satisfy Sarbanes-Oxley compliance requirements and enabling corporations to gain substantial returns from their compliance investments. For more information about Oversight visit www.oversightsystems.com.
posted by Brian Moran @ 9:56 AM
Thursday, March 03, 2005
Accounting rule exposes problems, stirs debate
More than 500 public companies have reported deficiencies with their internal accounting controls under a controversial new federal rule -- a figure sure to feed the continuing debate about the cost and usefulness of recent efforts to strengthen corporate governance.
To backers, the volume of disclosures demonstrates that the new rule, part of the 2002 Sarbanes-Oxley corporate-accountability law, is pushing a lot of U.S. companies into line. But business groups complain that it's costing them a lot of money and effort to turn up deficiencies that in most cases are inconsequential.
The rule, section 404 of Sarbanes-Oxley, requires companies to assess the internal controls they have in place to ensure their financial reporting is accurate and reliable -- and requires accounting firms to vouch for those controls.
A Wall Street Journal review of about 50 of the public filings shows that the reported weaknesses range from minor issues that are easily correctable to larger problems that may require restating past financial results. Among problems turning up are a lack of specialized accounting expertise, unfettered employee access to some financial systems, problems identifying when certain assets need to be written off and difficulty in tracking and reporting costs.
Many of the problems have been reported by small- and medium-sized companies, but among the biggest to report some deficiency in internal controls are McAfee Inc., SunTrust Banks Inc., Eastman Kodak Co. and Toys "R" Us Inc. Securities and Exchange Commission officials say more disclosures are expected. Some companies have seen their stocks drop after disclosing deficiencies, but some have seen no reaction at all.
While the rule only requires companies to disclose material weaknesses in their annual reports, many companies have begun alerting investors about deficiencies and potential problems. The rule is intended as a disclosure mechanism to alert investors about problems, but companies could face SEC action if they report serious deficiencies or if they fail to disclose serious shortcomings.
"The internal-control disclosure requirement has the potential to provide the greatest long-term benefit in financial reporting," said Alan Beller, SEC's director of corporation finance.
Defenders say the disclosures stem from tougher auditing standards set by accounting firms embarrassed after recent financial frauds at Enron Corp., WorldCom Inc. and other companies.
"Auditors are no longer going to provide any type of flexibility to management," said Chris Mears, a partner with Rothstein Kass, an accounting and consulting firm.
But many executives call the rule onerous and say it is fattening the bottom lines of accounting firms while costing other companies billions of dollars.
Financial Executives International, a membership and advocacy group for financial executives, claims companies will spend an average of $3 million apiece to comply with the rule. Companies with more than $5 billion in revenue are expected to spend about $8 million on average, while companies with less than $100 million in revenue are expected to spend about $550,000 on average. Annual costs are expected to drop after the first year or two of the rule's implementation.
"I believe the external auditors are exceeding the intent of 404," said Alex Davern, finance chief for National Instruments Corp. and chairman of American Electronics Association's SOX 404 committee.
Mr. Davern says external auditors are requiring companies to pay for things that won't prevent fraud. "We had to pay an auditor to come to a meeting to prove the meeting took place," he said. He is lobbying regulators to tailor the rules for different-sized companies, thus softening the requirements for smaller firms.
Under the rule, management must conduct its own look at everything from who can access sensitive financial data to how many accountants a company has on staff, all to ensure that the data on its financial reports is accurate. After a company's managers review internal controls, its externanducted. They say companies' costs stem not from aggressive auditing, but from the rule's requirement that companies pay for two reviews.
"There's somewhat of a dual track of work that's going on, which leads to some perception of a lot of cost being incurred, but we are as auditors bound" by the accounting board's standard, said Bob Dohrer, an accountant with McGladrey & Pullen LLP and a member of the American Institute of Certified Public Accountants' SOX 404 task force.
Because the rule is so new, he said, auditors have no choice but to strictly adhere to the accounting board's standard, he said. "We struggle internally with the fact that, not having gone through this before, how much room do you have to interpret certain provisions?" he said. "And at the end of the day it comes back to the words" established by the accounting board.
Still, SEC Chairman William Donaldson recently said that while he supports the regulation, it may need some fine-tuning and announced a public roundtable on the rule for April 13. SEC Commissioner Cynthia Glassman, a Republican who has at times clashed with Mr. Donaldson, said she's concerned that the rule may have resulted in auditors -- rather than management -- dictating how companies think about internal controls.
Some firms have said they plan to go private to avoid compliance with section 404 and other Sarbanes-Oxley rules. Among them are Paul Mueller Co., a manufacturing firm; Ohio Art Co., which makes Etch-A-Sketch; and ShoLodge Inc., which owns and operates Shoney's Inns. All have announced plans to deregister their securities, saying the costs of operating as a public company -- including complying with Sarbanes-Oxley -- have gotten too high.
