Transcript Document
Auditor Liability
By Joe Dryer, Ph.D., JD Breakaway Systems LLC This presentation is for educational and informational purposes only. Any use of the materials herein should be in conjunction with advice from a licensed attorney.
2
Overview
Pre-Enron laws (still generally in effect) Motivation for Sarbanes-Oxley Act (SOX) SOX environmental changes – IT merging with financial accounting – SEC policies and capabilities – Individual protections and responsibilities Insurance and company protections Joe Dryer ©2003 [email protected]
3
Qualifications
Much of this discussion comes from securities laws and many companies do not strictly fall within the jurisdiction of these laws (non profit, privately-held, too small, etc.) There has been much discussion that most companies will conform –
Creditors will require conformity
– –
A company wanting to grow, merge or do an IPO must conform States have discussed application to non profits
Joe Dryer ©2003 [email protected]
4
Pre-Sarbanes-Oxley (SOX) Exchange Act of 1934
13b2-1 prohibits any person from directly or indirectly falsifying certain books, records, or accounts. 13b2-2 prohibits any director or officer of an issuer from directly or indirectly making a materially false or misleading statement . This rule applies to statements made (1) to accountants in connection with required audits or examinations of financial statements or (2) in the preparation or filing of documents or reports required to be filed with SEC.
Joe Dryer ©2003 [email protected]
5
Private Securities Litigation Reform Act of 1995 (PSLRA)
Each required audit shall include, in accordance with generally accepted auditing standards – –
procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts procedures designed to identify material related party transactions
–
an evaluation of the ability of the issuer to continue as a fiscal year. going concern during the ensuing
Joe Dryer ©2003 [email protected]
6
PSLRA Required Response To Audit Discoveries
If, in the course of conducting an audit the independent public accountant becomes aware of information indicating that an illegal act (whether or not material) has or may have occurred, the accountant shall inform management and assure that the audit committee of the issuer is adequately informed, unless the illegal act is clearly inconsequential. Joe Dryer ©2003 [email protected]
7
PSLRA - Failure To Remedy
The public accountant shall directly report its conclusions to the board of directors if the illegal act is material and the senior management has not taken timely and appropriate remedial actions with respect to the illegal act, and this is reasonably expected to warrant departure from a standard report resignation from the audit engagement or The board, or failing that, the auditor must report this to the SEC Joe Dryer ©2003 [email protected]
8
PSLRA 2
nd
Party Liability
Scienter
- Plaintiffs must plead with particularly at the outset of the litigation, before the plaintiff has obtained any discovery, that the auditor acted with an intent to defraud or a reckless indifference to the truth or accuracy of the statement made.
Proportionate Liability
- substituted proportionate liability for joint and several liability as the standard of damages in securities litigation. Auditors liable to a smaller percentage of losses than management unless it made a knowingly false statement
No RICO
- denied the ability to assert a RICO claim in any case that can be pled as a securities fraud claim. No triple damages.
Joe Dryer ©2003 [email protected]
9
DSAM Global Value Fund v. Altris
Software, 288 F.3d 385 (9th Cir. 2002)
“the complaint sets out a compelling case of negligence – perhaps even gross negligence – but does not give rise to a strong inference that the auditor acted with an intent to defraud , conscious misconduct, or deliberate recklessness, as is required in a securities fraud case.” “[t]he plaintiff must prove that the accounting practices were so deficient that the audit amounted to no audit at all, or an egregious refusal to see the obvious, or to investigate the doubtful, or that the accounting judgments which were made were such that no reasonable accountant would have made the same decisions if confronted with the same facts.” Joe Dryer [email protected]
©2003
10
In re Enron Corp. Securities, Derivative
and ERISA Litigation (SD Tex 2002)
Claims of security fraud against Enron’s outside directors dismissed as they failed “to raise a strong inference of scienter” Found that claims against several secondary actor defendants, such as Enron’s outside auditor Arthur Andersen, several investment banks, and Enron’s attorneys, could proceed under Section 10(b). Joe Dryer [email protected]
©2003
11
Enron Conundrum
Accounting fraud is profitable
Formalistic accounting – GAAP trumps “materially misleading”
Collusion in fraud
Lack of responsibility
– Sergeant Schultz Defense ("I know nothing.") Joe Dryer ©2003 [email protected]
12 Joe Dryer ©2003 [email protected]
13
Listed Companies Restating 4% 3% 2% 1% 0% 1997 1998 1998 NASDAQ NYSE AMEX 2000 2001 2002
Joe Dryer [email protected]
©2003
14
SEC Record of Enforcement FY 2000 - 2002
Total Enforcement actions filed Financial fraud and issuer reporting actions filed Officer and director bars sought (in all categories of cases) Temporary Restraining Orders filed (in all categories of cases) Asset Freezes (in all categories of cases)
FY 2000
503 103 38 33 56
FY 2001
484 112 51 31 43
FY 2002
598 163 126 48 63 Trading Suspensions Subpoena enforcement proceedings Disgorgement Ordered (in millions)* 11 8 $463 2 15 11 19 $530 $1,328 Penalties Ordered (in millions)* $43.70 $56.10 $116.40 * Includes amounts disbursed to the NASD as part of the Credit Suisse First Boston settlement. Joe Dryer ©2003 [email protected]
15
Rite Aid SEC Complaint
CEO and CFO both permitted improper vendor deductions to continue even after other Rite Aid personnel raised with them in 1995 the question of whether the practice was proper.
