Are springing penalties a thing? SEC charges Plug Power with accounting, reporting and control failures
In this Order, the SEC brought settled charges against Plug Power, Inc., a provider of green hydrogen and hydrogen-fuel-cell solutions, for financial reporting, accounting and controls failures in connection with a variety of the Company’s complex business transactions. The failures required Plug to restate its financial statements for several years. In the restatement, Company management identified a material weakness in internal control over financial reporting and ineffective disclosure controls and procedures, allegedly “due to Plug Power’s failure to maintain a sufficient complement of trained, knowledgeable personnel to execute their responsibilities for certain financial statement accounts and disclosures. Despite these control deficiencies, the Company raised over $5 billion from investors during the relevant Filing Period.” According to the SEC, Plug’s “material weakness in ICFR and ineffective DCP have not been fully remediated,” and the Company is continuing its remediation efforts. Plug agreed to pay a civil penalty of $1.25 million and to implement a number of undertakings, including an undertaking “to fully remediate the Company’s material weakness in ICFR and ineffective DCP within one year” of the SEC’s Order. Should Plug fail to comply with those undertakings, the Company will be required to pay a “springing penalty,” an additional civil penalty of $5 million.
In this Statement, The Importance of a Comprehensive Risk Assessment by Auditors and Management, SEC Chief Accountant Paul Munter cautions auditors and company managements against conducting risk assessments that focus too narrowly “on information and risks that directly impact financial reporting, while disregarding broader, entity-level issues that may also impact financial reporting and internal controls.” Similarly, auditors and managements may sometimes dismiss isolated incidents, perhaps as a result of confirmation bias, without adequately analyzing whether these issues might be indicative of larger issues that require responsive action and disclosure. Munter warns that “[s]uch a narrow focus is detrimental to investors as it can result in material risks to the business going unaddressed and undisclosed, thereby diminishing the quality of financial information.” Management, Munter warns, must “take a holistic approach when assessing information about the business and avoid the potential bias toward evaluating problems as isolated incidents, in order to timely identify risks, including entity-level risks.” Managements and audit committees may want to take note.
You probably recall that, under SOX 404(b), all public reporting companies, other than non-accelerated filers and EGCs, are required to obtain an auditor attestation regarding the effectiveness of their internal control over financial reporting. SOX 404(a) requires all public reporting companies, including non-accelerated filers, to provide an assessment of ICFR by management. An analysis by Audit Analytics of SOX 404 reporting on ICFR over 14 years showed that the number of adverse auditor attestations—auditor attestations indicating ineffective ICFR— followed different trend lines than management-only assessments.
by Cydney Posner Here’s a warning shot across the bow from the SEC to take internal controls –- and representations regarding the same — very seriously. You’ll recall that SOX 404 and related rules instituted a new regime regarding reporting and evaluation of internal control over financial reporting (ICFR), including […]