For some companies, the problems uncovered have constituted a "material weakness," which means there are one or more significant deficiencies that result in "more than a remote likelihood that a material misstatement in the company's annual or interim financial statements will not be prevented or detected."
Last month, Eastman Kodak disclosed errors in its income-tax accounting and said it expected its auditor, PricewaterhouseCoopers, to issue an "adverse opinion" on its internal controls. The company was only able to report preliminary results for the fourth quarter and said "adjustments may result" after an analysis of its income tax accounting is completed. Despite the disclosure, Kodak's stock rose after the announcement, which analysts attributed to positive comments the company made simultaneously about its operations.
Some companies have said they plan to restate based on errors identified during reviews of their internal controls. Terex Corp., which manufactures construction-related and other equipment, said last month it would restate full-year earnings for 2001 to 2003 after discovering "imbalances" in certain company accounts. The company said the need to restate "arose primarily from the company's failure to properly record certain inter-company transactions." The change isn't expected to be material, and Terex's stock dropped 39 cents, or less than 1 percent, after the disclosure.
Tom Gelston, director of investor relations at Terex, said Terex had replaced an "antiquated" financial-reporting system in order to comply with Sarbanes-Oxley and that the new system revealed the problems. "Getting ready for the internal controls review helped discover this," Mr. Gelston said.
Navistar International Corp., a holding company that makes trucks and engines and has a finance arm that provides financing for trucks in the U.S. and Mexico, said an evaluation of its internal controls found "weaknesses in the disclosure controls and procedures within the company's finance subsidiary." In particular, Navistar said it had used improper accounting for the securitization of some loans. The company also identified a "lack of sufficient specialized" accounting personnel. Navistar has said it plans to restate financial results for fiscal 2002 and 2003 and the first three quarters of fiscal 2004 because of the accounting error. Some results will be adjusted upward, some downward.
To be sure, accounting firms are expected to see a big jump in revenue from the rule. Mr. Mears said audit costs are expected to increase 30 percent to 40 percent this year for companies with between $50 million to $500 million in revenue.
But Raymond Beier, a partner with PricewaterhouseCoopers, said auditors are doing what's required under Sarbanes-Oxley and that companies can benefit by systematically reviewing their internal controls.
"Auditors are trying to do the best job they can," he said. "Sarbanes-Oxley and 404 are first and foremost aimed at restoring investor confidence and improving the reliability of financial reporting. To that end, compelling companies to look more deeply at their financial reporting can certainly create the right environment for reducing the risk of fraud."
posted by Brian Moran @ 8:40 AM
Wednesday, March 02, 2005
Ex-CFO says Scrushy feared suits, refused to lower expectations
BIRMINGHAM, Ala. (AP) — Fired HealthSouth Corp. CEO Richard Scrushy repeatedly insisted on artificially inflated earnings because he feared an honest report of low revenues would prompt shareholder lawsuits, a former executive testified.
Mike Martin, the third former chief financial officer to tie Scrushy to the fraud, spent his second day on the stand Tuesday. Martin said that Scrushy demanded inflated reports in 1998 because he and Martin had sold millions in stock, and Scrushy didn't want to get sued if stock prices fell.
"Every time I would push to lower expectations, I'd get slapped back and he'd say, `We can't, we sold stock last year,'" said Martin, one of 15 former executives to plead guilty in the scam.
Scrushy finally agreed to lower the company's earnings expectations and came up with a story to hide the change, Martin said, but only after the window for shareholder suits had closed.
Prosecutors claim Scrushy was behind a conspiracy to overstate HealthSouth earnings by some $2.7 billion from 1996 through 2002, getting rich off salary, bonuses and stock sales as stock prices remained artificially high.
The defense argues that Martin and other former executives who pleaded guilty pulled off the fraud on their own in a bid to earn promotions and make more money.
Scrushy, HealthSouth's primary founder, knew all about the fraud and told underlings, "You know what to do" when the rehabilitation chain failed to meet Wall Street expectations by 16 cents a share in early 1998, Martin testified.
Martin described his personal anguish when assistant controller Ken Livesay called him a few months later to report that HealthSouth was actually losing money, something that hadn't happened before.
"I realized I was in way over my head at that point," said Martin. "I remember sitting there with my head in my hands after I got off the phone with Ken thinking, `Dear God, how am I going to get out of this?'"
Seated just a few feet from Scrushy, Martin glanced around the courtroom and occasionally stared at the ceiling as he testified.
Jurors at first appeared to pay close attention to Martin, who has a reputation for a bad temper and seemed to chafe at times under friendly questioning from prosecutor Richard Smith. Previous testimony showed Martin punched a co-worker who quit HealthSouth rather than get involved in the fraud.
But testimony slowed to a crawl as Smith had Martin go through financial statements and budget documents for 1999, explaining how HealthSouth's "real" numbers showed the company earning 56 cents a share after Scrushy had promised analysts as much as $1.29 per share.
Martin described Scrushy as being heavily involved in corporate finances, undercutting defense claims that Scrushy was unaware of the fraud.
