The perils of failing to take internal controls seriously

by Cydney Posner

Here’s a warning shot across the bow from the SEC to take internal controls –- and representations regarding the same — very seriously. You’ll recall that SOX 404 and related rules instituted a new regime regarding reporting and evaluation of internal control over financial reporting (ICFR), including a requirement that each company’s CEO and CFO participate in an evaluation of ICFR, report on the effectiveness of the company’s ICFR and provide certifications regarding responsibility for ICFR and disclosure of deficiencies and weaknesses to auditors.

In this case, the SEC charged a CEO with stating that he participated in the ICFR evaluation, when, in fact, the SEC alleges, he did not participate and was not even familiar with the COSO framework used for the evaluation.  (Sidebar: I wonder how often that happens?)  The CFO was even charged with misrepresenting in the management’s report on ICFR regarding the CEO’s participation in the ICFR evaluation.  Both the CEO and CFO were also charged with falsely certifying that they had designed ICFR to provide reasonable assurances and disclosed all significant deficiencies and weaknesses in ICFR to the outside auditors; meanwhile, the SEC alleges, there were material problems with inventory controls along with deliberate actions by the CEO to improperly accelerate the recognition of inventory and accounts receivable (for the purpose of increasing the company’s borrowing base under the much-needed company’s credit facility), resulting in inaccurate books and records. There were also allegations that the CEO and CFO made material misrepresentations in their management rep letters to the auditors and that the company’s discussion of its critical accounting policy regarding inventory was materially inaccurate.

According to the SEC, these internal control deficiencies were intentionally hidden from the outside auditors and continued for over a year until the company eventually filed for bankruptcy. Nevertheless, it appears that these manipulations of inventory and receivables did not affect the company’s reported results or financial condition: the CFO was “not aware of any acceleration of accounts receivable or inventory from one public reporting period to another that would have materially affected the accuracy of the financial statements.”  While the SEC’s order states that acceleration of recognition of receivables “would have had the effect of improperly increasing revenue by a commensurate amount” (emphasis added), there was no charge that it actually did so nor, remarkably, was there any other typical financial statement fraud allegation.  Rather, the focus here is squarely on ICFR. According to an Enforcement AD, “Corporate executives have an obligation to take the Sarbanes-Oxley disclosure and certification requirements very seriously. [The CEO and CFO] flouted these regulatory requirements and misled investors and external auditors in the process.”  The CFO has settled with the SEC for a fine of $23,000 and a five-year bar; the CEO, however, is heading into litigation before an administrative law judge.

Comments Off on The perils of failing to take internal controls seriously

Filed under Corporate Governance, Securities

Comments are closed.