The Koss Fraud: Do Smaller Companies Need New Regulations or Better Old Regulations?

The Koss Corp. fraud case has been in the news since the end of December, so why am I just getting around to writing about it now? Because, that's the way I roll, man.

I don't know if anyone has noticed that a great many of my blog posts are based on not-so-current events. My style, if you can call it that, has been to keep a low profile initially (my father would have called it "procrastinating"), and try for a new angle on a relatively mature topic. That's why, for example, you shouldn't expect much from me on the SEC's latest IFRS missive for the next few weeks. In the meantime, you'll have these thoughts on Koss to chew on, plus a related post to come on the role of audit committees.

What Can We Learn from the Fraud at Koss?

According to Koss's SEC filings, it has only 73 employees, and 79% of the shares of this small company are owned by its directors and executive officers. I certainly don't want to minimize the losses of passive investors (Koss's stock price is holding pretty steady), but the legs of this case as a national story has less to do with a internal control deficiencies and/or a busted audit than with the entertainment value of a story fit for reality TV; to wit, the comeuppance of a two-bit embezzler posing as a pillar of the community, who also happens to be a world-class shopaholic.

The fraud at Koss was allegedly committed by the company's vice president of finance, Sujata Sachdeva, who is accused of siphoning off about $31 million of the company's cash over a five-year period. That's almost one year's worth of the company's revenues, which she allegedly spent on vast quantities of designer clothing and other high-priced tchotchkes.

Incredibly, the fraud might have continued for much longer than five years had American Express not called to the attention of Koss's CEO two large wire transfers made from its bank account to Sachdeva's personal credit card. Sachdeva allegedly did her best to conceal the wire transfers by falsifying the bank account balance.

So, at first blush, the Koss fraud appears to be little more than a sad tale of listless second-generation family management getting fleeced, along with a few passive dabblers in Koss shares. But, others apparently see it differently. For example, the headline of a CFO.com article, "Fraud Case Feeds Sarbox-Exemption Critics" from early January strongly implies that some believe that if smaller reporting companies had not been exempted from the requirement to obtain an audit of internal controls over financial reporting (ICFR), tragedies like this could be prevented.

The Lesson:  Fix That Which is Broken

I actually do agree that there are important lessons to be learned from the Koss case, despite its modest parameters; but that lesson is not that smaller reporting companies should have to obtain an audit of their ICFR. The lesson is more like, 'simple problems have simple solutions.' There are two sorts of reasons for this.

The first sort is related to the costs and benefits of the ICFR audit. These are discussed at length elsewhere, including previous posts of my own, so I won't bore you by repeating them here. But the second kind of reasoning is where the path to improved financial reporting lies. Not to put too sharp a point on it, but there are much more efficient options available than to simply award the audit industry a new franchise.

To see what those alternatives could be from the perspective of the Koss case, I will enumerate (in no particular order) the major overlapping systems that together serve as the barrier to financial reporting abuses. I'll demonstrate that each of them could be easily improved in ways that would significantly affect the likelihood of a fraud, like the one at Koss, from occurring.

An issuer's board of directors has a fiduciary duty to shareholders to ensure that the issuer is led by competent individuals who are motivated to achieve appropriate operational and financial objectives.

If I were a consultant to Koss, the first thing to be evaluated would be its planning and budgeting processes. Indeed, I would be surprised if Koss actually did very much beyond, say, set sales goals. But, if Koss had a profit plan, and the discipline to rigorously evaluate itself periodically against that plan, the unauthorized expenditures on clothes and tchotchkes would have become self-evident.

The larger lesson is that boards of even small companies have to exercise a degree of oversight that ensures that management sets goals for itself, and that management is evaluated against those goals.  An ICFR audit won't fix that. 

The issuer's principal executive and financial officers certify that, to the best of their knowledge and after taking the appropriate steps to become informed, the financial statements are free of material errors.

Sachdeva's official title was "vice president of finance and secretary," and Michael Koss, who has served as "president, chief operating officer and chief financial officer" for over 20 years, signed the certifications required S-OX as both head honcho and head finance guy. Thusly, Sachdeva, who must have had free reign over the company's finances, was able to escape signing off on financial statements that she must have known were materially misstated.

This unusual statement of affairs presumably occurred with the blessing of Koss's legal counsel, who would have provided a very liberal interpretation of the applicable provisions of S-OX and SEC regulations. But, who benefited from that liberal interpretation other than Sachdeva, the only named executive officer in the executive compensation disclosures described as having a finance function? A clear lesson from this case for the SEC is that it should issue additional guidance for determining when one person at a company can sign a S-OX certification as both CEO and CFO.

An ICFR audit isn't needed to fix this.  What the company really needs is a system for operational planning and control.

The "independent" auditors certify the financial statements

CFO.com reported that Koss:

"… fired its accounting firm, Grant Thornton, on New Year's Eve. The auditor's response has been to highlight the fact that Koss is one of the companies that are not yet subject to Sarbox's Section 404(b), which requires an auditor sign-off of internal controls. 'The company did not engage Grant Thornton to conduct an audit or evaluation of internal controls over financial reporting,' says a spokesperson for the accounting firm. 'Establishing and maintaining effective internal control is management's and the board's responsibility.'"

