Corporate America is spending literally billions of dollars to comply with the Sarbanes-Oxley Act of 2002 (SOX), but the pivotal question remaining is whether the provisions of this landmark legislation will materially improve the detection and deterrence of fraud committed by senior management. As consumers and shareholders, we will ultimately shoulder these compliance costs, but will it restore our collective confidence in the integrity of financial reporting? This is not another article about SOX requirements and compliance; rather, it is intended to address the underlying issue of its "real-world" effectiveness. Is Corporate America better protected against future senior management fraud? Are deterrents now in place that would have discouraged the previous wave of accounting scandals?

Senior Management Frauds Are the Most Costly of All

Important research in the area of financial reporting fraud was conducted by The Committee of Sponsoring Organizations of the Treadway Commission (COSO) in its March 1999 report, Fraudulent Financial Reporting: 1987-1997, An Analysis of U.S. Public Companies. The report was a follow-up to the commission's initial 1987 findings in Report of the National Commission on Fraudulent Financial Reporting. The 1999 report by COSO examined 200 of 300 cases of alleged fraudulent financial reporting by Securities and Exchange Commission (SEC) registrants as described in its Accounting and Auditing Enforcement Releases (AAER) issued between 1987 and 1997. Among its more prominent findings, COSO reported that in 83 percent of the AAERs it examined, either or both the CEO and CFO were associated with the financial statement fraud. The average fraud period extended almost two years, with only 14 percent covering less than a year, and typically involved an overstatement of revenues and assets. Most companies involved in such frauds were relatively small, with assets generally under $100 million, according to COSO.

In a breathtaking departure from the 1999 COSO report, instances of fraudulent financial reporting since 2000 have extended to Big Board-listed, multibillion-dollar corporations with operations on a global scale. The recent string of corporate governance scandals that contributed to the downfalls of such giants as Enron, WorldCom, Adelphia and HealthSouth all resulted from instances (proven or alleged) of financial reporting frauds orchestrated and then concealed by senior executives.

A more recent study of 72 unique instances of financial reporting fraud based on AAERs issued by the SEC in 1998 and 1999 confirmed that 90 percent of the financial reporting frauds were committed at the senior executive level.¹ Of all the types of fraud uncovered in Corporate America, financial reporting fraud committed by an organization's senior management has undoubtedly been the most costly and most damaging. A recent survey conducted by KPMG LLP (The Fraud Survey 2003) revealed that while financial reporting fraud is the least prevalent type of fraud, it is nevertheless the most costly, with an average dollar loss of more than $250 million per incidence of fraud.²

Given the magnitude of financial losses and the negative ripple effect that senior management frauds can have on creditors' and shareholders' confidence, one cannot help but speculate on the effectiveness of SOX and what issues, if any, remain unaddressed in preventing such frauds from being perpetrated in the future.

Internal Controls Are Handicapped in Preventing Senior Management Frauds

Until now, companies have relied on their internal control systems and external auditors to ensure the integrity and accuracy of their financial statements and disclosures. This reliance has become more pronounced since the July 2002 enactment of SOX as a major legislative effort to restore the credibility of Corporate America's accounting and reporting practices. One of the first provisions of SOX that was implemented was §906, which required that the CEO and CFO each certify the financial statements and disclosures in its quarterly SEC filings, and which provided for severe financial penalties and jail time as punishment for willful violations of this section.

Among its many other provisions, SOX holds senior management accountable for designing, implementing, evaluating and eventually certifying their companies' internal control systems and procedures. Section 404 of SOX addresses management's assessments of internal controls and requires that management include a report of internal control along with its annual report. To put these efforts into perspective, SOX compliance spending is estimated to exceed $5.5 billion in 2004.³

Unquestionably, well-designed-and-implemented internal control systems make it more difficult for dishonest employees and executives to commit fraud, including financial reporting fraud. However, in light of the fact that senior management has been charged with the responsibility of designing, implementing and evaluating its internal control system, there may be serious concerns about how effective a company's internal control system can be in preventing and detecting fraud committed at the senior executive level.

In this regard, we are of the opinion that internal control systems may not be the most effective measure in preventing and detecting fraudulent financial reporting practices "involving earnings management arising from improper revenue recognition and overstatement of assets or understatement of liabilities"⁴ because:

1. Charging senior executives to design, implement and evaluate an internal control system is, to a certain extent, the equivalent of having someone design, install and test a security system that he or she may wish to subsequently thwart.
2. Relying too heavily on internal control systems fails to take into consideration the fact that such systems are most effective in detecting lower-level accounting frauds resulting from misappropriation of assets "involving external and internal schemes such as embezzlement, payroll fraud and theft of a company's assets."⁵ In essence, though misappropriation of assets can occur at any level of a company, it is predominantly committed by lower- and middle-level employees, and can be prevented or uncovered by implementing low-cost internal control procedures, such as segregation of duties. However, for internal control systems to effectively deter senior-management fraud, more complex and costly control mechanisms are necessary due to (a) senior management's ability to bypass control procedures through overriding the system and (b) the difficulty in segregating duties generally performed by senior management. This view is supported by The Fraud Survey 2003, which concluded that employee fraud was found to be the most prevalent type (60 percent), while financial reporting fraud was the least prevalent (7 percent). The survey also indicated that 77 percent of the frauds were discovered by internal control processes.
3. In an effort to reduce costs, implementing internal control procedures has increasingly been used by management and external auditors as justification to replace substantive testing of account balances with analytical review procedures. "Substantive testing" means enacting audit procedures that emphasize detailed testing of account balances, such as confirmation by customers of accounts receivable balances. "Analytical review procedures" are audit procedures that emphasize analyzing year-over-year changes in account balances for abnormal activities. However, evidence suggests that of the accounting frauds uncovered by external auditors, most were discovered through substantive testing of account balances, while only a small portion was discovered through analytical-review procedures. In our view, this is likely due to the fact that many senior accounting and finance executives have significant accounting and audit experience. They know exactly how external auditors work. If senior management is intent on committing accounting fraud, chances are they will go to great lengths to cover their tracks by making fluctuations in account balances appear as normal as possible in order avoid raising auditor suspicions.