Scrushy was familiar enough with the company's operations to discuss the performance of individual HealthSouth facilities at executive meetings, according Martin. He also approved all the company's earnings statements before they were made public, said Martin.
"He would make changes. He would edit it," said Martin.
With HealthSouth about $71 million short of projected revenues at one point, Martin testified he told Scrushy the company either had to make a large acquisition or lower its earnings guidance to Wall Street.
"(Scrushy) was extremely resistant to lowering Wall Street estimates. He said, `We can't lower estimates,'" Martin said.
Scrushy is on trial on charges of conspiracy, fraud, money laundering, obstruction of justice and perjury. He also is accused of false corporate reporting in the first case of a CEO being charged with violating the Sarbanes-Oxley Act.
If convicted, Scrushy could be sentenced to what amounts to a life term and have to give up as much as $278 million in assets including homes, cars, art, jewelry and accounts.
posted by Brian Moran @ 8:36 AM
Tuesday, March 01, 2005
Third Former CFO Links Scrushy to Fraud
Fired HealthSouth Corp. CEO Richard Scrushy was impressed by the fraudulent ingenuity of other executives and approved their plan to overstate earnings at the rehabilitation center operator, a third former finance executive testified.
Mike Martin said Scrushy was pleased with a plan by Martin and former finance chief Bill Owens to wrongly put $300 million of HealthSouth expenses on the books of Horizon CMS during a merger in 1997. The transaction helped further the scheme to overstate earnings, Martin said Monday.
"He said, 'Damn, you guys are good,'" Martin said. Martin is one of 15 former HealthSouth executives to plead guilty to the fraud.
That same year, Martin said, he and Scrushy sold millions worth of HealthSouth stock despite knowing the company was "significantly missing Wall Street expectations." Martin said he got rid of $3 million worth of shares, and Scrushy sold more than $100 million in stock.
"Even though we knew we were committing fraud, we felt it was important to keep the stock price up for at least a year" to avoid shareholder lawsuits, said Martin, with Scrushy seated just a few feet away at the defense table.
Martin's testimony came late in the day at the start of what will likely be an extended stay on the witness stand. The defense will cross-examine him later.
Owens and HealthSouth's first CFO, Aaron Beam, previously testified that Scrushy was part of what prosecutors describe as a conspiracy to overstate earnings by some $2.7 billion for seven years beginning in 1996. Owens and Beam also have pleaded guilty.
The defense claims the former CFOs and other subordinates used lies to hide the fraud from Scrushy, allowing them to earn more money as they climbed the corporate ladder.
Before Martin began testifying, another prosecution witness put the fraud into military terms, describing Scrushy as the powerful commander in chief of a rehabilitation chain relying on "covert operations" to meet Wall Street forecasts.
"It was just inconceivable that something this massive was going on without his knowledge," said Ken Livesay, a former assistant controller who pleaded guilty.
The depiction was at odds with defense attempts to portray Owens as the mastermind of the conspiracy.
Under prosecution questioning, Livesay described Scrushy as an intimidating leader no one would cross. Scrushy worked hard, was "incredibly talented and gifted" and could "achieve anything he set his mind to," Livesay said.
"Mr. Scrushy was the commander in chief. He had some generals who reported to him, and he had some captains, and he had a lot of lieutenants. I was a lieutenant," said Livesay.
Livesay said his role in the fraud - finding accounts in which to hide millions in bogus numbers each quarter - amounted to "covert operations."
"When something came to me, I had no reason not to believe it wasn't coming from the commander," said Livesay.
Defense lawyer Art Leach challenged Livesay's military comparison, pointing out that Livesay had access to Scrushy - something no lieutenant has with the president. Leach also referred to the My Lai massacre of 1968, in which U.S. troops claimed they were following orders when they killed more than 300 civilians in Vietnam.
"Are you aware an illegal order does not have to be carried out by the troops?" Leach asked.
"I am aware of that," said Livesay, who spent four days on the stand.
In cross-examination of Livesay, Leach brought out that it was Owens who first came up with the idea of inflating HealthSouth's fixed-asset accounts as an audit loomed.
"We had run out of ideas," said Livesay. "We had a problem on the balance sheet of more than $400 million if we were going to make it through that audit."
To make it possible to hide fraud in fixed-asset accounts, Livesay said, Owens brought more people into the conspiracy.
Livesay said he briefly served as a director of a charitable organization that got $50,000 from Scrushy and some $400,000 from city and state governments, but he was "fired" after questioning whether the foundation's money was being wrongly used for personal and political expenditures.
Free on $10 million bond, Scrushy is accused of conspiracy, fraud, money laundering, obstruction of justice, perjury and false corporate reporting in the first case of a CEO being charged with violating the Sarbanes-Oxley Act.
Scrushy could receive what amounts to a life sentence and have to forfeit as much as $278 million in assets if convicted.
posted by Brian Moran @ 9:16 AM