Nothwithstanding anything that Grant Thornton has put out there for public consumption in their own defense, who among us has not asked themselves how GT could have missed a falsified bank balance. Few details are available, but it must be noted that the alleged fraud took place over five years. I can't resist speculating that the bank reconciliation portions of the audit work papers were generated by the most junior person on the engagement, who failed to appreciate the potential significance of large transfers to American Express (a non-vendor) for $382,000 and $1.4 million.

And, just for good measure, I'll mention yet one more time my support for mandatory audit firm rotation. Just the fear of a fresh set of eyes every few years could have deterred a fraud of this nature.

An ICFR audit shouldn't be need to do a bank reconciliation properly.

The issuer's audit committee, which is composed of "independent" board members and has unfettered access to its own outside experts, oversees the work of the "independent" auditors.

Three of the four members of Koss's audit committee had been serving on the board for more than two decades, and none of them list any direct experience whatsoever in accounting or auditing matters.

The audit committee financial expert was, and is still, 77-year old John Mattson. The only qualification listed for him is that he is the retired president of Oster Company, a division of Sunbeam Corporation. I don't want to cast unwarranted aspersions, but the shareholders of Sunbeam were the victims of an infamous and massive accounting fraud perpetrated by one Albert (Chainsaw Al) Dunlap in the late 1990s. I don't know whether Mr. Mattson was involved with Oster at the time, but the irony of a former Sunbeam executive at Koss while a fraud occurred is inescapable. 

An ICFR audit would devolve into a compliance exercise in the hands of a disinterested, uninformed, and moribund audit committee.

The threat of enforcement of the securities laws and SEC regulations by the SEC itself and private parties discourage intentional misstatements.

Although I have nothing specifically with respect to Koss in this regard, I do want to point out a very interesting op-ed piece from Joel Seligman that recently appeared in the New York Times. Among the points he made was that the rate of financial fraud at various points in time is negatively correlated with the size of the SEC staff.

The SEC and analysts review issuers' financial statements

A fraud that siphoned about 20% of revenue each year could not possibly escape detection by analysts of any stripe (or the auditors for that matter) if detailed reconciliations of the beginning and ending balances of all balance sheet accounts were required in the financial statement notes. There would simply be no place to hide the fancy clothes and the overpriced tchotchkes.

An ICFR audit is not a substitute for appropriate external controls over financial reporting

If the SEC is looking for demonstrable improvement in the quality of financial reporting through convergence with IFRS, they should unambiguously state to both Boards that they regard full transparency of changes to balance sheet accounts as the most effective measure for discouraging fraud and earnings management.

Winding Up

The point of this post is to show that strengthening elements of the financial reporting system that are already in place for all public companies would be more effective than adding a new element, such as an audit of ICFR.

We should require increased transparency through comprehensive reconciliations of balance sheet accounts, strengthen auditor independence through mandatory audit firm rotation; and strengthen board and audit committee independence through enhanced disclosure requirements and regulatory oversight.

Sarbanes-Oxley and Smaller Reporting Companies: There is a Better Way

I apologize for the long interval between this and my last posting – especially to those of you who have privately thanked me for material just boring enough, and long enough, to induce a good night's sleep. Tax blogs, I am told, are much too potent unless one is planning to spend an entire holiday weekend in bed.

This long-awaited naturopathic sleep remedy is based on Floyd Norris' recent critique of efforts to roll back some of the provisions of the Sarbanes-Oxley Act. Roughly in descending order of offensiveness, we have movements afoot to:

1. Place the FASB under the supervision of a systemic risk agency, which would in turn be heavily influenced by the banking interests who still blame fair value accounting for the financial crisis;
2. Rescind for companies that have a public float of less than $750 million the requirement that an auditor attest to management's assertions regarding the effectiveness of internal controls (S-OX 404(b));
3. Challenge the constitutional legitimacy of the PCAOB; and
4. A House of Representatives committee vote to exempt the 6,000 'smaller reporting companies' (i.e., market cap. < $75 million) from complying with S-OX 404(b).

If I had been writing a blog back in 2002 as S-OX was being rushed to a vote in spasms and fits of self-righteous bipartisanship (did blogs actually exist?), I would have predicted something like this would be happening about now. Having nothing whatsoever to do with the philosophical leanings of the party in the majority, such is the formula by which U.S. political dramas are scripted. Declarations of war (figuratively and literally) through zealous and hastily enacted statutes are inevitably followed within just a few years by reversals to more moderate positions. Regarding the securities laws (and holding the frightening prospect of IFRS adoption aside), we are clearly in a period of moderation, albeit more misguided than usual.

While I echo Norris' sentiments on the first three items, I had only a few weeks ago expressed my glee that requiring smaller public companies to comply with S-OX 404(b) might soon be trashed. I had previously observed that S-OX 404(b) attestations have appeared to devolve into a go-through-the-motions exercise. Those suspicions are validated to some extent by a recent ruling against defendant Deloitte on a motion for summary judgment in a lawsuit alleging that Deloitte failed to adequately report on internal control deficiencies at WAMU. Jim Peterson of the Re: Balance blog avidly follows the solvency tightrope that each of the Big Four is walking as they try to fend off litigation arising out of 'traditional' public company audits. His view is that auditors should walk away from S-OX 404(b) work while they are still ahead. 

