7
Mark S. Beasley, Joseph V. Carcello, and Dana R. Hermanson W ith rather fre- quent occur- rence, we read about another company’s financial reporting problems. Maybe the company was too aggressive in recording revenues, or the value of the assets was intentionally overstated on the bal- ance sheet. Almost immediately the stock price plummets. This often is followed by shareholder suits, bankruptcy, civil fines, and sometimes jail time for those involved. Investors are left wondering, How could this happen again? Executives and investors of other companies wonder, Could this ever happen to us? Yes, it could! Over the past few years, we have studied approximately 200 cases of financial statement fraud allegedly committed by U.S. public companies. Each of these instances was investigated by the Securities and Exchange Commission (SEC), and indi- viduals were cited for violating the antifraud provisions of the U.S. securities laws. Some of the companies involved are household names, such as Bausch & Lomb and ZZZZ Best, while others are relatively small and obscure. But despite the broad mix of companies committing fraud, in our research we have seen a fairly stable “fraud company profile” emerge, one that offers several important insights for preventing financial statement fraud. To explain those insights, first, we will describe a typical fraud company. Then we will reveal the four pillars that we believe support ethical financial reporting in organizations—and show you how to strengthen them. Our goal is to lay out some clear “dos” and “don’ts” that may minimize opportunities for fraud, to help keep your company out of trouble—with the SEC, your shareholders, and the business press. A TYPICAL “FRAUD COMPANY” In our recent monograph, Fraudulent Financial Reporting: 1987–1997, An Analysis of U.S. Public Companies (Beasley et al., 1999), we analyzed the char- acteristics of approximately 200 financial statement fraud cases affecting U.S. public companies to learn about the nature of the companies involved, the size and techniques related to those frauds, the parties involved, and the effects of the frauds. In this analysis, a fairly consistent pat- You think it can’t happen to you. But so did more than 200 companies, slammed hard by the SEC for reporting fraud. Almost immediately, company stock prices plummeted—followed by sharehold- er lawsuits, bankruptcy, civil fines, and even jail time for some execs. However, say the authors, those companies could have saved themselves— by focusing on four key areas. Here are some clear “dos” and “don’ts” you can’t afford to ignore. © 2001 John Wiley & Sons, Inc. Financial Reporting Fraud: Could It Happen to You? f e a t u r e a r t i c l e 3 © 2001 John Wiley & Sons, Inc.

Financial Reporting Fraud: Could It Happen to You?

Embed Size (px)

Citation preview

Page 1: Financial Reporting Fraud: Could It Happen to You?

Mark S. Beasley, Joseph V. Carcello, and Dana R. Hermanson

With rather fre-quent occur-rence, we

read about anothercompany’s financialreporting problems.Maybe the companywas too aggressive inrecording revenues, orthe value of the assetswas intentionallyoverstated on the bal-ance sheet. Almostimmediately the stock priceplummets. This often is followedby shareholder suits, bankruptcy,civil fines, and sometimes jailtime for those involved.Investors are left wondering,How could this happen again?Executives and investors of othercompanies wonder, Could thisever happen to us?

Yes, it could!Over the past few years, we

have studied approximately 200cases of financial statementfraud allegedly committed byU.S. public companies. Each ofthese instances was investigatedby the Securities and ExchangeCommission (SEC), and indi-

viduals were cited for violatingthe antifraud provisions of theU.S. securities laws. Some ofthe companies involved arehousehold names, such asBausch & Lomb and ZZZZBest, while others are relativelysmall and obscure.

But despite the broad mix ofcompanies committing fraud, inour research we have seen a fairlystable “fraud company profile”emerge, one that offers severalimportant insights for preventingfinancial statement fraud.

To explain those insights,first, we will describe a typicalfraud company. Then we willreveal the four pillars that we

believe support ethicalfinancial reporting inorganizations—andshow you how tostrengthen them.

Our goal is to layout some clear “dos”and “don’ts” that mayminimize opportunitiesfor fraud, to help keepyour company out oftrouble—with the SEC,your shareholders, and

the business press.

