By Michael Braverman, Special for USDR
Financial statement misstatements tend to get attention…though not the kind companies are typically looking for. When they are called on, management, employees, and the company’s auditor take a big pause; how and why did this occur, was it something we knew or should have known was a risk, was it a surprise, or heaven forbid, was it intentional? Then, the action plan: alert the board and audit committee, retain independent counsel, who then retains a forensic accounting firm, get the PR firm ready, etc. Large amounts of time, money, and headaches could have been avoided had the company just noticed the issue(s) sooner.
While the initial inclination may be to blame the accounting folks, the fact is any number of individuals in an organization may be involved, from the CEO, to those performing bank reconciliations and even those in non-financial roles, such as sales and marketing personnel. A manager whose bonus is tied to sales might provide information to the accounting department that is not in accordance with GAAP or inadvertently overlook informing the accounting folks of side agreements. The perhaps unreasonable demands of a company executive may increase pressure on certain individuals to “make the numbers.” Or it might just be an unusual transaction subject to complex accounting rules, significant estimates or both. Of course, collusion, or the concerted effort of a few bad actors, is another consideration. Although hindsight may lead to an explanation of what went wrong, there are measures companies and its management can take to help spot, stem, and mitigate the risks of accounting misstatements before reports are filed and press releases are published.
Internal Controls
A strong internal control environment, including management’s tone at the top, is essential to protect against errors, irregularities, and other potential issues. The creation of the Sarbanes-Oxley Act of 2002 (“SOX”), for example, was intended to hold public companies, their management and employees responsible for the quality of financial reporting and compliance with relevant internal control requirements. SOX Section 404 requires that annual reports include an internal control report stating that management is responsible for an “adequate” internal control structure as well as an assessment by management of its effectiveness. Any shortcomings must also be disclosed. Additionally, SOX Section 302 requires the principal executive and financial officers, i.e., CEO and CFO, to certify the accuracy of the company’s financial report and that its financial statements and other financial information contained therein are presented fairly. External auditors are required to report to those charged with governance any significant deficiencies and material weaknesses identified during their work, which provides a further incentive, even for privately held organizations, to have adequate systems of internal controls. Or, consider it a disincentive to avoid the adverse consequences.
A strong, well-planned, internal control framework that is periodically reevaluated can reduce the risk of misstatement due to errors and irregularities. For example, proper segregation of duties between individuals that originate, approve, and post transactions provides each person in the process the opportunity to evaluate related accounting entries for propriety. Additionally, IT controls around data entry and validation can provide an additional layer of protection against errors. By limiting the information a clerk can enter into the system (i.e., using a locked cell reference or requiring a selection from a drop-down category list) will further limit errors in the processing and posting of entries to an accounting system. Such examples of a strong control environment can easily be seen to mitigate risks related to misstatement.
Companies that have internal audit functions should consider including in its annual plan, procedures to review the controls and processes as well as the reasonableness of periodic account balances for areas known to be higher risk.
Higher Risk Accounting Areas/Consultations With Outside Accounting Experts
U.S. Generally Accepted Accounting Principles (“GAAP”), the authoritative body of accounting guidance, is extremely comprehensive, and for some types of transactions, complex. Additionally, accounting for certain transactions and events necessitates the use of estimates and involves an inherent amount of judgment. And although some transactions may be considered routine, they can nonetheless be improperly accounted for–by simple error or intentionally, e.g., making adjustments to move expenses to assets at period-end to increase earnings.
Occasionally an entity may not internally possess the technical accounting expertise to properly record a complex, unusual or infrequently occurring transaction or account balance. Because independence rules limit consultations with a company’s independent auditor regarding proposed accounting treatment, in such situations an entity should consider conferring with a third-party accounting expert.
Rigorous Closing Process
A rigorous, well-planned closing process may help identify account balances that may require particular attention. Various types of reviews of financial data can be performed such as vertical, horizontal and per unit type analyses that may highlight large and seemingly unusual balances, aged accounts, unexpected trends and other results that might warrant further review. For efficiency, the treatment for new transactions that may involve particularly complex accounting treatment can be considered when such transactions arise, rather than during the closing process.
Similar to the SOX 302 requirement noted earlier, as part of the closing process, consider having individuals responsible for certain functions provide internal certifications evidencing their “sign-off” with respect to his/her individual role and responsibility. Requiring others within the organization to provide internal certifications regarding their functional responsibility holds them accountable for information others may inherently rely upon. For example, where a company has a high-number of customers with individually customized terms, request the sales manager certify that all terms and conditions (including written and verbal side agreements), among other sales information, have been provided to the accounting department
Conclusion
As year-end approaches for calendar-year entities, now is a good time for management, audit committees and those charged with governance and oversight to reconsider the quality of its internal controls, closing process and internal policies and procedures so it can mitigate the risks associated with misstatements.
Michael Braverman is a partner in the New York office of Resolution Economics, providing expert and consulting services in connection with complex accounting and finance driven issues including forensic investigations, regulatory enforcement actions, audit/accounting malpractice, damages, post M&A disputes and commercial litigation.
0
0