There Must be a Better Way

Even though S-OX could have, and should have, been more tightly focused on measures to prevent another Enron or WorldCom from happening, something was missing in the securities laws for providing reasonable assurance that management public companies, both large and small, are taking their financial reporting responsibilities seriously enough. I just don't agree that S-OX 404(b) was the right way to go about it.  Notwithstanding other merits of a financial reporting regulation, a windfall to gatekeepers, especially those sharing the blame for a lack of confidence in the system, is a reason for any reasonable person to be suspicious. 

Given that change is in the offing, now may be the time to bring back my old war horse, mandatory audit firm rotation. The resistance to mandatory audit firm rotation in the wake of Enron and WorldCom came from the AICPA, which couldn't bear the thought of auditors being audited by other auditors. Their main stated argument had been that switching costs would be too high, as audit efficiencies in the client's environment take a few years to be realized.

Even accepting the AICPA's excuse, which I absolutely do not, it is a fact that the vast majority of audits of smaller firms are much more straightforward. That should mean that the successor auditors can, relatively speaking, take over from predecessors without breaking stride. I would like to suggest to Mary Schapiro that, instead of pushing against the bipartisan will of Congress to let smaller reporting companies out of S-OX 404(b), she should promote mandatory audit firm rotation. There is nothing to suggest that it will impose anywhere near the scale of costs engendered by S-OX 404. With little at risk, it could actually transform audits from a make-the-client-happy exercise to one that moves the U.S. toward the forefront of global capital markets just in terms of basic integrity.

Let's pick 2,000 smaller reporting companies at random and require that they switch auditors within a year; another 2,000 next year, and 2,000 the year after that. If done right, there should be a wealth of data for the SEC and academics alike to analyze. For the next time we take a whirl on the regulate/moderate merry-go-round, we will at least have some hard evidence to take along.

(By the way, I recommend that you try Kevin LaCroix's D&O Diary blog for excellent non-technical summaries of current developments in securities litigation.)

S-OX 404(b) for Non-Accelerated Filers: A Political Crime Waiting to Happen

Section 404(a) of the Sarbanes-Oxley Act, together with SEC rules implementing the provisions of the Act, require management to assess and report on the effectiveness of internal control over financial reporting (ICFR). It took a few years for the SEC to phase everybody in, but all public companies, large and small, are now subject to the requirement.

As pretty much everyone knows, however, S-0X 404 doesn't stop with a management report. Auditors get in on the action in Section 404(b). Therein is the lucrative requirement that an independent auditor attest to management's assessment regarding the effectiveness of their internal controls over financial reporting (ICFR). One person testifying before Congress has called the provisions of S-OX 404(b) the largest windfall to audit firm partners in history, and as I will soon describe, 6,000 more public companies await a new 'service' for which the benefits are, to be charitable, unclear.

Why S-OX 404(b) is Little More than Chicken Salad for Auditors

The corporate corruption scandals that got politicians moving on the Sarbanes-Oxley Act of 2002 were the result of fraud by CEOs and CFOs. ICFR can have little to no impact on the actions of the top executives, because they always possess the power to override internal controls, or sometimes to orchestrate collusive schemes that circumvent those controls. Thus, Section 404 cannot possibly do much to mitigate these particular sources of fraud risk; and there is no better example of that than Enron itself. I have been told (but have not verified) that Enron was the only public company to disclose with much pride and pomp that it paid its world-class, independent auditor to perform a separate evaluation of internal controls. Andersen's report was, of course, clean as a whistle.  

No one should doubt as well, that Enron's relationship with its auditors wasn't much cozier than the norm, either. No matter who the client is, and especially if it is a big one, material weakness are generally only reported after an error has occurred; i.e., after a control has obviously failed. Thus, all the machinations to test ICFR, and prevent a control from failing, don't add much beyond the testing of account balances that occurs as part of the regular financial statement audit.

So, it remains questionable at best, that S-OX 404(b) has created a safer environment for investors to trade their shares. Auditors, on the other hand have been champing at their bits, waiting for the SEC to throw them some fresh meat: the 6,000-odd smaller public firms (technically, "non-accelerated filers) who are not yet required to pay for an ICFR report.

Chicken Salad Days Appear on the Horizon

The auditors received some good news on that front a few days ago when the SEC announced that the stay of execution for non-accelerated filers would be extended only until their annual reports for fiscal years ending on or after June 15, 2010. Chair Schapiro and one other commissioner also issued statements to 'assure investors' that no further extensions would be granted.

Indeed, the SEC's Office of Economic Analysis has completed the last of the SEC's go-through-the-motions machinations to steer S-OX 404(b) through the gauntlet of thousands of irate registrants who resent the additional audit fees imposed upon them -- and the additional hoops they must jump through. And, what did OEA's report have to say? As it turns out, not much at all. Although changes to SEC and PCAOB guidance may have reduced the cost of S-OX 404(b) implementation for companies that currently must comply, OEA did not even address the key question: whether the costs of complying with S-0X 404(b) has been less than the benefits, or whether benefits can be expected to exceed the costs of compliance for the 6,000 companies in line to be plucked. It must surely be the case for non-accelerated filers that initial implementation costs are most onerous, especially in an economic down cycle. But nothing so obvious and significant was to be found in the OEA's report.