A TYPICAL “FRAUD COMPANY”

In our recent monograph,Fraudulent Financial Reporting:1987–1997, An Analysis of U.S.Public Companies (Beasley etal., 1999), we analyzed the char-acteristics of approximately 200financial statement fraud casesaffecting U.S. public companiesto learn about the nature of thecompanies involved, the size andtechniques related to thosefrauds, the parties involved, andthe effects of the frauds. In thisanalysis, a fairly consistent pat-

You think it can’t happen to you. But so did morethan 200 companies, slammed hard by the SECfor reporting fraud. Almost immediately, companystock prices plummeted—followed by sharehold-er lawsuits, bankruptcy, civil fines, and even jailtime for some execs. However, say the authors,those companies could have saved themselves—by focusing on four key areas. Here are some clear“dos” and “don’ts” you can’t afford to ignore.

© 2001 John Wiley & Sons, Inc.

Financial Reporting Fraud: Could ItHappen to You?

featu

reartic

le

3© 2001 John Wiley & Sons, Inc.

Page 2: Financial Reporting Fraud: Could It Happen to You?

tern emerged, one that webelieve provides a basis for pre-venting fraudulent financialreporting.

What does a fraud companylook like? As noted in Exhibit 1,“Fraud Company Profile,” com-panies committing financialfraud usually are quite small,often with revenues and assetswell under $50 million. Many ofthese companies are in volatileand complex industries, such astechnology, health care, orfinancial services. And abouthalf of them were experiencingnet losses or were nearbreakeven positions in periodsleading up to the fraud.

Who commits the fraud?Overwhelmingly, the financialfrauds investigated by the SECgo to the top of the organiza-tion. Over 80 percent of the

time, the CEO and/or CFO isimplicated. The CEO/founderappears to be a very powerfulindividual in these companies,often with significant stockownership. The top executives’positions allow them to overrideexisting internal controls and toinfluence subordinates to perpe-trate the fraud.

What about the board andaudit committee, who should bemonitoring the CEO and CFO?The boards and audit committeesof fraud companies are extreme-ly weak. The boards are domi-nated by insiders and others withties to the company, and theboards as a whole have very fewmembers with other board expe-rience. The audit committeesusually meet only once per year,and most of the members haveno background in accounting or

finance. Board and audit com-mittee members often have sig-nificant stock holdings. Clearweaknesses in board and auditcommittee governance make itpossible for overly aggressivesenior executives to unethicallymanipulate financial statementswithout detection.

What financial games docompanies play? One commonfraud technique is overstatingrevenues by recording legitimaterevenues too early or by record-ing fictitious revenues.Premature revenue recognitionoften involves conditional sales,side agreements, improper salescutoff, or unauthorized ship-ments. The other primary fraudmethod is overstating assets,either by recording existingassets at inflated levels or byrecording fictitious assets. Theasset accounts most commonlymisstated are inventory andaccounts receivable. Many of thefrauds begin in quarterly finan-cial statements and later affectannual statements.

What happens to these com-panies? Generally, the outcomeis extremely unfavorable.Nearly half of fraud companiesare bankrupt or defunct withina few years after the fraud isuncovered.

It’s a risk you can’t afford totake. But how can you protectyourself? The answer is that youmust strengthen four key areas.

THE FOUR PILLARS

Previous research in fraud(Loebbecke & Willingham,1988) suggests that most fraudincidents involve three factors(e.g., the “fraud triangle”)—motive, opportunity, and rational-ization. The fraud perpetratormust have a motive to committhe fraud. In the case of fraudu-

4 The Journal of Corporate Accounting & Finance

© 2001 John Wiley & Sons, Inc.

Fraud Company Profile

Companies committing financial statement fraud often fit the following profile:

• Small to mid-size, less than $50 million in revenues or assets• Often are in a net loss or a breakeven position in the period prior to

the beginning of the fraud• Concentrations in technology, healthcare, and financial services

industries• CEOs and CFOs are involved in the fraud• Founder/CEO appears to dominate the organization• Boards and audit committees are very weak, own significant share

of the company• The company manipulates revenues and/or assets; some frauds

involve only disclosures• There are dire consequences for the company, often bankruptcy

Source: Beasley, M.S., Carcello, J.V., & Hermanson, D.R. (1999). Fraudulent financial reporting:1987–1997, an analysis of U.S. public companies. New York: COSO.

