The past year has brought many changes to the accounting investigations landscape. These changes reflect the evolving regulatory focus, as the SEC has shifted to an approach of targeting issuers regardless of headline appeal or gripping case facts and more so on identifying deficiencies in issuers of all shapes and sizes.
It is no secret that the SEC’s stoutest tool to preserve and sustain investor protection is through the Division of Enforcement. With a fiscal year1
FY16 enacted budget of $513 million — a 6% increase from FY15 — and 1,376 FY16 employees — a steady 3% bump from FY15 — the division is flush with the necessary resources and manpower to continue its aggressive enforcement, which has seen the number of new cases opened steadily grow year over year.2
The proliferation in enforcement activity in certain areas of focus in recent years, coupled with the commission’s new proactive strategy to identify registrants with a higher risk of restatement, has led to fewer issuer restatements. Accordingly, restatement issues, which had seen a spike from 2001–2006, have remained relatively flat over the past five years. Specifically, across all public companies over the past 14 years, restatements fell from a peak of 1,842 in 2006 to a low of 761 in 2009.3
The average number of annual restatements is now in the 800–850 range, proving that the SEC’s work is bearing fruit, and the regulatory environment, which has implemented legislation such as the Sarbanes-Oxley Act and more recently the changes mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act, has resulted in an increase in oversight over financial reporting. “Beyond these legislative, regulatory and industry developments, the commission’s enforcement actions in this area have also had a significant deterrent effect,” said Andrew Ceresney, director, Division of Enforcement for the SEC, in his 2016 Director’s Forum Keynote Address
Although the focus may have shifted away from restatements, the SEC is doubling down on issuer reporting and disclosure violations. “The financial reporting area will continue to be a high priority for our enforcement program,” SEC Chair Mary Jo White remarked at the 2015 AICPA National Conference. While these enforcement efforts have been part of the SEC’s responsibilities since the commission’s inception, the circumstances and intricacy of said enforcements have evolved. The SEC has more than doubled the number of issuer reporting and disclosure actions it has brought — from 53 actions in FY13 to 114 actions in FY15, excluding those cases based on delinquent filings and follow-on proceedings. The cases span a number of industries and companies of all shapes and sizes. Similar strides have been made in the number of parties for such violations: In the past two fiscal years, the SEC has charged 128 and 191 parties, respectively, and over 175 individuals, with issuer reporting and disclosure violations — a significant increase over previous years — proving that no individual or party is beyond being charged.4
Individuals were named in the majority of the SEC’s accounting cases, from high-ranking executives such as CEOs, CFOs and controllers, to audit committee chairs. Missing or insufficient material disclosures hinder investors’ ability to make informed investment decisions. The SEC has recently gone after companies that have failed to disclose things like executive perks and related-party disclosures.
The SEC has also focused on matters involving internal controls and has found Internal Controls Over Financial Reporting issues with frequency in its consultations with registrants. The SEC’s fear is that deficient internal accounting controls may lead to future misstatements or misconduct that will go undetected if it is not identified in its early stages. The SEC has brought charges for violations of the internal controls provisions of the federal securities laws, even in the absence of fraud charges. In March 2016, the SEC entered into settlement agreements against an oil company
, its executives and gatekeepers due to its alleged failure to properly implement, maintain and evaluate internal controls over financial reporting.5
This investigation was led by the SEC’s Financial Reporting and Audit Group, a growing resource that has been relied upon for the most sensitive and important cases. The group was created through a partnership with the Division of Economic Risk Analysis in 2013, and has taken a larger role in helping identify potential issues and registrants of concern.
Aside from the emphasis on accounting issues, the SEC has incorporated financial technology into its tools as a means of finding irregularities and trend regressions in large volumes of issuer data. This early detection of financial misconduct has turned the SEC from a reactive to a proactive regulatory arm with real-time tracking. The Corporate Issuer Risk Assessment Program, an internally created SEC tool, aggregates and organizes corporate issuer financial information, providing the enforcement division with a comprehensive overview of the financial reporting environment of registrants, which can be customized to search for anomalies. The more proactive the Enforcement Division can be by using data analytics, the earlier it can detect an issue that could have snowballed into something of greater consequence had it not been discovered early on. The enforcement division has also expanded its relationships with other regulatory agencies — including those within the SEC — to share information and jointly work on certain investigations that cross-reference one another.