The Skinny on the Costs and Benefits of Section 404(b)

If I were writing OEA's report, I might have begun and ended with the following modest, albeit virtually dispositive, back-of-the envelope calculation: The total value of all public traded equities in the U.S. is very approximately $14 trillion, based on information available from indexes published by Wilshire Associates. Let's conservatively assume that each and every non-accelerated filer has a total market cap of $75 million, which is the maximum market cap for a non-accelerated filer. Even under that very conservative assumption, 6,000 non-accelerated filers comprise (at the very most) only 3.2% of aggregate equity values.

In the best of worlds (i.e., assuming that there is real information in an auditor's attestation report) can the new fees that auditors will charge these 6,000 smaller companies provide loss protection that will cover the billions of dollars in aggregate fees? Don't bet on it.

In fairness, the SEC would say that their hands are tied; S-OX directs the SEC to require ICFR attestation reports from all public companies. So, what should really happen is for Congress to wake up and amend S-OX to permanently exempt non-accelerated filers from the requirements of Section 404(b). Will it happen? Don't bet on that one, either.

What upsets me the most is that chair Schapiro is once again catering to the wishes of the Big Four instead of affecting much needed reform, as she has pledged to do. Schapiro should use her bully pulpit to inform Congress that they have created an obvious case of excess regulation. Notwithstanding the sorry fact that S-OX 404(b) has devolved into a waste of time for all issuers, to extend it to non-accelerated filers would be nothing less than criminal.

Instead, of rushing to require ICFR audits, why don't we just sit back and wait to see how many non-accelerated filers will voluntarily submit to an examination of their ICFR – just like Enron did. 

 

Accounting Convergence: Deconstructing the SEC's Message

John White, Director of the SECs Division of Corporation Finance, gave a speech at Financial Executives International Global Financial Reporting Convergence Conference last week (June 5, 2008). In no uncertain terms (and with apologies in advance for the bad pun), it was a whitewash for the benefit of the members of the club. I am writing this post, with the objective of waking up at least some investors to the realization that their interests are being trampled upon by the auditors they pay for, their very own executives, financial intermediaries, and sad to say, the SEC.

So, peeling off the oily-based camouflage, here is the bare bones of White's speech -- at least as I see it.

Good morning. Let's skip the formalities and get right to the point. I truly believe that the endpoint of global accounting convergence will be U.S. issuers using IFRS and that it is time to move in this direction. Even though I can't mention the real reasons in public, here are the five darn good ones we're currently pitching.

First, the SEC will have less influence over accounting standards. That's a good thing, isn't it? Even though other regulators don't ask the tough accounting questions like we do, we are going to work with them and pretend we agree. Remember Societe General? We don't, and thats what I'm talking about. Even though the U.S. representation on the IASB will shrink, I know we can count on the Chinese and Europeans to come up with reasonable answers on technical issues like disclosing related party transactions, securitizations, hedging, contingent liabilities, business combinations, and about the twenty other things that really aren't so good about IFRS -- and I don't want to discuss today. Especially not business combinations: the IASB sure screwed up IFRS 3 after we improved FAS 141R, but that probably wont happen again. And sure, the IASB has some governance issues, but we'll be able to fix that with our single seat on a committee of securities regulators from all over the world that will oversee the IASB's activities. Im sure we'll all get along just fine, and everyone will listen to us because we are from the USA.

Second, IFRS leaves a lot more room for management judgment. That's a good thing, isn't it? We believe that investors most want management to have more tools at its disposal to help them manage earnings. That will go a long way to eliminating outright fraud, because management won't have to risk going to jail to make their numbers. And besides, if managements judgment is really, really unreasonable, auditors will be there to fix things, right? (Uneasy laughter from the audience.) Don't laugh! Investors aren't the only group the SEC protects. The feelings and needs of issuers who report financial results must be considered; that's why I haven't mentioned the needs of investors without also mentioning the needs of issuers.

Third, and speaking of auditors, it is going to cost billions of dollars to implement IFRS in the U.S., and auditors, one of our favorite charities, will be raking in a big chunk of that. Despite overwhelming evidence from rigorous academic studies that these costs will provide little or no benefit to investors -- and even that U.S. GAAP is associated with better information and lower cost of capital -- we have to come up with some way to employ the next wave of accounting students, especially since our last full-emplyment initiative -- SOX 404 work -- is drying up.

Fourth, assessing a companys financial results should not depend on what country a company is from. Differences in corporate governance, laws, business norms and culture do not matter to investors, so accounting rules can be the same, and will be interpreted the same whether we're applying them to companies in China or the United States. After all, IFRS is principles-based, isnt it? (More laughs from the audience.)

Fifth, global capital markets have been growing by leaps and bounds for decades, apparently unhindered by the polyglot of accounting standards in use throughout the world. But, having a single set of accounting standards is going to become really, really important; trust me on this one.

I want to conclude by explaining what I mean by "truly believe." I'm just a politician ... whoops, I mean lawyer ... who really doesn't know much about what all you CFOs have to go through to make your numbers. Frankly, the details of the differences between IFRS and U.S. GAAP don't concern me much. I just threw in "truly" to impress upon you that I am on your side -- kind of like "no kiddng," or "I swear." In other words, even though I dont have a single good answer to any of the questions I have raised today, dont worry, because we're going through with this anyway. I truly believe that If IFRS is good for you, it's good for the SEC; and it must be good for everyone.

Thank you and good night.

More on the CAQ Survey

I thought I had beaten flat the CAQ's survey of audit committee members in my last post.  Lo and behold, here is one more nasty tidbit brought to my attention that merits sunlight.