Exhibit 1

Page 3: Financial Reporting Fraud: Could It Happen to You?

lent financial reporting, thismotive is often a desire for per-sonal gain. The second elementof the fraud triangle is opportuni-ty. For example, the opportunityto commit fraud is greater whenthe entity’s controls are deficientin design and/or in operation.Finally, most fraud perpetratorsneed to rationalize their behavior.This rationalization ofteninvolves the perpetrator convinc-ing himself or herself that someindividual, group, or entity owesthe perpetrator something. Theability to rationalize fraudulentbehavior is obviously easier forsome individuals than for others.

Based on our financial fraudresearch, we have identified fourpillars that we believe supportethical financial reporting, andthat relate to the three elementsin the fraud triangle. Each ofthese pillars is critical, and casesof financial fraud clearly high-light the dire consequences whenone or more of the pillars fail.

The first pillar of ethicalfinancial reporting, whichrelates to the fraud perpetrator’smotive for committing thefraud, is compensation andincentives. The second and third

pillars, which relate to the fraudperpetrator’s opportunity forcommitting the fraud, are gover-nance and controls. The fourthpillar, which relates to the fraudperpetrator’s opportunity forrationalizing the fraud, is cul-ture and people. (See Exhibit2.) Let’s examine each of thesepillars in turn.

Pillar #1: Compensation andIncentives

Providing appropriatefinancial incentives is a tremen-dous challenge for many organ-izations. If too much of thecompensation is fixed, thenemployees may not put forthsuperior effort. However, if toomuch of the compensation isvariable, then dysfunctionalbehaviors may result asemployees “do whatever ittakes” to meet targets. Strikinga balance in this area is critical.With respect to fraudulentfinancial reporting, we believethat there are two keys.

First, exercise caution toavoid the overuse of short-termfinancial measures as perform-

ance targets designed to motivatemanagers and employees. Whensuch targets are the organiza-tion’s overriding focus, employ-ees may resort to actions thatbenefit the current period’sfinancials, but harm the organi-zation in the long run. For exam-ple, employees may make unau-thorized shipments to customersat quarter-end in an effort tomeet a quarterly revenue target.Such behavior may help thecompany reach its current goal,but it also may damage impor-tant customer relationships. Inaddition, the next fiscal quarternow has had some revenues“borrowed” from it. As a result,the same personnel may engagein more extreme behavior (e.g.,falsifying sales) to meet the nextperiod’s goal. In fraud cases wehave studied, it was common tosee the level of wrongdoingescalate over time.

Second, watch for adverseincentives created by stock own-ership or stock options. Stockownership and stock optionshave very positive effects inmany situations, as they help toalign the incentives of manage-ment with those of the stock-

May/June 2001 5

© 2001 John Wiley & Sons, Inc.

Exhibit 2

Pillar #1

Compensation andIncentives• Short-term financial

measures• Stock ownership and

adverse incentives

Pillar #2

Governance• Board• Audit committee• Auditors

Pillar #3

Controls• Quarterly and

annual F/S• Disclosures• Management pres-

sure• Unique settings

(M & A)

Pillar #4

Culture and People• Philosophy• Ethical screening in

hiring• Ethical training

Ethical Financial Reporting

Page 4: Financial Reporting Fraud: Could It Happen to You?

holders. We believe, however,that stock-based compensationcan go too far and can result inadverse behaviors when thestakes become too high. Ouranalysis of fraud cases revealedthat, on average, the directorsand officers owned approximate-ly one-third of the companies’stock, and the CEO alone oftenowned nearly 20 percent of thecompany.

