By By Linda M. Leinicke, Joyce A. Ostrosky, and W. Max Rexroad
Recently, questions about the quality of corporate financial reporting have been coming from every quarter. According to SEC Chair Arthur Levitt, “we are witnessing an erosion in the quality of earnings, and therefore, the quality of financial reporting. Managing may be giving way to manipulation; integrity may be losing out to illusion.”
To examine these concerns from the front lines, we talked to several knowledgeable individuals to obtain their collective wisdom regarding best practices for quality financial reporting.
Setting the Tone at the Top
Interviewees agreed that quality financial reporting begins with senior management. “Senior management needs the right type of attitude and integrity,” SEC Chief Accountant Lynn Turner said. “They must be 100% ethical all of the time. They must constantly convey the message that high-quality financial reporting is a must.”
However, if senior management communicates that financial targets must be met at any cost, they create an environment ripe for “cooking the books.” “Senior management sets the tone,” said Allan Schulman, managing partner of Milbert Weiss, a securities class actions law firm in San Diego. “If management presses to achieve earnings targets by whatever means necessary, you’ll get an environment that breeds fraudulent financial reporting. Fraud starts at the top.” Art Wyatt, former FASB member and retired partner of Arthur Andersen, added that “if the troops in the field think management wants managed earnings, they’ll do it.”
To communicate and reinforce the tone from the top, management needs a written company code of ethics that spells out the penalties for manipulating the financial statements. “There should be a written policy about notifying the board of directors with respect to financial misdeeds within the company,” said Joe Wells, chair and CEO of the Association of Certified Fraud Examiners, “especially those of senior management.”
According to Kurt Moser, senior vice president of investments with State Farm Insurance, if senior management is in for the long haul, they will account for things differently than if they have a short-term perspective: “One way you can tell that senior management has a long-term orientation is to look at their accounting policies. Management is often pushed into the short-term world by expectations of analysts and investors for short-term results.”
The decline in quality financial reporting may be related to the internal control environment, a cornerstone of quality financial reporting. Arthur Andersen’s U.S. managing partner Steve Samek asserted that internal controls are under pressure. “Through downsizing, we took away middle managers who were a major part of the internal control environment,” Samek said. “It is clearly top management’s responsibility to prevent cooking the books.”
However, if senior management is perpetrating fraud, the external auditors may be hard-pressed to detect it because senior management has the most in-depth knowledge of the company as well as resources to override internal controls, and through collusion can cover up their fraud.
Board of Directors
The board of directors should set clear expectations for quality financial reporting and strongly endorse fair, as opposed to acceptable, financial reporting. Each board member must be knowledgeable of the industry, have sufficient knowledge of financial reporting, and be willing to ask tough questions and assess the answers.
“The board must be able to recognize a financial problem,” Moser said, “and they should feel a sense of urgency to attack it.” Albrecht gave some additional advice: “The board of directors should be sure the company’s numbers are realistic given those of other companies in the industry.”
All those interviewed strongly believe the majority of the board should be independent, have no significant financial interest in or dealings with the company, and have no significant financial or personal relationships with senior management. In addition, company employees should not dominate the board, and separate individuals should hold the positions of chair and CEO. “The chair controls the board’s agenda, and you don’t want the CEO in that role,” said Ken Julien, audit committee chair for TFS Systems.
Selecting the “right” CEO is a key function of the board. Julien believes that the board should take an active interest in the CEO and trust its own instincts. “They should look at the person’s track record,” he said. “For example, what companies has she been involved with in the past? Has she had any past SEC sanctions? A lot is ‘feel.’ Does the CEO talk about compliance jokingly or sincerely?”
Moser suggested five years as a useful timeframe for the long-term view that is necessary to achieve quality financial reporting. To balance the pressure of quarterly reporting that has led to questionable accounting procedures and the goal of financial reporting, the board should tie senior management’s stock options and bonus packages to achievable long-term financial results.
It’s Tough Work, but Somebody Has to Do It
The board must make sure that the audit committee’s charter clearly defines its responsibilities regarding the financial statements and assign the best-qualified directors to the audit committee.
“The board has a responsibility to make sure the audit committee is qualified to perform its role,” said Tony Ridley, retired director of internal audit at Ford Motor Company. “They can’t be absolved from that responsibility.”
Interviewees were in unanimous agreement that the members of the audit committee must be totally independent of the company. “If the chair of the audit committee is too close to the CEO, you will not get insightful questioning of management,” Wyatt said.
“The audit committee should be aggressive in questioning things on the financial statements and questioning certain controls,” Julien added. “The audit committee needs to be suspicious and skeptical. They need an appropriate knowledge base. They must ask the right questions and know when they get the wrong answers.”
For instance, forensic accountant Dave Walton suggested, “The audit committee should review significant transactions booked in the last ten days of each quarter. They should also look at the external auditor’s adjustments made and passed.”
Ridley made other suggestions: “It is very important that the audit committee review reserves and provisions for their quality and consistent application. There should be a comparison of reserves against prior levels and a comparison against practices of others in the industry. The audit committee should also receive forecasts of expected results by quarter and the full year. An explanation of variances should be reviewed once actual results are available. This analysis should include variances by financial statement line items to avoid earnings shortfalls being offset by provisions in other areas and not being explained.”
The audit committee should meet regularly with the CEO, CFO, treasurer, director of internal audit, external auditor, and controller, usually as a group but occasionally alone with each individual.