The only documentation backing up quarterly adjustments was a hand-written schedule prepared by CFO, showing eleven separate accounts that he wanted credited. The CFO personally determined the gross profit entries (>100 MM) without input or review by anyone. These entries were completely unsubstantiated. The CFO provided, and directed his staff to provide, false and misleading information to KPMG. The false information included, among other things, Rite Aid's books and records, unaudited financial statements, and bank records. Joe Dryer ©2003 [email protected]
16
Internal Auditor’s Options
Raise issues – to who?
– Management – – Board of directors Accounting committee of board – Governmental watchdogs Join Quit Joe Dryer ©2003 [email protected]
17
IIA Position Paper on Whistleblowing
“Some internal auditors, however, may not be afforded a means to deal appropriately with findings that involve violations of law, rules, regulations, or damage to public health or safety. Internal auditors may find resolving such matters difficult if they do not have access to an Audit Committee comprised solely of independent directors with a written charter setting forth the duties and responsibilities of the Committee, and with adequate resources and authority to discharge Committee responsibilities. Also, the problems may be compounded if the internal auditing organizations are not independent when they carry out their work and do not have organizational status sufficient to permit the accomplishment of their auditing responsibilities in accordance with the
Standards
. In such situations, the auditor is obligated by The IIA's
Standards
and Code of Ethics to report through the normal channels and, if necessary, ultimately to the Board of Directors and to ensure that the matter is resolved satisfactorily within a reasonable period of time .” Joe Dryer [email protected]
©2003
18
Or---
If the matter is not resolved satisfactorily, or the auditor is terminated, or subject to other retaliation, the auditor should secure the advice of outside counsel regarding further action.
Joe Dryer ©2003 [email protected]
19
Internal Control Report
PRE SOX – nothing POST SOX – As directed by section 404 of SOX, the SEC requires that annual reports (for FY ending after 6/15/2004 for most large companies) must contain an “internal control report” describing internal controls for financial reporting Joe Dryer ©2003 [email protected]
20
Internal Control Statements to be Included in the Annual Report
Management’s responsibility for establishing and maintaining adequate internal control ; Identification of the framework used by management to conduct the required evaluation; Management’s assessment of the effectiveness of the company's internal control, including disclosure of any “material weaknesses”; and A statement that the auditing accounting firm has issued an attestation report on management's assessment.
