Internal Control over Financial Reporting (ICFR)
Under federal law, publicly traded companies are responsible for devising and maintaining a system of internal accounting controls sufficient to reasonably assure that:
- transactions are executed in accordance with management authorization;
- transactions are recorded as necessary to:
- permit preparation of financial statements in conformity with GAAP; and
- maintain accountability for assets;
- access to assets is permitted only in accordance with management authorization; and
- recorded accountability for assets is compared with the existing assets at reasonable intervals, and appropriate action is taken regarding any differences.
SEC Whistleblower Program
Under the SEC Whistleblower Program, whistleblowers may be eligible for monetary awards when they voluntarily provide the SEC with original information about violations, including inadequate internal controls, that leads the SEC to bring a successful enforcement action that results in monetary sanctions exceeding $1 million. Whistleblowers are eligible to receive between 10% and 30% of the monetary sanctions collected. If represented by counsel, a whistleblower may submit a tip anonymously to the SEC.
Since 2012, the SEC Whistleblower Office has issued nearly $1 billion in awards to whistleblowers. The largest SEC whistleblower awards to date are $114 million and $50 million. See below for details about a $22 million award to an SEC whistleblower who exposed inadequate internal accounting controls.
Qualifying for an SEC Whistleblower Award
For more information about the SEC Whistleblower Program, see our eBook Tips from SEC Whistleblower Attorneys to Maximize an SEC Whistleblower Award. Click below to hear SEC whistleblower lawyer Matt Stock’s tips for SEC whistleblowers:
Inadequate Internal Accounting Controls
Over the past few years, the SEC has increasingly enforced rules that require companies to maintain sufficient internal controls over financial reporting (“ICFR”). Despite this, a recent report by the Public Company Accounting Oversight Board (“PCAOB”) revealed that one of the most frequent audit deficiencies continues to be inadequate internal accounting controls. Violations include:
- failing to devise and maintain adequate internal controls, as specified under Section 13(b)(2)(B) of the Securities Exchange Act of 1934 (“Exchange Act”);
- failure by management to evaluate the effectiveness of ICFR as of the end of each fiscal year, as required by Exchange Act Rule 13a-15(c);
- failure to maintain evidential matter, including documentation, to provide reasonable support for management’s assessment of the effectiveness of the ICFR, as required by Item 308 of Regulation S-K; and
- invalid certifications by the executives and financial officers that confirm that the Form 10-Q or 10-K does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements not misleading in light of the circumstances under which the statements were made, as required by Exchange Act Rule 13a-14.
Purpose of Internal Accounting Controls
Maintaining adequate ICFR provides companies, investors, and other interested parties with reasonable assurance that misstatements, omissions, and fraud will timely be prevented or detected. This assurance is especially critical in a time when external auditors have consistently failed to identify flaws in public companies’ ICFRs.
In 2016, the PCAOB inspected 12 publicly traded companies audited by PwC and found deficiencies in 10 of the audits related to testing controls for purposes of the ICFR opinion. PwC revised its opinion on internal controls in 6 cases. At Deloitte, the PCAOB identified problems in the internal-control audit for all 13 of the audits selected.
As former SEC Chair Arthur Levitt recently noted in a Wall Street Journal op-ed, “[g]ood internal controls are essential bulwarks against sloppiness, errors and irregularities. An audit might make sure that inventories are reported accurately, or that vendors are legitimate, or that cybersecurity policies and antihacking protocols are implemented effectively. Auditors may review internal emails to detect potential fraud. They can see into the regular operations of a company and, if empowered, call out the kinds of mistakes or malfeasance that leads to major financial restatements and other market-moving events.” In cautioning against a proposal to exempt more companies from internal control audits, Chair Levitt notes that from 2014-16, exempted companies had a restatement rate of 11.2%, while similarly sized companies still subject to the audit requirements had a rate of 6.2%.
Internal Controls Prevent and Reveal Fraud
Recent ground-breaking research about internal control deficiencies underscores the critical role of internal controls in detecting and preventing fraud. In an August 2017 article titled Internal Control Weakness and Financial Reporting Fraud published in Auditing: A Journal of Practice & Theory, the authors demonstrate a strong correlation between material weaknesses and future fraud revelation. A summary of the article in CFO notes that about 30% of fraud revelations were preceded by reports of material weakness.
SEC Enforcement Actions
Inadequate Internal Accounting Controls Lead to $22M SEC Whistleblower Award
In a recent enforcement action, on August 30, 2016, the SEC issued a $22 million award to a whistleblower who exposed that Monsanto had inadequate internal accounting controls to account for millions of dollars in rebates. Monsanto’s deficient controls caused it to materially misstate its earnings during a 3-year period. While the SEC investigation found no personal misconduct, the company was fined $80 million for the accounting violations.
SEC Chairman Mary Jo White stated, “Financial reporting and disclosure cases continue to be a high priority for the Commission and these charges show that corporations must be truthful in their earnings releases to investors and have sufficient internal accounting controls in place to prevent misleading statements.”
Additional SEC Enforcement Actions Against Inadequate Internal Accounting Controls
Inaccurate Accounting of Reserves for Annuity Benefits
On December 18, 2019, MetLife, Inc. agreed to pay $10 million to settle charges that it violated the books and records and internal accounting controls provisions of the federal securities laws relating to two errors in its accounting for reserves associated with its annuities businesses. In particular, MetLife improperly released reserves for annuity benefits associated with MetLife’s Retirement and Income Solutions Business – that is, reducing liability for future policy benefits, which resulted in a corresponding increase in income. To correct the error, MetLife increased reserves by $510 million pre-tax. The SEC’s order also finds that MetLife overstated reserves and understated income relating to variable annuity guarantees assumed by a MetLife subsidiary. MetLife disclosed that this error was caused by data mistakes, including a failure to properly incorporate policyholder withdrawals into MetLife’s valuation model. To correct this error, MetLife reduced reserves by $896 million as of year-end 2017.
