Public Company Internal Controls Requirements
Under federal law, public companies are responsible for devising and maintaining a system of internal accounting controls sufficient to reasonably assure that:
- transactions are executed in accordance with management authorization;
- transactions are recorded as necessary to:
- permit preparation of financial statements in conformity with GAAP; and
- maintain accountability for assets;
- access to assets is permitted only in accordance with management authorization; and
- recorded accountability for assets is compared with the existing assets at reasonable intervals, and appropriate action is taken regarding any differences.
Common Internal Controls Violations
Over the past few years, the SEC has increasingly enforced rules that require companies to maintain sufficient internal controls over financial reporting (“ICFR”). Despite this, a recent report by the Public Company Accounting Oversight Board (“PCAOB”) revealed that one of the most frequent audit deficiencies continues to be inadequate internal controls. Violations include:
- failing to devise and maintain adequate internal controls, as specified under Section 13(b)(2)(B) of the Securities Exchange Act of 1934 (“Exchange Act”);
- failure by management to evaluate the effectiveness of ICFR as of the end of each fiscal year, as required by Exchange Act Rule 13a-15(c);
- failure to maintain evidential matter, including documentation, to provide reasonable support for management’s assessment of the effectiveness of the ICFR, as required by Item 308 of Regulation S-K; and
- invalid certifications by the executives and financial officers that confirm that the Form 10-Q or 10-K does not contain any untrue statement of material fact or omit to state a material fact necessary to make the statements not misleading in light of the circumstances under which the statements were made, as required by Exchange Act Rule 13a-14.
Purpose of Internal Controls
Maintaining adequate ICFR provides companies, investors, and other interested parties with reasonable assurance that misstatements, omissions, and fraud will timely be prevented or detected. This assurance is especially critical in a time when external auditors have consistently failed to identify flaws in public companies’ ICFRs.
In 2016, the PCAOB inspected 12 publicly traded companies audited by PwC and found deficiencies in 10 of the audits related to testing controls for purposes of the of the ICFR opinion. PwC revised its opinion on internal controls in 6 cases. At Deloitte, the PCAOB identified problems in the internal-control audit for all 13 of the audits selected.
Internal Accounting Failures Results in a $22M SEC Whistleblower Reward
In a recent enforcement action, on August 30, 2016, the SEC issued a $22 million-plus award to a whistleblower who exposed that Monsanto had inadequate internal accounting controls to account for millions of dollars in rebates. Monsanto’s deficient controls caused it to materially misstate its earnings during a 3-year period. While the SEC investigation found no personal misconduct, the company was fined $80 million for the accounting violations.
SEC Chairman Mary Jo White stated, “Financial reporting and disclosure cases continue to be a high priority for the Commission and these charges show that corporations must be truthful in their earnings releases to investors and have sufficient internal accounting controls in place to prevent misleading statements.”
Additional Internal Controls SEC Enforcement Actions
Failure to Report Tax Liabilities of Controlled Foreign Subsidiary
On January 23, 2017, Overseas Shipholding Group Inc. (OSG) agreed to pay $5 million fine to the SEC to settle charges it failed to report hundreds of millions of dollars in tax liabilities for over a decade. According to the SEC’s order, OSG and its former chief financial officer, Myles Robert Itkin, failed to report a controlled foreign subsidiary’s federal income tax liabilities in financial statements from 2000 through 2012. This failure caused the company to significantly understate its net loss in that same period and ultimately file for bankruptcy in 2012.
Gerald Hodgkins, Associate Director of the SEC’s Enforcement Division, stated “Where public companies derive economic benefits from their offshore earnings, it is critical that those responsible for the company’s accounting and financial reporting understand the federal income tax consequences triggered from these benefits.”
Improper Revenue Recognition
On January 11, 2017, the SEC fined an aerospace contractor, L-3 Technologies Inc., $1.6 million for improperly recording revenue on contracts. In late 2013, L-3 realized that it was at risk of not meeting its performance target. In order to inflate revenue, and in violation of L-3’s revenue recognition policy, the VP of Finance directed employees to generate roughly 69 invoices and then recognize $17,9 million in income. This extra revenue allowed L-3 to meet its performance target and qualify for incentive bonuses. This practice of improperly recognizing revenue was not uncommon.
In total, L-3’s inadequate internal controls for revenue recognition led to inflated pre-tax income of $169 million. This caused the company to amend its SEC filing in October 2014. SEC Director Andrew Calamari noted, “[a]dequate internal accounting controls function as a critical safeguard against the type of improper revenue recognition that occurred at L3.”
SEC Whistleblower Rewards and Bounties
Under the SEC Whistleblower Program, whistleblowers may be eligible for monetary awards when they voluntarily provide the SEC with original information about violations that leads the SEC to bring a successful enforcement action that results in monetary sanctions exceeding $1 million. Whistleblowers are eligible to receive between 10% and 30% of the monetary sanctions collected.
Whistleblower Protections for SEC Whistleblowers
The SEC Whistleblower Program also protects the confidentiality of whistleblowers and does not disclose information that might directly or indirectly reveal a whistleblower’s identity. Furthermore, the Dodd-Frank Act protects whistleblowers from retaliation by their employers for reporting violations of securities laws.
SEC Whistleblower Attorneys
For more information about whistleblower rewards and bounties, contact the SEC whistleblower lawyers at Zuckerman Law at 202-262-8959.whistleblower_lawyers_012017_infographic