Joe Dryer [email protected]
©2003
21
SEC Rule on Internal Controls
17 CFR 210, 228, 229, 240, 249 and 274
”management cannot delegate its responsibility to assess its internal controls over financial reporting to the auditor.” ”management must base its evaluation of the effectiveness of the company’s internal control over financial reporting on a suitable, recognized control framework.” (e.g. COSO Framework and C
OBI
T) Joe Dryer ©2003 [email protected]
22
SEC Rule on Internal Controls
“ inquiry alone generally will not provide an adequate basis assessment” for management's “in conducting such an evaluation and developing its assessment of the effectiveness of internal control over financial reporting, a company must maintain evidential matter, including documentation , to provide reasonable support for management's assessment of the effectiveness of the company's internal control” Joe Dryer [email protected]
©2003
23
SEC Rule on Internal Controls
“a company must disclose any change in its internal control over financial reporting that occurred during the fiscal quarter covered by the quarterly report, or the last fiscal quarter in the case of an annual report, that has, or is reasonable likely to have, materially affected, the company's internal control” “a company will have to determine whether the reasons for the change constitute material information necessary to make the disclosure about the change not misleading” Joe Dryer ©2003 [email protected]
24
SOX Section 303 Application to IT
“We believe that section 303 of the Act includes all accountants auditing or reviewing an issuer's financial statements or issuing attestation reports.” RIN 3235-AI67 * engaged in Final Rule:Improper Influence on Conduct of Audits SEC The asterisk points directly to a reference to section 404 Internal Control auditor attestation Joe Dryer ©2003 [email protected]
25
Executive Officers & Directors, Improper Influence
PRE SOX - Under state law fiduciary principles and applicable federal securities laws, officers, directors could be liable to the company and/or shareholder for causing materially false corporate financial reports. POST SOX – As directed by section 303 of the SOX, the SEC enacted §240.13b2-2 on representations and conduct in connection with the preparation of required reports and documents. SEC says this is “ consistent with previous law , rules and cases.” But: Joe Dryer ©2003 [email protected]
26
§240.13b2-2 – Misleading Statements
(a) No director or officer of an issuer directly or indirectly: shall, (1) Make or cause to be made a materially false or misleading statement to an accountant … ; or (2) Omit to state , or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which such statements were made, not misleading ,,, Joe Dryer ©2003 [email protected]
27
§240.13b2-2 – Misleading Statements
Misleading statements prohibited are those made in connection with: (i) Any audit, review or examination of the financial statements of the issuer required to be made pursuant to this subpart; or (ii) The preparation or filing of any document or report required to be filed with the Commission pursuant to this subpart or otherwise. Joe Dryer [email protected]
©2003
28
§240.13b2-2 – Misleading Statements
(b)(1) No officer or director of an issuer, or any other person acting under the direction thereof , shall directly or indirectly take any action to coerce, manipulate, mislead, or fraudulently influence any independent public or certified public accountant engaged in the performance of an audit or review of the financial statements of that issuer that are required to be filed with the Commission pursuant to this subpart or otherwise if that person knew or should have known that such action, if successful , could result in rendering the issuer's financial statements materially misleading. Joe Dryer [email protected]
©2003
29
Examples of §240.13b2-2 Improper Influence Prohibited Conduct
To issue or reissue a statement that is not warranted in the circumstances; Not to perform procedures required by professional standards; Not to withdraw an issued report; or Not to communicate matters to an issuer's audit committee. Joe Dryer ©2003 [email protected]
30
Destruction, Alteration, Falsification of Records (PRE SOX)
Anyone who "corruptly persuades" others to destroy, alter or conceal evidence can be prosecuted under 18 U.S.C. § 1512. – – Reaches destruction of evidence with intent to obstruct an official proceeding that may not yet have been commenced. Section 1512 does not reach the “individual shredder .” 18 U.S.C. § 1505 does not require “corrupt persuasion” but it does require the existence of a pending proceeding. Joe Dryer [email protected]
©2003
31
Destruction, Alteration, Falsification of Records (POST SOX)
Section 801 prohibits the alteration, destruction or falsification of records, documents or tangible objects , by any person , with intent to impede, obstruct or influence, the investigation or proper administration of any “matters” within the jurisdiction of any department or agency of the United States, or any bankruptcy proceeding, or in relation to or contemplation or proceeding. of any such matter Violation imposes penalty of a fine or not more than 20 years in prison or both. Joe Dryer [email protected]
©2003
32
Destruction, Alteration, Falsification of Records (POST SOX)
Section 1102 added a new criminal provision, 18 USC 1512, prohibiting any attempt to – corruptly alter, destroy, mutilate, or conceal a record, document, or other object with the intent impair the object ’s integrity or availability for use an official proceeding to in – otherwise obstructs, influences, or impedes any official proceeding Violation entails a fine or up to 20 years prison, or both.
’’.
Joe Dryer [email protected]
©2003
33
Destruction of Audit Records
PRE SOX - No general legal duty that an accountant maintain client files for a particular time interval. POST SOX - SEC under SOX authority requires accounting firms to retain for seven years certain records relevant to their audits and reviews of issuers' financial statements, including an accounting firm's workpapers and certain other documents containing conclusions, opinions, analyses, or financial data related to the audit or review .