Among the organizations that with whom CAQ partnered for the recruitment of survey takers was the National Association of Corporate Directors (NACD).  NACD must know who among its members are on audit committees; nevertheless, it blithely sent CAQ's survey out as a mass mailing to all of its 17,500 members.  As you may well have anticipated, there were no controls to ensure that the survey would be responded to by audit committee members only.

OK, so maybe not all respondents were actually members of audit committees -- big deal. But, what if respondents weren't even members of a corporate board?  According to the NACD website:

"NACD accepts both individual and full board membership. Associate membership is available to professional services organizations -- such as legal practices, audit firms and compensation consultants -- who provide essential board guidance and advisory services." [italics supplied]

Recalling that CAQ based their statistics on the responses of only 253 volunteers, how many of these volunteers weren't even board members?   What if 50 of the respondents were actually audit partners?  My point is that they survey methodology was so loosey-goosey, we have no way of knowing. 

Gatekeepers Hoodwinking Gatekeepers

As Bejamin Disraeli said, "There are three kinds of lies: lies, damned lies, and statistics."  Perhaps statistics is the most insidious of the trio because they can be the most beguiling.  The CAQ sits at the same point on the Disraeli scale as any other lobbying organizations who conciously produce data that they intend to be mistaken for information.  But, there should be an important difference: the CAQ is controlled by audit firms who, according to the "P" in "CPA", purport to be ethically bound to protect the public interest.  When journalists are hoodwinked by CAQ into reporting on mere data as if it were information, then CPAs have failed to live up to the ethical standards of those who fund it.

Journalists also function in a large sense as gatekeepers for misleading information.  How ironic is it that CAQ, an organization funded and controlled by audit firms, was so facile in its manipulation of other gatekeepers?

Low Quality Stats from Center for Audit Quality

Much ado has been made lately of the insubstantial contribution business school professors have made to practice through research.  Accounting research of the last forty years, being no exception, was blasted in a commentary in the Chronicle for Higher Education for not addressing questions relevant to accounting professionals.  The authors, academic accountants themselves, blame universities for not providing more robust incentive systems to encourage a broader range of topics and methodologies. 

I want to add another reason:  practitioner organizations barely give lip service to academic research, because their members actually don't want to know what academics have to say.  That's because the truth can be so darn inconvenient (apologies to A. G.).  Just recently, the Financial Accounting Foundation says it doesn't believe it is necessary anymore to have academic representation on the FASB (see earlier post); and now a new report by the Center for Audit Quality (CAQ) presents the results of their "commissioned" survey of audit committee members.  "Research," by any standard academic, it ain't.

I have two problems with the survey.  First, the survey methods are so crude, that if an academic had tried to present this work to peers as serious research, either his sanity or intelligence would be called into question.  Second, the presentation of the "key findings," such as they are, have been skewed to fit the public relations agenda of the accounting profession:  post-Enron rehabilitation of auditors' reputations, and entrenchment of the revenue-producing aspects of SOX.  Other than these two criticisms, the report is just fine.

Let's start with the methodology:

Non-random sample -- CAQ states, without explanation, that it was "not feasible from a cost or time standpoint" to take a random sample.  How ironic is it that an organization sponsored by auditors would forgo random sampling, the indispensable basis of so many auditing standards, procedures and concepts?  CAQ blithely asks us to assume this is a minor detail:

"With a pure probability sample of this size, one could say with ninety-five percent confidence that the overall results would have a sampling error of +/- 6.2 percentage points.  As this survey is not a pure probability sample, theoretically no sampling error can be calculated."

Setting aside that calculation of a sampling error is not "theoretically" possible (read simply as "not possible in any way, shape or form"), +/- 6.2 percentage points is actually a pretty large number that can affect one's reading of the results.  Maybe that's why it is not mentioned again in the report.

Sample size -- Let's agree that the population of interest, audit committee members of public companies, number very approximately 10,000.  Only 253 of them volunteered in response to invitations to participate.  Given the low participation level, it is highly likely for non-respondents to have significantly different opinions than the self-selected volunteers.  If anything was done to test that proposition (yes, academics routinely apply techniques for doing so), CAQ did not report it.

Sample demographics -- CAQ gathered very little information about the respondents.  We know virtually nothing about their financial or accounting expertise.  For example, how many are "designated financial experts"?  How many are former auditors? 

We do know, however, that 44% took their first position on an audit committee post SOX.  As some of the key survey questions ask their opinions about the pre- and post- SOX environment, their opinions may be different, or even less reliable, than the respondents with longer tenure on audit committees.

Wording of the questions -- Let's say you joined your first audit committee in 2007.  How would you respond to this key question:

"Based on your experience as an audit committee member [italics supplied], how would you rate the overall quality of audits of publicly traded companies being conducted today?

First, I don't know if a respondent could reliably separate their audit committee member experience from their prior experience.  Second, given the variability in length of tenure of audit committee members -- some pre-SOX, and other not -- it appears as if two populations are being combined into one. 

The next survey question is:

"And over the past several years, would you say that the overall quality of audits of publicly traded companies has...?" 

Assuming that the "based on your experience" language carries forward, how is the newbie audit committee member supposed to answer that?  Dunno.  Remember, these folks are 44% of the respondents!