Lastly, the SEC’s whistleblower policy has incentivized company insiders to step forward and report financial wrongdoing. With large awards being doled out, including a record $30 million payment to a whistleblower in FY14 for information leading to penalties paid by transgressors, the number of tips related to financial fraud has increased substantially since the inception of the program. The SEC expects both the whistleblower and cooperation programs to continue to be important components of its enforcement actions going forward.
More than two-thirds of general counsels believe that the current regulatory environment is a burden to their company. Additionally, the threat of cybersecurity incidents poses a significant and growing risk going forward. These trends, along with the positioning of the SEC to continue the increase in enforcement activities, suggest that more companies will eventually need to conduct an accounting or other type of investigation. At best, they will utilize valuable company resources to determine that the predication was not substantiated and no material issue exists. However, even if no material issues exist, a poorly handled investigation can end up costing your firm much more than it should have because the procedures performed end up being repeated or significantly expanded due to inadequate alleviation of concerns of outside auditors, outside counsel or regulators. With this in mind, there are some helpful practices and steps firms can take before and during an accounting investigation that may improve its efficacy.
Firms need to have a plan to deal with investigations involving financial reporting issues or evidence of asset misappropriation. The plan, which may include addressing whistleblower complaints6
, should indicate who needs to know about the issue. The board of directors and the audit committee, in particular, need to initiate the investigation and should consider whether they need to alert outside counsel, auditors, investor relations and insurance carriers. Document retention and preservation policies covering hard copy documents, electronic media and relevant IT systems should be in place, with capable individuals identified and given ownership and oversight of these policies.
Mobilize the necessary people
Once it is determined that an investigation is necessary, the audit committee will need to take on the responsibility of supervising and evaluating the results of the procedures. In most cases, the audit committee will need to consider alerting the outside auditors, particularly when the investigation involves senior management. The firm will need to have a document retention plan in place to ensure that potential evidence is preserved. The retention of reputable and capable outside counsel and forensic experts with little or no prior involvement with management may be vital. Experienced professionals can assist the firm in collecting evidence and being prepared to mitigate auditor and regulator concerns.
Develop an appropriate plan with proper scope
The audit committee and outside counsel should work together to develop an agreeable scope for the investigation and ensure that the auditor’s concerns, if any, are considered. The scope and plan should identify investigative tasks and specific procedures that will thoroughly explore the issues that prompted the investigation. Relevant sources of information and evidence — such as physical documents, electronic media and interviews of relevant personnel and other parties — should be identified.
Do it right the first time
Board or management concerns that investigators may unnecessarily expand the scope of the investigation are understandable. However, there is also risk that an investigation can significantly expand if management and/or board members are perceived by auditors or regulators to be less than forthcoming about questions, concerns or issues relevant to the investigation. Due care must be given to gathering and preserving evidence, including a documented chain of custody. Flexibility and adjustments to procedures may also be necessary as tangential or new issues arise in the course of the investigation. The loose-thread theory suggests that some indication of fraud, like loose threads, may be small and easily overlooked, but upon closer examination may be a sign of a much larger and pervasive problem. In this regard, it is prudent to assume that the matter at hand could end up in litigation. Those involved in an investigation should consider the skepticism with which a judge or jury would perceive the methods and vigor in which procedures were performed or not performed. Company personnel should be cooperative, and deadlines for filings or other constraints should not affect the quality of the investigation. High-quality communications between relevant, need-to-know parties should be a top priority. Public disclosures about the investigation may be necessary, and cooperation with SEC staff may also prove beneficial in some circumstances.
Complete the engagement with appropriate reporting
A written or oral report as it relates to the investigation performed should be provided that explains the scope, sources of information, procedures, observations and/or conclusions, and recommended corrective actions, if any. Be prepared for auditors to request information needed to document relevant aspects of the investigation in their work papers so they can assess the investigation and any impacts on their audit procedures. Written representations from management and the audit committee will also likely be requested.
Partner, Forensic Advisory Services, National Practice Leader — Litigation & Dispute Services
T +1 212 542 9810
Forensic Advisory Services
T +1 212 542 9725