There may be concernswhen the CEO has a significantportion of his or her personalwealth in the form of companystock. Missing an earnings targetby a few pennies pershare could result intremendous paper lossesfor such an individual. Asthe quarterly financialsare prepared and difficultjudgments are made, wequestion whether such aperson can be too easilyinfluenced by the personalfortune at stake. Similarly, wequestion whether audit commit-tee members, who are responsi-ble for financial oversight of thecompany, can own too muchstock. If their stock ownershiplevels become too high, theremay be an inherent conflict ofinterest between short-termpreservation of personal wealthand appropriate financial report-ing. In numerous fraud cases weobserved, the perceived short-term gains in stock appreciationachieved through falsified finan-cial results apparently out-weighed the perceived risks ofdetection.

When stock-related compen-sation is recognized to be a sig-nificant portion of an individual’spersonal worth, the importanceof creating an environment orculture (see pillar #4) emphasiz-ing quality financial reportingmay be one of the most effective

deterrents to unethical behavior.Surrounding these individualswith continual messages thatemphasize quality financialreporting may be the key to pre-venting the initiation of any inap-propriate reporting. Additionally,the personal behaviors andlifestyles of senior executivesshould be reviewed on a periodicbasis to ensure that senior execu-tives are not living above theirmeans, and to identify any otherpersonal situations that may pro-vide a motive for engaging infraudulent financial reporting.

Pillar #2: Governance

With the right compensationand incentives in place, we nowturn our attention to the gover-nance structure. There are threecritical players in financialoversight, each of which war-rants attention.

First, our research and sever-al other studies indicate thatweak boards are associated withcompanies cited for financialfraud. Given that boards ofdirectors are often viewed as theultimate internal control mecha-nism responsible for monitoringthe activities of senior manage-ment, it is not surprising toobserve frauds being orchestrat-ed from the senior executivesuite without detection when anineffective board or audit com-mittee is in place.

Therefore, we believe that itis critical to build an independ-

ent, expert, and diligent board ofdirectors in order to effectivelymonitor the actions of top man-agement. By independent, wemean a board with a majority ofdirectors who have no tie to thecompany or to managementother than their service as direc-tors. This helps to ensure arm’s-length, objective oversight of thecompany. Expertise and dili-gence are personal characteris-tics of directors that also arecentral to effective oversight.Expertise can reflect one’sknowledge of a specific func-tional area or industry, or it may

reflect one’s extensive expe-rience as a board member.Diligence refers to prepared-ness for meetings, atten-dance, and inquisitiveness.Management teams whoview the board as an impor-tant internal control mecha-nism should seek to supportthose boards by providing

them with top quality, pertinentinformation that will enable theboard to assist management inits oversight activities.

Second, a group moredirectly involved in financialoversight is the audit commit-tee. Audit committees of fraudcompanies generally lack finan-cial expertise, and they rarelymeet. As a result, it is especiallycritical to build an independent,expert, and diligent audit com-mittee. Audit committees shouldbe composed solely of inde-pendent directors, and the auditcommittee members should pos-sess financial expertise to allowthem to understand the report-ing issues facing the company.We believe that individuals withsignificant work experience inaccounting, finance, or auditingare the prime candidates foraudit committee service. Theaudit committee also must be

6 The Journal of Corporate Accounting & Finance

© 2001 John Wiley & Sons, Inc.

First, our research and several otherstudies indicate that weak boards areassociated with companies cited forfinancial fraud.

Page 5: Financial Reporting Fraud: Could It Happen to You?

given ample time and resourcesto perform its job—frequentmeetings, adequate staff sup-port, and private access to theinternal and external auditors.Audit committees also shouldnot be viewed as a foe to man-agement. Rather, they should beviewed as a key ingredient inthe company’s overall internalcontrol designed to ensuresound financial reporting.Senior management shouldassist and encourage its auditcommittee to help thecompany monitor fraudrisk and assess the like-lihood that incentivesand opportunities arepresent that might allowfraud to occur.

Finally, the externalauditor is key to thefinancial oversightprocess. When makingan external auditor selec-tion decision, the proposed auditengagement team’s commitmentto professional skepticism anddiligence are perhaps the twomost important auditor attributesto consider. Ultimately, yourgoal is to have an external audi-tor who possesses a healthyskepticism in dealing with man-agement—gathering adequateevidence and not relying tooheavily on management repre-sentations in the absence of cor-roborating evidence (for detailssee Beasley et al., 2000). Whenunusual items are noted, theaudit team must be free to takethe time needed to pursue theissues. Additionally, senior man-agement and the audit commit-tee should communicate regular-ly with the external audit teamabout weaknesses noted in inter-nal controls and about the audi-tors’ assessments of the compa-ny’s fraud risks as a way to con-tinually obtain information use-

ful in monitoring the likelihoodof financial reporting problems.