Integrity and Objectivity Red Flag -- Neither the organization that purportedly conducted the survey was disclosed in the survey report, nor the scope of their responsibilities.  Imagine an audit report not identifying the auditor; this is not much different.  Was the contractor a well-respected company that didn't want to be associated with the end product?  Was it an organization with other ties to CAQ?  Just asking.    

Now, on to the reported "key findings"

Current state of audit quality -- The audit committee now appoints the auditor and reviews their work much more closely than in the pre-SOX era.  What board member would be willing to admit, even anonymously, that their choice of auditor was a mistake?  So, it's not surprising that CAQ finds that 95% of respondents rate their auditors' work as "good" or better.  As a "key finding", it's a big fizzle. 

The other side of the coin is more provocative: a client paying top dollar for audit services should not be satisfied with work that was only "good" or "fair." That's how 22% of respondents saw it.  Moreover, 17% said that the situation had not changed or worsened since the passage of SOX. 

Risk of fraudulent financial statements -- CAQ blithely reports that 87% of respondents believe the risk of releasing financial statements that are materially inaccurate due to fraud is not very high.  That's a good thing?  I don't think so, especially when you consider that these are audited financial statements!  Has SOX affected the potential for fraudulent misstatements?  The CAQ would like you to think so, because auditors sure have made a lot of money out of ICFR audits.  Yet, unstated is the fact that 40% of respondents do not believe that the risk of fraudulent misstatement has decreased with SOX. 

Complexity of financial statements -- CAQ would like you to believe that audit committee members think that financial statements are too complicated.  But, the questions don't even begin to address the nature of the complexity, or the sophistication of the respondents as regards financial statements.  And if you still doubt that a self-serving agenda is driving the report, here's the smoking cannon: buried in the back pages (question 17C) is the undiscussed finding that respondents clearly do not feel that GAAP is too complex.  Yet financial statements are too complicated.  Figure that one out!

If you are one of those who believe that the CAQ was created by the powers that be to function as shill for audit firms, then this survey report could be your Exhibit A.  It is also Exhibit A for my point that practitioners with self-serving agendas have good reason to be threatened by the contribution of academics.  But, if truth is the goal, then the participation of academics, trained and paid to apply discipline and rigor to a question, is an asset. 

The PCAOB is Auditing the Wrong Auditors

Did you know that:

• The Sarbanes Oxley Act requires the Public Company Accounting Oversight Board (PCAOB) to inspect audit firms with one or more public companies as clients at least once every three years, and that firms with more than 100 clients have to be inspected every year;
• There are currently more than 700 audit firms that are subject to PCAOB inspection; and
• More than half of the PCAOB's $130 million budget  and 500 employees are dedicated to inspections?

If you knew all that, you're a nerd like me.  But, here is something I didn't know until I attended a presentation by a senior PCAOB staff member recently, who included this table among his Powerpoint slides:

The first three columns aren't a big surprise, but the fourth one is a whopper: of the 750 audit firms out there, 99% of them audit an aggregate 1% of the reported revenues of public companies!  The presenter made the point that all audit firms are thoroughly inspected, so it would not be outlandish to guess that significantly more than half of the PCAOB's inspection resources (> $65 million) are protecting the public against the equivalent of a flea bite on the hindquarters of a bull (market). And, add to the PCAOB's waste of its own money, the significant costs imposed on small audit firms of submitting to PCAOB inspections.

I am certainly not against regulations to incentivize high-quality audits by all firms, but what we have here is an Economics 101 case study on the pitfalls of centralized planning happening right here in the good 'ole US of A. 

No Incentives to Right the Wrong

If you passed my trivia test, you would also know that the demand for qualified accountants and auditors has increased since SOX--and so have their salaries.  I have heard SEC staffers claim that they have trouble hiring qualified accountants for their own inspection work due to the competition provided by the PCAOB. 

What I find most irritating is that PCAOB members, each paid over $500,000, are not screaming loudly at Congress that the static burdens imposed by statute on their august organization render one of its two most important functions (the other is promulgating auditing standards) half as efficient as it could be.   Well, here's the freakonomics of it:

• The PCAOB has no incentive to control costs by reducing the number of unnecessary inspections.  The more inspections that are mandated by SOX, the larger the budget that can be justified for approval by the SEC. 
• The Board members personally benefit (albeit indirectly) from bloat. The larger the scale of PCAOB's operations, the easier it is to justify their salaries.

The Board's greatest fear should be that their inspection of the audit of a Fortune 100 company concludes without discovering a problem -- and that the audit turns out to be as big a bust as the Arthur Andersen audit of Enron.  Evidently, it doesn't register with the Board that the big bucks they get are to make sure that one thing doesn't happen. They should be doing everything in their power to make the inspection process more efficient--including lobbying Congress to craft a more sensible mandate for the PCAOB's inspections -- and by the way, puts an end to the persecution small audit firms.   

The Four Sins of Stock Option Backdating

I have a weak spot in my heart for my former students--especially if they were also my tennis or cycling buddies.  Chris, of the cycling variety, recently sent me this email message:

...So, today I was reading some posts on the Greg Reyes trial/verdict (he was the CEO of Brocade ...  I must confess that I've heard all the fuss, but don't really understand it (and haven't followed it very closely) ... was wondering what you make of it all.