Schulman emphasized the importance of communicating with the controllers: “Controllers always know what is going on. The audit committee should call controllers and ask them if there are any problems. Controllers usually don’t get the big stock options, so they are less willing to go along with cooking the books.”
Ridley stressed that when the audit committee meets with the director of internal audit, the committee should ask about the “tone from the top” and how the culture of the organization deals with management dictating questionable practices.
Interviewees were divided on whether the audit committee should hire and fire the director of internal audit and the external auditors. Turner believes the audit committee should appoint the external auditors. Bill Thornhill, a forensic accountant, said that the audit committee should have the input of the full board. In his opinion, the audit committee should recommend the external audit firm to be engaged and the full board should make the final decision.
Auditors: Internal and External
To foster high-quality financial reporting, organizations need a highly respected, visible, independent, and competent internal audit function. The board, audit committee, and top management must support this group and communicate that internal auditing is valuable and necessary.
Internal auditors can play a pivotal role in quality financial reporting because they know the company, the personnel, the internal controls, and the company’s business risks. Internal auditors need to balance the auditing of financial reporting processes and operational auditing. The defined responsibilities of the internal auditors should include auditing financial reporting processes. “Too often, internal auditors want to leave the accounting and financial statement process to the outside auditors,” Ridley said. “Internal audit must ensure that accounting controls are in place and are adequate on a continual basis, not only at period end.”
Internal auditors generally do not have the same time and budgetary constraints as external auditors; therefore, involving them in auditing financial reporting practices makes sense.
The internal auditors should, where appropriate, proactively audit for fraud. However, according to Steve Albrecht, professor of accountancy and associate dean of the Marrlott School of Business at Brigham Young University, “some internal auditors have defined fraud as not being their responsibility. They look only at controls and efficiency of operations. They need to be much more involved in fraud prevention and detection. Fraud should be a defined, major responsibility of the internal auditors.”
The general consensus of the interviewees was that the external auditors are not in the best position to detect fraud. “The symptoms of cooking the books would be more obvious to management and the internal auditors,” Albrecht said. The single best way to improve audit quality is to encourage a high level of professional skepticism among audit staff, with training to recognize fraud symptoms and to follow up when they encounter a red flag.
Suggestions for Improvement
Corporate culture audit. A periodic “corporate culture audit” enhances the quality of financial reporting. A corporate culture audit is a comprehensive assessment of top management’s philosophies, attitudes, actions, and beliefs regarding ethical behavior, the control environment, and quality financial reporting. Such an audit could include a survey that asks employees the following questions:
In addition to survey responses, other items that indicate the corporate culture include—
Internal auditors are in the best position to perform a corporate culture audit. If the internal auditors do not perform this function, then the external auditors should carry it out. Either way, the results of the corporate culture audit should be reported to the audit committee.
Fraud prevention unit. Wells believes deterring fraud is more cost-effective than detecting it. But, he said, “In most companies, there is no unified fraud prevention effort.” Accordingly, he recommended that every organization should have a dedicated fraud prevention unit. This unit, possibly comprising auditors, investigators, attorneys, and human resources personnel, would handle all aspects of fraud: education, prevention, auditing, investigation, and prosecution. It should handle financial statement fraud as well as misappropriation of assets. The mere existence of a fraud prevention unit would serve as a deterrent to fraud and ultimately enhance financial reporting. Ideally, the director of this unit would report to the audit committee and not be subject to dismissal without the audit committee’s approval.
Penalties for cooking the books. Schulman believes that doing away with lucrative management compensation programs is unrealistic. “It is doable, however, to punish the management of companies that engage in financial fraud,” he said. “Significant financial penalties should be imposed by the board of directors on the personnel who are responsible.… [E]xecutives are compensated if the company reaches certain financial targets. For those same executives, why not cancel their stock options and bonuses if the company has to restate its numbers due to financial fraud?”
In addition to internal penalties, Levitt believes in imposing significant external penalties—including criminal prosecution—on executives responsible for financial statement fraud. Indeed, the CEO has the authority and the resources to implement policies and procedures to ensure quality financial reporting. How well the CEO carries out this function should be a part of performance measures and should impact compensation.
Background checks. Companies should make detailed background checks on senior management, not only at the time of hiring but periodically throughout an executive’s career. If this information is provided to the audit committee, the internal auditors, and the external auditors, pressure points that could lead to cooking the books might be identified.
Education. Several interviewees emphasized that education plays a significant role in improving the quality of financial reporting. “Universities need to better educate students about frauds that have happened historically,” Thornhill said. “What were the red flags? Future auditors must understand the past.”
Howard Schilit, president of the Center for Financial Research and Analysis, strongly concurred, adding that traditionally, auditors have had very poor fraud training. “They have no real knowledge of the major accounting blowups of the past,” Schilit said. “Accounting curricula do not emphasize past fraud cases. Entry-level auditors are oblivious to the signs of fraud. They lack an understanding of the right kind of questions to ask.”
In addition to better fraud education, Turner believes accounting students need solid instruction on ethics and professionalism. They must clearly understand their professional duty to the users of financial statements. q
authors would like to thank Toby J. F. Bishop, FCA, CFE, CPA, coordinating
partner of Arthur Andersen’s business fraud and investigation services practice,
for his help with this article.
Editors: The University of Georgia
John F. Burke, CPA
Dennis R. Beresford, CPA
The University of Georgia
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.