Failure to Report Tax Liabilities of Controlled Foreign Subsidiary
On January 23, 2017, Overseas Shipholding Group Inc. (OSG) agreed to pay $5 million fine to the SEC to settle charges it failed to report hundreds of millions of dollars in tax liabilities for over a decade. According to the SEC’s order, OSG and its former chief financial officer, Myles Robert Itkin, failed to report a controlled foreign subsidiary’s federal income tax liabilities in financial statements from 2000 through 2012. This failure caused the company to significantly understate its net loss in that same period and ultimately file for bankruptcy in 2012.
Gerald Hodgkins, Associate Director of the SEC’s Enforcement Division, stated “Where public companies derive economic benefits from their offshore earnings, it is critical that those responsible for the company’s accounting and financial reporting understand the federal income tax consequences triggered from these benefits.”
Improper Revenue Recognition
On January 11, 2017, the SEC fined an aerospace contractor, L-3 Technologies Inc., $1.6 million for improperly recording revenue on contracts. In late 2013, L-3 realized that it was at risk of not meeting its performance target. In order to inflate revenue, and in violation of L-3’s revenue recognition policy, the VP of Finance directed employees to generate roughly 69 invoices and then recognize $17,9 million in income. This extra revenue allowed L-3 to meet its performance target and qualify for incentive bonuses. This practice of improperly recognizing revenue was not uncommon.
In total, L-3’s inadequate internal controls for revenue recognition led to inflated pre-tax income of $169 million. This caused the company to amend its SEC filing in October 2014. SEC Director Andrew Calamari noted, “[a]dequate internal accounting controls function as a critical safeguard against the type of improper revenue recognition that occurred at L3.”
Failure to Maintain Adequate Internal Controls to Prevent Insider Trading
On August 21, 2017, hedge fund Deerfield Management Company L.P. paid approximately $4.6 million to settle charges that it failed to maintain adequate controls to prevent the misuse of inside information. According to the SEC’s complaint, a former government employee with inside information about upcoming CMS decisions concerning Medicare and Medicaid reimbursement rates related to cancer treatments or kidney dialysis tipped two analysts at a hedge fund. The hedge fund was paying him approximately $193,000 to provide political intelligence consulting. The hedge fund’s use of this suspicious information violated its procedures barring insider trading.
Insufficient Controls Resulting in Unauthorized Payments to Executives
On December 11, 2017, took enforcement action against a biotechnology company for its failure to maintain sufficient controls surrounding the reporting and disclosure of travel and entertainment expenses submitted by its executives. The company’s former CEO treated the company “as his personal piggy bank,” obtaining millions of dollars from the company using limited, fabricated, or non-existent expense documentation, and these unauthorized perks and benefits were not disclosed to investors. Examples include cosmetic surgery for friends and personal travel. The company’s “insufficient internal accounting controls contributed to and failed to detect these improper and unauthorized payments, which were not accurately recorded in the company’s books and records.”
SEC Whistleblower Rewards and Bounties
If you have information that may qualify for an SEC whistleblower award, contact the Director of our SEC whistleblower practice at firstname.lastname@example.org or call our leading SEC whistleblower lawyers at (202) 930-5901 or (202) 262-8959. All inquiries are confidential.
In conjunction with our courageous clients, we have helped the SEC halt multi-million dollar investment schemes, expose violations at large publicly traded companies, and return funds to defrauded investors. Read our tips for SEC whistleblowers and Forbes column about the success of the SEC whistleblower program.
As discussed in our articles, the SEC whistleblower program has become a very effective enforcement tool for the SEC. But very few whistleblowers have received awards, which underscores the importance of having experienced counsel represent a whistleblower effectively at the SEC.
- MarketWatch: More than 33,000 tips, $2.5 billion in financial remedies and $500 million in awards to investors — the SEC’s whistleblower program turns 10 years old today
- Going Concern: Here Are 6 Reasons Why the SEC Whistleblower Program Is Successful
- National Law Review: 5 Ways that Experienced SEC Whistleblower Law Firms Can Effectively Advocate for Whistleblowers
- D&O Diary: How the SEC Whistleblower Program Has Changed Corporate Compliance and SEC Enforcement
Whistleblower Protections for SEC Whistleblowers
The SEC Whistleblower Program also protects the confidentiality of whistleblowers and does not disclose information that might directly or indirectly reveal a whistleblower’s identity. And the Dodd-Frank Act protects whistleblowers from retaliation by their employers for reporting violations of securities laws to the SEC.
In addition, the whistleblower protection provision of the Sarbanes-Oxley Act protects disclosures about deficient internal controls. On the fifteenth anniversary of SOX, the SOX whistleblower lawyers at Zuckerman Law released a free guide to the SOX whistleblower protection law: Sarbanes-Oxley Whistleblower Protection: Robust Protection for Corporate Whistleblowers.
The guide summarizes SOX whistleblower protections and offers concrete tips for corporate whistleblowers based on lessons learned during years of litigating SOX whistleblower cases.
SEC Whistleblower Law Firm
- See our column in Forbes: One Billion Reasons Why The SEC Whistleblower-Reward Program Is Effective.
- See our column in Going Concern: Sarbanes-Oxley 15 Years Later: Accountants Need to Speak Up Now More Than Ever.
- See our post in Accounting Today: Whistleblower Protections and Incentives for Auditors and Accountants.
Click here to read reviews and testimonials from former clients.
SEC Whistleblower Attorneys
SEC Whistleblower Process