Regardless of the quality ofthe audit team and audit firm,one word of caution is in order.Even if your external auditor isof the highest quality, do not relytoo heavily on the auditor tocatch fraud. Many fraudschemes are extremely difficultto detect, even for the best ofauditors. The external auditorshould not serve as your soleline of defense against fraud.

Pillar #3: Controls

The third pillar is effectiveinternal controls. Based on ourresearch, we believe that fourspecific areas of control are par-ticularly important in preventingfraudulent financial reporting.

First, organizations need toimplement very tight controlsover quarterly financial report-ing. While most reputable com-panies have significant controlsin place to address annualreporting, the quarterly report-ing process often does notappear to receive the sameattention. Interestingly, many ofthe fraud cases we have studiedbegan in quarterly financialsand subsequently affectedannual statements. If controlsover quarterly reporting areweak, then unscrupulous per-sonnel may have the opportuni-ty to start a fraud that may bedifficult to detect in later peri-

ods. Specific areas of focusmay include revenue recogni-tion, asset valuation, new typesof transactions, and large,unusual transactions.

Second, companies need rig-orous controls over their publicdisclosure processes. A numberof companies we studied werecited for financial fraud solelyon the basis of materially mis-leading press releases and otherpublic disclosures. Care needs tobe taken to ensure that public

disclosures are fact-basedand consistent with thecompany’s current andexpected future perform-ance. Several layers ofreview may be needed toensure the appropriatenessof public disclosures.

Third, many of thecases we studied involvedfrauds orchestrated byhigher-level executives

who coerced lower-level per-sonnel to carry out the fraud.We believe that it is importantto give employees a “hot line”or other mechanism to use ifthey are being pressured fromabove to commit fraud. If thepressure is coming from a veryhigh level, then it may beappropriate for the audit com-mittee to be available to handlesuch situations.

Finally, several recentalleged fraud cases (e.g.,McKesson HBOC, Cendant)came on the heels of a companymerger or acquisition.Therefore, it is important forcompanies to realize that theycan “buy” a fraud problem. Intoday’s environment, we encour-age performing intense due dili-gence work, asking tough ques-tions, and looking for fraud riskfactors, such as problems withinthe four pillars, in acquisition ormerger targets.

May/June 2001 7

© 2001 John Wiley & Sons, Inc.

The third pillar is effective internalcontrols.

Page 6: Financial Reporting Fraud: Could It Happen to You?

Pillar #4: Culture and People

The final pillar of ethicalfinancial reporting is the compa-ny’s culture and the ethicalawareness of its people.Consider the following cultures.Company A’s mantra is “Failureis not an option. We meet thegoal—period.” If executivescome up short of their profitgoals, they are told to “go findthe profits.” This is the culturethat sets the stage for fraud.According to various mediaaccounts, this was the culture atPhar-Mor at the time of itsfraud.

Company B’s philosophy is“We set high goals, but it’s much

better to fail than to be dishonest.We will not tolerate ethicalbreaches.” When managers fail tomeet targets, they are not askedto go change the scoreboard.Rather, the company executives“sell” the value of integrity andcredibility to others in the organ-ization, and they try to create anenvironment in which bad newscan be shared early—reducingthe probability of game playinglate in the period. This kind ofoverall culture, which empha-sizes the importance of qualityand honesty, helps to minimizean employee’s ability to success-fully rationalize temptations thatmight be pulling him or hertowards unethical behavior.

A second important dimen-sion of this pillar is screeningpersonnel and potential hires onan ethical dimension. A varietyof validated tests can be used,and the company can attempt togather information from prioremployers and other referencesabout an individual’s ethicalstandards. Clearly, past viola-tions of company policies orlaws, as well as a cavalier atti-tude about controls, should bered flags. Extensive backgroundchecks for persons being consid-ered for top management posi-tions should address the person’sintegrity and ethical reputation.