Chris, I'm not going to remark about the specifics of the Brocade case, and would rather give you a broad outline of the general issues underlying illegitimate stock option backdating.  The following simple example is representative of the types of transactions that have been questioned:

The board of directors of BD Company met on December 1, 20x1, on which date the market price of BD was $50 per share.  The board authorized the granting of one at-the-money option to BD's CEO, to vest over two years. The CEO instructed the vice president of human resources to backdate the option to November 1, on which date the market price of BD was $40 per share.

The stock option backdating scandal involved four kinds of ripoffs, which I'll describe more fully below:

1. Shareholders ripoffs--By selecting a date in the past on which the stock price is lower than the current stock price, options are deceptively granted in the money.  In my simple example, the effect is to transfer more value to executives than the board of directors intended.  In some cases, the board may actually participate in the backdating scheme.
    
2. Accounting fraud--Options that were effectively granted in the money (because the real grant date is not the backdated one--it's the date the board authorized the award) are accounted for as if they were granted at the money.  Under APB 25 (recently superseded, but in effect during the halcyon days of scandal), expense is measured at the intrinsic value of options at their grant date. (I'm oversimplifying here, but am being specific enough to make the point.) In my simple example, recording zero expense overstates net income by $10, which is the intrinsic value of the option. Often, the accounting fraud has not had a material impact on earnings, except that it was an essential to misstate earnings in order to cover-up the shareholder ripoff (See #1, above).
   


3. Tax fraud--In addition to backdating grant dates, there is strong evidence of executives backdating their exercise of options to a date on which the stock price was low. In so doing, they could reduce the amount of payroll taxes they owed, and reduce the amount of profits they realized on exercise from being taxed at ordinary rates.  If they could then manage to hold the stock for at least a year, they would eventually pay taxes on the rest of their profits at the lower capital gains rate. 


4. Inadequate SEC regulations created a loophole the size of Arthur Andersen--Under SEC rules (promulgated under Section 16a of the Securities and Exchange Act of 1934), executives have to report (i.e., publicly announce) their personal acquisitions of financial instruments issued by their company, and also derivatives underlying those financial instruments.  Until Congress forced them to tighten the loophole (one of the many good things accomplished by SOX), executives had as much as 40 days to report the transactions.  In effect, that gave executives a window of more than a month from which to cherry-pick the lowest share price for option backdating purposes.  A funny thing happened when the report due date was shortened to two days: backdating disappeared. 

That last point, above, doesn't get a lot of press, but it rankles me the most.  I had criticized the SEC for years about the 40-day window--not because I was aware of the backdating frauds, but because I didn't see why investors had to wait so long to receive important information about executives trading in their own shares.  Of all the wonderful things Arthur Levitt tried to accomplish as SEC chair, I don't know why this one wasn't on his radar screen.  After all, it was during his watch that the SEC first floated the idea of accelerating the due dates of annual reports.  (Dear Mr. Levitt, if you perchance should read this, I would consider it an honor to publish your response.) 

Based on the number of SEC investigations and the academic research that exposed this repulsive scandal, there must be hundreds of executives who betrayed the trust of their shareholders with the some criminal indifference that possessed Enron's top guys.  Also similar to Enron, there are likely just as many dupes and facilitating lawyers, accountants, board members, etc. as there were executives who profited directly.  For those Pollyannas amongst you who thought that Sarbanes-Oxley was an overreaction to the crimes committed by a few, I hope the stock option backdating scandal has transported you closer to my world.

So, Chris, you owe me one ... or maybe I owed you one.  It doesn't matter.      

How to Prevent Your Auditor from Telling the World You're in Deep Doo-Doo

Jonathan Weil, the accounting and corporate finance columnist for Bloomberg News, has written an excellent column (read it!) on auditors failing to provide going concern qualifications in reports when they are clearly warranted.  I want to comment briefly on the following points Jonathan made:

• Following the bursting of the dotcom bubble, a Bloomberg study found that auditors failed to provide a going concern qualification for 54% of the 673 largest bankruptcies between 1996 and 2002.  It reminds me of earlier days when I was at the SEC during the S&L crisis. Walter Schuetze, the Chief Accountant was particularly irritated by the auditor's failure to include going concern qualifications in their reports--even when the book value of net assets (largely financial, since he was looking at banks) was substantially above market capitalizations.  Evidently, nothing changed.
• Auditing standards require the auditor to add a going concern qualification to its report when there is 'substantial doubt' about an entity's ability to survive.  I bring these weasel words, 'substantial doubt' to your attention, because of my recent post on the subject of the weasel words in AS 5 and FAS 5, which allow auditors and companies to evade their responsibilities to investors.  I have no clue what 'substantial doubt' means.
• The FASB recently voted unanimously to add a project to its agenda that would make a company's management responsible for assessing the possibility of failure to continue as a going concern.

The Really Interesting Part

Of news to me in Weil's article was a situation he described, where companies can be in technical default on their loans if the auditor issues a going concern opinion.  It appears to be commonplace, and the story told about American Home is particularly depressing:

"You think your job is tough? Think about the poor schlimazels from Deloitte & Touche LLP who blessed the books at American Home Mortgage Investment Corp., mere months before it went belly up....

Tucked inside American Home's credit-facility agreement was a clause that said the ... company would be in default with lenders if its auditor tagged it with the dreaded going-concern language.