One matter in which FTI was intimately involved is American Tissue Inc., a $250 million publicly reporting, fully integrated paper company. FTI was engaged to assist the company with the preparation of a business plan and cash-flow projections. Within two weeks, FTI uncovered a major fraud allegedly perpetrated by senior management and others within the organization. FTI discovered significant overstatement of profits and fraudulent inventory pricing (inventory unit prices were in excess of the selling price), which led to the discovery of other fraudulent transactions. American Tissue had reputable accounting firms conducting annual audits, performing underwriting due diligence and serving as field examiners for the company's lenders—none of whom discovered the fraud. It is not surprising that the fraud was known within the organization by many individuals. The threatening culture propagated by certain senior executives was significantly to blame for the fact that many lower-level and mid-level employees were involved in perpetuating the fraud. This illustrates our point: With substantive testing (actually looking at the supporting documents), senior management fraud can more readily be discovered.

Additional Measures Needed

Management Incentives. Most financial reporting frauds committed by senior management involve earnings manipulation. We believe such fraudulent activity is partly attributable to the mechanisms by which senior executives are compensated. Most senior executives have bonus programs that are directly tied to sales or earnings growth targets or their company's stock performance. The stated goal of such incentives is to align senior management's interests with those of shareholders, but it nevertheless may create incentives to manage or even manipulate financial results for personal gain.

A recent incident of such earnings manipulation is the improper recognition of revenue at Computer Associates International Inc. (CA) allegedly orchestrated by Ira Zar, former Chief Financial Officer; David Rivard, head of sales accounting; and David Kaplan, divisional vice president and the head of financial reporting. According to AAER No. 1988, issued by the SEC on April 8, 2004, "through the conduct of certain members of CA management, including Zar, Rivard and Kaplan, CA engaged in a practice in which CA held its books open after the end of each quarter and improperly recorded, in that elapsed quarter, revenue from contracts that had not been finalized and executed before the expiration of the quarter.... For all quarters of FY2000 combined, CA prematurely recognized over $1.4 billion in revenue from at least 116 contracts that the client or CA signed after the quarter."⁶ In early April 2004, the three former CA executives pleaded guilty to charges of obstruction and securities fraud. On April 21, 2004, Sanjay Kumar was asked to step down as CA's chairman and Chief Executive Officer. According to the New York Times, Kumar, Charles Wang (founder of Computer Associates) and a third executive received $1.1 billion in bonuses tied to the performance of the company's stock in 1998.

As most people tend to behave as they are rewarded, management incentive reform may be a powerful addition to improved internal control systems to curtail financial reporting frauds committed at the senior executive level. It has been suggested by some that companies may be well served by having compensation packages for their top executives approved not only by the compensation committee of the board of directors, but also by shareholders in the annual shareholders' meeting. In addition, instead of short-term financial targets and stock performance, companies should consider linking their top executive compensation to goals that are more long-term in nature, definable and specific, and more difficult to manipulate. In any case, the strong public criticism and potential liability of the NYSE directors that endorsed Dick Grasso's pay package is a loud wake-up call to all directors sitting on compensation committees that the days of rubber-stamping lucrative executive pay packages—some of which may inadvertently create such undesirable incentives—are definitely over.

Ethical Standards. We believe that one of the most important lessons to be learned from the recent unprecedented wave of corporate accounting scandals is that while the perceived loss of business integrity and reputation is not easily quantified, it certainly has an impact on corporate valuation. If Corporate America fails to hold itself to a higher ethical and moral standard, then legislation will—as exemplified by the enactment of SOX. The capital markets will continue to harshly punish companies with questionable financial reporting practices, as demonstrated by significant declines in the market valuation of companies involved in even the slightest hint of accounting improprieties, such as the alleged post-emergence revelations at Global Crossing.

Today, the challenge facing senior executives is to instill a new corporate culture that consistently demands ethical behavior from everyone in the corporation, top to bottom. We recognize that this can be a particularly daunting task, especially for companies with tens of thousands of employees around the world. But with a sincere commitment and determination, we believe it is achievable through education programs for both senior executives and lower-level employees that would provide them with the proper guidance and framework to make the right decisions when faced with ethical dilemmas.

---

Footnotes

¹ Cullinan, Charles P., and Sutton, Steve G., "Defrauding the Public Interest: A Critical Examination of Reengineering Audit Processes and the Likelihood of Detecting Fraud," Critical Perspectives on Accounting (2002). Return to article

² KPMG LLP, Fraud Survey 2003. Return to article

³ Datamirror Corp, "Experts Examine Auditing Requirements Critical to Sarbanes-Oxley," Market News Publishing. Return to article

⁴ PricewaterhouseCoopers LLC, "Key Elements of Antifraud Programs and Controls." Return to article

⁵ PricewaterhouseCoopers LLC, "Key Elements of Antifraud Programs and Controls." Return to article

⁶ U.S. SEC, Accounting and Auditing Enforcement Release No. 1988, April 8, 2004. Return to article