Finally, organizations mayconsider formal, ethics-based

8 The Journal of Corporate Accounting & Finance

© 2001 John Wiley & Sons, Inc.

For Further Information

The following Web resources may be helpful to those interested in ethical financial reporting andeffective financial oversight:

COSO—Committee of Sponsoring Organizations of the Treadway Commission, www.coso.org, con-tains an Executive Summary of several COSO publications, including Fraudulent Financial Reporting:1987–1997, An Analysis of U.S. Public Companies (Beasley et al., 1999) and Internal Control—Integrated Framework.

NACD—National Association of Corporate Directors, www.nacdonline.org, contains information fromseveral publications, including the best practices guidance contained in the Report of the NACD BlueRibbon Commission on Audit Committees.

KPMG Audit Committee Institute, www.us.kpmg.com/auditcommittee, contains information for auditcommittee members and senior financial executives.

SEC—Securities and Exchange Commission, www.sec.gov, is an excellent source for current regula-tory developments, including independence rules, audit committee disclosure, materiality, selectivedisclosure, and revenue recognition.

AICPA—American Institute of Certified Public Accountants, www.aicpa.org, offers information primarilyfor public and private accountants.

Exhibit 3

Page 7: Financial Reporting Fraud: Could It Happen to You?

training programs. Such pro-grams may be useful in sensitiz-ing employees to the ethicalissues they may face, as well asemphasizing the organization’sbehavioral expectations in suchcases. We believe that industry-focused training is particularlyimportant, as such training canhighlight the ethical issues youremployees are most likely toface. This training should not beviewed as a one-time event.Rather, a continuous emphasison periodic ethical training isimportant for employees to suc-cessfully deal with emergingbusiness, industry, and technolo-gy changes and pressures thatmay increase temptations forinappropriate behavior.

PROTECTING YOURSELF

While fraud cases are rela-tively rare, the consequences areoften staggering. To aid in theprevention of financial statementfraud, we have described the typ-ical fraud company—and thenrevealed four pillars that webelieve support ethical financialreporting. To recap, we believethat companies with (a) reason-able levels/types of incentivecompensation and stock owner-ship, (b) solid governance, (c)good controls, and (d) the rightculture and people should sub-stantially reduce their exposureto fraudulent financial reporting.Finally, for further reading onthe topics in this article, as well

as a host of related currentissues, we encourage readers tovisit the Web sites described inexhibit 3, “For FurtherInformation.” So don’t think itcan’t happen to you. Take theproper steps to protect yourself.

REFERENCES

Beasley, M.S., Carcello, J.V., & Hermanson,D.R. (1999). Fraudulent financial report-ing: 1987–1997, an analysis of U.S. pub-lic companies. New York: COSO.

Beasley, M.S., Carcello, J.V., & Hermanson,D.R. (2000). Fraud-related SEC enforce-ment actions against auditors:1987–1997. New York: AICPA.

Loebbecke, J.K., & Willingham, J.J., Jr. (1988).Review of SEC accounting and auditingenforcement releases. Working paper,University of Utah.

May/June 2001 9

© 2001 John Wiley & Sons, Inc.

Mark S. Beasley, Ph.D., CPA, is an associate professor in the Department of Accounting at North CarolinaState University. He is currently serving on the Fraud Task Force 2000 and the Fraud Standard SteeringTask Force of the AICPA’s Auditing Standards Board. Joseph V. Carcello, Ph.D., CPA, CIA, CMA, is an asso-ciate professor and Stokely Scholar in the Department of Accounting and Business Law at the Universityof Tennessee. He is currently serving as the vice chair of the Auditing Standards Committee of the AuditingSection—American Accounting Association, and was a member of the Independence Standards Board’stask force, “Accepting Employment with an Audit Client.” Dana R. Hermanson, Ph.D., CPA, is cofounderand director of research of the Corporate Governance Center at Kennesaw State University, where he is anassociate professor of accounting. He was a member of the National Association of Corporate Directors’Blue Ribbon Commission on Audit Committees.