For the accountants, if they thought for even a second about this, it must have felt like staring into a house of mirrors. Had they made what proved to be the right call, they probably would have inflicted a mortal wound on American Home. Then again, looking back, a self-fulfilling prophecy would have spared investors from the company's April 30 public offering of 4 million shares at $23.75 each, the prospectus for which incorporated Deloitte's audit opinion. American Home's shares closed yesterday at 22 cents.

Weil makes it clear that loan covenants triggering technical default can have an undue influence on the auditor, who is already gun-shy about issuing going-concern opinions. The Financial Accounting Standards Board project to require chief executive officers to provide disclosures of going-concern risk has only just begun; and I ask myself whether CEO's have incentives to do a better job identifying high going concern risk than auditors.  Of course not!!  If anything, putting the fox in charge of another henhouse would make matters worse.  It would also give auditors some reprieve where none is deserved or needed.  Also, it would just add another layer of internal controls over financial reporting for which auditors could charge higher fees. (What a surprise!)

K.I.S.S.

As an interim step, the SEC should require prominent disclosure of contractual terms that would trigger material adverse consequences depending on the type of audit opinion issued.  It should also direct the PCAOB to clean up the weasel words that auditors hide behind in avoiding going concern qualifications. 

Beyond this, Sarbanes-Oxley has reinforced the principle that it just ain't kosher for management to unduly influence the auditor; and this principle should be followed to its logical conclusion.  That is, this type of arrangement should be prohibited.   I am quite sure that the lending community should have no problem finding other technical-default triggers that are just as efficient and reliable, if not more so.

Finally, I can't resist beating the mandatory-audit-firm-rotation drum just one more time. (I couldn't decide whether I wanted to beat a drum or a dead horse. I picked a drum because I'm an optimist.)  The shameful state of affairs exemplified by the American Home debacle is just one more thing that Congress could have mitigated by mandatory audit firm rotation. Given the fees auditors charge for their Sarbanes-Oxley work, which are still increasing, mandatory rotation would cost less and be more effective.

Would Someone Please Audit the Auditor?

Auditors are not priests, immune to the temptations of the material world.  Many of us have come to realize that even priests are not priests. 

Granted, the mindset may have been different in 1933.  That's when representatives of the accounting profession were able to convince Congress that government involvement in audits would not be necessary, and it was not even necessary to "audit the auditors."  The public could rely on the "conscience" of auditors to do the job right.  As Bill Cosby's Noah said to God, "Right." 

Could mandatory audit firm rotation have prevented at least some of the major accounting scandals?  Would it have been more effective, and less costly, than SOX 404?  Guess what I think. 

Enron, Tyco, Kmart, Xerox.  Whichever accounting scandal you can name, pre- or post-SOX, the odds are that culpable auditors had been at the same trough for decades.  In 2003, the GAO reported that average tenure of auditors to the Fortune 1000 was 22 years.  From my personal experience, it is not uncommon to find the same auditor retained by a firm for more than 40 years.   How would you like to be a first-year  partner-in-charge, and to be put between the rock that has been one of your firm's biggest clients for decades, and the hard place that is their material violations of GAAP?  If you're lucky, they'll fit you with a muzzle and give you an offer you can't refuse--like a transfer to Finland.  In fact, that's what KPMG's head did to the irksome partner who was questioning Xerox's management over their many fraudulent accounting techniques. 

The theory behind mandatory audit firm rotation is that successor auditors would have a strong economic incentive to perform a thorough initial review of their new clients, so as to avoid exposure for restatements occurring on their watch. The really interesting part is the incentives it gives to the predecessor auditor, who expects the successor to be as strict as a drill sergeant inspecting the barracks on his first visit.  Mandatory firm rotation makes too much sense, and perhaps now that we have evidence on the costs and efficacy of SOX 404, it may be time to reconsider it. 

I say 'reconsider', because I believe that Paul Sarbanes, the Democratic Senator from Maryland, placed mandatory audit firm rotation at the foundation of the bill he first envisaged.  It was vigorously opposed by the AICPA (the accounting counterpart of the National Rifle Association); for successor auditors pitted against predecessor auditors would have been their worst nightmare come true. 

Into the breach stepped Michael Oxley, a Republican Representative from the state of Ohio and well-known supporter of the accounting profession. Oxley was also the Financial Services Committee Chair in the House. Using the largely unsubstantiated argument that audit firm rotation would be far to costly, most of the burdensome responsibilities on corporations in the Act — CEO/CFO certification, SOX 404, new board and audit committee requirements, to name a few — were added by Oxley in exchange for giving the ax to mandatory audit firm rotation.  The happy ending for the AICPA was that not only could they avoid auditors auditing auditors, SOX 404 gave them a windfall in the form of new services for which they could charge an arm and a leg.   

The costs of SOX 404 have been absurd, and there is a lot of evidence that they will not abate without regulatory changes.  In their fifth annual study of corporate governance compliance costs, the law firm of Foley & Lardner report that although internal SOX 404 compliance cost  declined slightly in 2006, total  out-of-pocket costs associated with Sarbanes-Oxley compliance showed a double-digit percentage increase for companies both large and small.   Would you be surprised to know  that the largest area of cost increase was external audit fees?  I didn't think so. 

The combination of SOX and consolidation/attrition of the Big Eight down to the Final Four has created what one congressional witness characterized as the biggest windfall to audit partners in history.  The great irony is that instead of mandatory audit firm rotation, we now have mandatory loyalty to current auditors.