Joe Dryer [email protected]
©2003
34
SOX Enforcement Started
Thomas C. Trauger, a former E&Y partner was arrested September 25, 2003 for altering and destroying audit working papers.
In the criminal complaint, he was charged with one count of obstructing the examination of a financial institution ( 5 years in imprisonment and fine of $250,000), and one count under the SOX of falsification of records in a federal investigation ( 20 years in prison and a fine of $250,000).
Joe Dryer ©2003 [email protected]
35
Statute of Limitations for Private Right of Action
PRE SOX - Allowed for a suit to be brought within 1 year after discovery of violation or 3 years after occurrence of violation.
POST SOX - Section 804 establishes a statute of limitations for claims of fraud, deceit, manipulation, or contrivance in contravention of a regulatory requirement concerning federal securities laws years within 2 after discovery of facts constituting the violation or 5 years after such violation.
Joe Dryer [email protected]
©2003
36
Whistle-blower Protection
POST SOX - Section 806 prohibits public companies, their officers, employees, contractors and agents from retaliatory actions against employees who assist in proceedings involving alleged securities violations and provides an administrative process for employees seeking relief for violators. Also, the section provides for a civil action based on a violation of the section. Joe Dryer ©2003 [email protected]
37
Penalties for Retaliation
PRE SOX – No explicit protection from retaliation for an individual who provides truthful information to a law enforcement officer POST SOX - Section 1107 provides for a new subsection (e) of 18 U.S.C. § 1513, which creates a felony offense for any person knowingly to take any action, with intent to retaliate, harmful to a person who provides such information concerning a federal offense. An offense is subject to a fine or imprisonment of not more than 10 years or both.
Joe Dryer ©2003 [email protected]
38
Accounting Complaints
PRE SOX – No mandated complaint handling.
POST SOX - Section 301 requires the Audit Committee to establish procedures to receive and respond to complaints received regarding accounting and auditing matters and procedures to receive confidential, anonymous complaints from employees regarding accounting and auditing matters Joe Dryer ©2003 [email protected]
39
Certification of Financial Reports
PRE SOX – No statutory requirements.
POST SOX - SEC requires that the CEO and the CFO provide a statement certifying the periodic reports filed with SEC. Certifying a report while knowing that it does not comport with all of the requirements of § 1350 is punishable by a fine up to $1 million and imprisonment of up to 10 years . A willful violation is punishable by a fine up to $5 million and imprisonment of up to 20 years. Joe Dryer ©2003 [email protected]
40
Certification
As part of the CEO/CFO certification, management must certify that they have reported to the Audit Committee – – all significant deficiencies in the design or operation of internal controls which could adversely affect the registrant's ability to record, process, summarize and report financial data and have identified for the registrant's auditors any material weaknesses in internal controls.
any fraud, whether or not material , that involves management or other employees who have a significant role in the registrant's internal controls.
Joe Dryer ©2003 [email protected]
41
Subcertification
Sarbanes-Oxley requires only the CFOs and CEOs certify their company's financial statements.
In an AFP survey of financial professionals, one third of those providing information used in company reports were asked by their company to sign an affidavit vouching for, or certifying, the accuracy of the information that they provide. Nearly all corporate practitioners report that when presented with an affidavit, they had signed the document.
Joe Dryer ©2003 [email protected]
42
Subcertification
Article in
Corporate Counsel
described GC at an REIT who refused request by PWC auditors that he also sign CEO and CFO’s attestation.
– CEO and CFO covered by D&O insurance, not GC acting as legal professional – SEC fines, court judgments, fraudulent behavior and reporting malfeasance generally not covered by D&O insurance – Had no knowledge of GAAP or audits Joe Dryer ©2003 [email protected]
43
Enhanced Penalties for Exchange Rule Violations
PRE SOX – U.S.C. § Section 32(a) of the Exchange Act, 15 78ff, provides for a criminal fine of $1 million for individuals and/or imprisonment of up to 10 years, or a fine of $2.5 million for anyone other than an individual.
POST SOX – Section 1106 increases penalties under the Exchange Act up to $5 million or imprisonment of not more than 20 years and increases the fine up to $25 million for persons other than a natural person.
Joe Dryer [email protected]
©2003
44
$103 million not spent
Joe Dryer
2002 2003 SEC BUDGET
©2003
2004
45
Corporate Fraud Task Force Priorities
Falsification of financial information , including false accounting entries and false transactions designed to evade regulatory oversight; Self-dealing by corporate insiders Obstruction of justice designed to conceal either of these types of criminal conduct, particularly when that obstruction impedes the regulatory inquiries of the SEC or other agencies.
