Lessons from SEC Enforcement on Mitigating the Risk of Financial Reporting Fraud
The Anti-Fraud Collaboration (AFC), a group consisting of the Center for Audit Quality, the Institute of Internal Auditors, Financial Executives International, and the National Association of Corporate Directors, has released Mitigating the Risk of Common Fraud Schemes: Insights from SEC Enforcement Actions. The report, prepared with the assistance of law firm Latham & Watkins and consulting firm AlixPartners, is based on an analysis of SEC enforcement actions between January 1, 2014 and June 30, 2019. It identifies 204 financial statement fraud schemes involving accounting or auditing issues. The objective of the study is “to provide observations on higher risk areas that are susceptible to fraud and insights into what companies can do to identify and mitigate these types of fraud risks more effectively.” The AFC believes that its analysis will be “valuable to members of the financial reporting supply chain (board of directors, audit committees, financial management, internal auditors, and external auditors) as well as regulators, anti-fraud professionals, investors, customers, extended enterprises, service organizations, and other stakeholders.”
Common Fraud Schemes and Where They Occur
The AFC found the four most common types of fraud were improper revenue recognition, reserves manipulation, inventory misstatement, and loan or other impairment issues.
The greatest number of fraud schemes identified in the AFC’s analysis related to improper revenue recognition attributable to timing, valuation, fictitious revenues, or percentage of completion. There were 60 such cases in 81 enforcement actions, or 40 percent of the 204 fraudulent financial reporting SEC enforcement actions.
Cases involving reserves accounted for 28 of the actions or about 14 percent. Reserves-related violations included manipulation or improper reduction of reserves, timing of reserves and recording of expense, manipulation or misclassification of expenses, improperly calculated rebate/expense accruals, and failure to recognize liabilities.
Misstatement and manipulation of inventory (including misstating cost of sales and misstating or overstating inventory) constituted 12 percent of the cases.
Impairment and allowances cases (timing of impairment, including loan impairment deferral, failure to record asset impairment, faulty valuations, and improper reserves manipulation) were 8 percent.
Frauds identified in the study also sometimes involved misleading or inaccurate disclosures (78 instances), material weaknesses in internal control (44 instances), and unsupported journal entries (11 instances). The report discusses specific examples of each type of fraud.
The report also provides some data concerning the types of companies and defendants in SEC financial reporting fraud cases during the study period. The five industries in which companies were most frequently charged with financial fraud were Technology Services, Finance, Energy, Manufacturing, and Healthcare. Thirty-nine percent of the enforcement actions involved companies with less than $250 million in market capitalization, while 22 percent involved companies with between $250 million and $ 2 billion in market capitalization. Not surprisingly, in financial reporting cases the company itself is typically charged. However, individuals are also often named. Company CFOs are the most charged employees, followed by CEOs, and other employees, such as chief accounting officers, other accounting department employees, and sales personnel.
Causes of Financial Reporting Fraud
Based on the SEC’s descriptions of the facts and circumstances that potentially contributed to the fraud schemes, the report describes three principal causes of financial reporting fraud.
Tone from above. “Through their actions and communications, leaders articulate and exemplify a certain set of ethical and behavioral standards and expectations. They also--intentionally or not--foster a culture that permeates the organization. Leaders who set and follow ethical standards will have a positive influence on the standards their employees follow.”
High-pressure environment. “A high-pressure environment may demand that employees meet unrealistic goals, for example, or may cause employees to feel their jobs are threatened if they do not circumvent certain standards or procedures.”
Lack of personnel with sufficient accounting experience or training. “As the landscape of accounting rules and the ways in which companies operate are everchanging, there may be a continual need to refresh and update your employees’ skill sets. Companies should strive to keep employees informed and up to date on best practices, new guidance, and potential emerging risks.”
Fraud Risk Mitigation Oversight
To mitigate fraud risks, the board and audit committee, management, internal auditors, and external auditors need “to be attuned to quantitative and qualitative metrics, including the company’s culture and tone at the top (and middle).” The report discusses steps that can aid in that process.
Culture and skepticism. “Culture can serve a ‘gap filling’ function when individuals on the front lines encounter circumstances not contemplated by their policies and procedures and need to make decisions. The actions companies take in such scenarios reflect a great deal about the company’s culture.” The report suggests questions companies should consider asking when employees “diverge from cultural expectations, compliance mandates, or legal requirements”.
Executive and board oversight. The report lists four ways in which the board and senior management can enhance their oversight: (1) Ask the right questions (ensure that the board is engaged, especially in challenging economic times); (2) Assess the identified risks (scrutinize whether control activities are properly carried out and whether risk assessment concerns are addressed); (3) Consider corporate culture (a proactive approach to corporate culture can deter misconduct and promote enhance morale and productivity); and (4) Pay attention to red flags. (for example, whistleblower or employee hotline complaints or compensation practices that reward behavior that can lead to fraudulent activities).
Risk assessment and analytics. Data analytics can be a useful tool in identifying financial statement fraud risks. Some sources to consider include “sales journal entries, accounts receivable, customer and vendor master lists, and sub-ledgers that can include inventory, capital expenses, and outstanding loans.” Geographic location is also a consideration in fraud risk assessment, since a significant number of frauds occur outside the U.S., and some locations are recognized as higher risk.
Financial Reporting Fraud Risk in the Current Environment
The AFC report discusses the likelihood of financial reporting fraud due to COVID-19 disruptions. The authors’ present a laundry-list of financial reporting fraud schemes that may be more prevalent in the COVID-19 environment, such as fabrication of revenue to offset losses, understatement of accounts receivable reserves as customers delay payments, manipulation of compliance with debt covenants, overstated business interruption insurance claims that sweep in costs unrelated to the pandemic, and cookie jar reserves by companies that may be outperforming expectations during the pandemic. The report notes that pandemic-induced remote work may impact “operating procedures, segregation of duties, and associated internal controls, which can leave companies vulnerable to emerging fraud risks” and may create new types of cybersecurity risks. The AFC also discusses the importance of assessing the impact of COVID-19 on disclosure obligations, particularly in areas that are susceptible to judgment and manipulation.
Comment: The AFC concludes: “The key to protecting companies against fraud is vigilance, a continued resolve to exercise skepticism, and attention to the potential risks. Companies should remain focused on the fundamentals— controls, processes, and environments that impact financial recordkeeping and decision-making—and company-specific risks by conducting regular risk assessments.” The report is a good reminder for audit committees of how financial reporting frauds occur and a checklist of some of the oversight measures that can be taken to help prevent or detect fraud.