Fraud Prevention: Are Existing Deterrents Working?

...

Title IV of SOX is entitled Enhance Financial Disclosures and has many different sections. Section 404 is generally the one that causes most of the discussion and considerable debate in the accounting community. Section 404 gives the requirements for Management Assessment of Internal Controls as follows (US Code, 2002):

(a) RULES REQUIRED- The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall--

(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and

(2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

(b) INTERNAL CONTROL EVALUATION AND REPORTING- With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

Section 404 has caused and continues to cause debate because of the burdens it places on both management and auditors alike. Management has to issue a report on the state of their company’s internal control system, which to me has never made a great deal of sense. There is more than one way which I can see that such reports aren’t going be as accurate as SOX intends for them to be. First, I suspect many managers would have stated they had a more than adequate system even if they didn’t. Another way to skew such a report would be to self-report some minor deficiencies in the hope that nothing that was really wrong would be discovered. Look here, we did a thorough and honest job because we reported some deficiencies and are already working on fixes.

I know that the auditors issuing reports on the financial statements of the company must also attest to the management report and issue a report of their own on the internal controls. I know that some people would use that as a counterpoint to the possibility management might skew their internal report. Think about that. One of the main complaints from the auditing world is the amount of extra time and cost that must be spent attesting to and reporting on the internal controls – cost that must be passed on to their client. Am I to believe that zero auditors took what management reported and just accepted it as fact? While it bothers me to have negative opinions about people in the accounting profession, I have no problem believing that this went on and continues to go on.

Title IX of SOX is entitled White Collar Crime Penalty Enhancements. I, for one, would not argue in the least that penalty enhancements were needed. Section 906 of Title IX covers Corporate Responsibility for Financial Reports and generated the majority of the heartburn in the business world. Section 906 reads as follows (US Code, 2002):

(a) IN GENERAL- Chapter 63 of title 18, United States Code, is amended by inserting after section 1349, as created by this Act, the following:

Sec. 1350. Failure of corporate officers to certify financial reports

(a) CERTIFICATION OF PERIODIC FINANCIAL REPORTS- Each periodic report containing financial statements filed by an issuer with the Securities Exchange Commission pursuant to section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a) or 78o(d)) shall be accompanied by a written statement by the chief executive officer and chief financial officer (or equivalent thereof) of the issuer.

(b) CONTENT- The statement required under subsection (a) shall certify that the periodic report containing the financial statements fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act pf 1934 (15 U.S.C. 78m or 78o(d)) and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer.

(c) CRIMINAL PENALTIES- Whoever--

(1) certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $1,000,000 or imprisoned not more than 10 years, or both; or

(2) willfully certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $5,000,000, or imprisoned not more than 20 years, or both.'.

I agree with the spirit of this section which I paraphrase as:

CEOs are on the hook now for the validity and integrity of the financial reports and will be penalized for certifying “misleading, dishonest…etc.” whether they unknowingly or willfully did so.

Absolutely, the CEOs should always have been on the hook for the validity of financial reports. My problem with how Section 906 is worded is when it says fined not more than $1,000,000 and/or imprisoned for a maximum of 10 years and so on. How many of the CEOs are worried about a 1-5 million dollar fine? How many of them have been getting both a fine and a prison sentence? How many of them believe that anybody convicted is ever going to get close to the maximum sentence? A good percentage of them don’t because fraud is still happening. I’ll address that later in the recommended solutions of the paper.

I could certainly share many more sections of SOX and hammer away at what, if anything, I feel is wrong with them. However, I suspect that will be a bit tedious for readers. I’ve made it clear I don’t like the parts of SOX that are intended to be deterrents to fraud. I certainly don’t believe that all of SOX was bad. I think in some way, shape, or form that SOX was necessary. I believe in the parts of it that make CEOs accountable and I believe in the parts of it that make auditors more accountable. If those two groups of people had the market cornered on integrity, SOX would never have been necessary.

The question as time has gone forward Post-SOX