Joe Dryer ©2003 [email protected]
46
Charging a Corporation: Factors to Be Considered
4. the corporation's timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents , including, if necessary, the waiver of corporate attorney-client and work product protection 6. the corporation's remedial actions, including … any efforts to replace responsible management, to discipline or terminate wrongdoers , to pay restitution, and to cooperate with the relevant government agencies 8. the adequacy of the prosecution of individuals responsible for the corporation's malfeasance; Joe Dryer ©2003 [email protected]
47
DOJ Cooperation Quote
“Another factor to be weighed by the prosecutor is whether the corporation appears to be protecting its culpable employees and agents . Thus, a corporation's promise of support to culpable employees and agents, either through the advancing of attorneys fees, through retaining the employees without sanction for their misconduct, or through providing information to the employees about the government's investigation may be considered by the prosecutor in weighing the extent and value of a corporation's cooperation.” “ Prosecutors should rarely negotiate away individual criminal liability in a corporate plea .” Joe Dryer ©2003 [email protected]
48
Principles of Federal Prosecution
9-27.420 Plea Agreements -- Considerations to be Weighed A. In determining whether it would be appropriate to enter into a plea agreement, the attorney for the government should weigh all relevant considerations, including: 1. The defendant' s willingness to cooperate in the investigation or prosecution of others; Joe Dryer ©2003 [email protected]
49
Elements of Commercial Fraud
Misrepresentation of some fact. Knowledge that the fact was false or reckless disregard of the truth .
Reliance by receiver on the fact.
That is reasonable .
Damages that were caused by the misrepresentation. Joe Dryer ©2003 [email protected]
50
Privity of Contract
Many courts have held an accountant does not owe a duty to the public at large unless: – the accountant is aware that the report in question is to be used for a particular purpose – – a party known to the accountant is intended to rely on the report conduct by the accountant must link the accountant to plaintiff’s reliance. Due diligence investigations?
Joe Dryer ©2003 [email protected]
51
SAS70 audits implicated?
The PCAOB draft audit standard of 7 October 2003 states:
B25. The use of a service organization does not reduce management’s responsibility to maintain effective internal control over financial reporting. Rather, management should evaluate controls at the service organization, as well as related controls at the company, when making its assessment about internal control over financial reporting.
Joe Dryer ©2003 [email protected]
52
Commercial Fraud and Privity
A college sued Coopers for professional negligence and for breach of contract-for failure to detect and notify the board of treasurer’s illegal, inappropriate, and highly risky investments. College awarded $12.65 million for negligence and $378,000 for breach of contract.
Board of Trustees of Community College Dist. No. 508 v. Coopers & Lybrand
JNL alleged that E&Y’s audits of electronics wholesaler Kent International Associates, Ltd., to whom JNL was a lender, were negligent and fraudulent. E&Y’s motion to dismiss was denied since JNL sufficiently alleged a relationship approaching privity with E&Y, and that JNL had properly alleged fraud.
Jackson National Life Ins. Co. v. Ernst & Young
Joe Dryer ©2003 [email protected]
53
D&O Insurance
In several recent cases, courts have ruled that the D&O policy proceeds, due to its inclusion of corporate (entity) coverage, are part of the corporation’s assets and awarded bankruptcy trustees the proceeds to satisfy creditors.
In a few, recent high profile cases, D&O insurers have attempted to rescind coverage as a result of a financial restatement since the policy was issued based on the understanding that the financial statements were accurate.
D&O insurer will rescind policy once fraud is admitted or if a company otherwise materially misrepresents its risks during the D&O application process.
Joe Dryer ©2003 [email protected]
54
Crime Pays?
SEC ordered Xerox executives to pay $22.5 million in accounting fraud, including $19.4 million disgorgement of “profits attributable to the fraud” Xerox said its bylaws required it to reimburse executives’ disgorgement, with the money to come from D&O AIG is asking a state court in New York City to void the D&O insurance since it was issued under false pretenses due to the accounting fraud. Joe Dryer ©2003 [email protected]
55
Summary
Sarbanes-Oxley, directly and indirectly, materially expands individual liability for problems judged after-the-fact
Individuals should educate themselves on their professional responsibilities and rights
Run a clean ship and document
Joe Dryer ©2003 [email protected]