IMG_1259Today, I continue my exploration with Joe Howell about the Public Accounting Oversight Board (PCAOB), its scrutiny of public company auditors and how its work impacts the corporate compliance function. Yesterday, I ended with a discussion about goodwill, how hard it may be to calculate, its impairment and what that might mean for a Chief Compliance Officer (CCO) and how difficult it is to test for both goodwill and a proper impairment calculation. Today I want to continue to explore why any write-downs are significant for the compliance function as it might be a mechanism to hide money to fund bribes and engage in corruption.

I asked Howell about write-downs and how they might be used to hide monies generated to fund a bribe, in the context of an acquisition. Howell noted, “anytime you have to calculate what that original value is, if you have a spin-off, if you have some sort of massive write-down, then they’re going to want to take a look at that to see, How did you do that write-down? Did you do it to dress up your balance sheet, to make it a little prettier because you got rid of some intangibles because you didn’t want to have them anymore for other purposes? Or there was some sort of thing that was out of the ordinary that you did? Then they really want to look at that to make sure that there’s support for it.”

I then inquired about joint ventures (JVs) and asked if the same or similar rules would apply. Howell began by noting that an audit is focused on the external financial statements for the company taken as a whole as presented to financial statements. While that statement is in the context of what the final opinion focuses upon, it is important to recall that an audit builds up from its parts.

That means an auditor must build up from any JVs a company has and these areas that have the opportunity to create misstatements, mistakes, or completely fraudulent statements. The issues can go so far as to include Enron type of concerns where the company used fraudulent accounting to get “bad stuff” off of their balance sheet. I asked Howell if you have a JV that has engaged in transactions that were based on fraud and the profits from that JV roll up into the parents, i.e. the US Corporation’s balance sheet, that would be an appropriate inquiry for an external auditor? He said “Absolutely. If an auditor finds fraud that’s not material to the financial statements taken as a whole, their job is not over. They don’t pass on stuff because it’s immaterial. If they find fraud, they’re obligated to report it. Also, that they find fraud, then they’re obligated to explore to see if the weaknesses and the controls that permitted that fraud are found elsewhere.”

One of the key inquiries from a Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) investigation or enforcement action is around the issue of systemic failures of internal controls. Such failure is a sure remedy for the finding by the SEC for violation of the FCPA, even absent an affirmative finding of bribery. Howell said that a systemic inquiry from the auditing perspective is critical as well.

Howell said that if management is somehow involved in the colluding, then the auditors must “step back and take a hard look at what they’re going to be able to believe, if anything, that management has told them. If management is not involved and they have reason to believe that this is a bad actor somewhere in the organization, they’re not permitted to stop because it’s not material. They have to “move forward” with the inquiry.”

Interestingly, Howell not only draws a line from the FCPA to the Sarbanes-Oxley Act of 2002 (SOX) to the Dodd-Frank Act of 2010; but also draws a line from the PCAOB to corruption risk because of the pronouncements from the PCAOB about what the auditors have to look for in terms of risk. This is because he believes “every PCAOB inspection report to date has mentioned fraud. That the purpose of mentioning fraud is that the failures in the accounting control environment that permitted a transaction to go unreported or misreported are the kinds of things that undermine the entire credibility of the financial statements and mean that you’re not going to be able to rely on that control environment. Fraud is central to all of this.”

Howell went on to explain that fraud usually occurs because there are weaknesses in controls which are exploited by bad actors to get the money or the resources, if not money, to actually then pay a bribe that is the focus of the FCPA. The PCAOB’s focus on fraud is because the controls need to be in place and they focus on internal controls over financial reporting. Howell noted he has not seen any FCPA settlement that did not have a material impact on the company in one way or another. He concluded by stating, “how can you say that you’’re not dealing with material misstatements of the financial statements if you fail to report something that clearly is going to result in tens or hundreds of millions of dollars of penalties, disgorgement of profits, investigations, and tearing the company inside out in order to do the final remediation?”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

desk-and-suppliesToday we have Part II of my exploration with Joe Howell about the PCAOB and how its work with public company auditors impacts anti-corruption compliance.

I asked Howell about auditor rotation and what it means. Howell explained that the basic concept of auditor rotation is simply to keep fresh eyes on things because auditors may become complacent over time. Simply put auditors can get too familiar, too cozy with the clients. Yet the converse can also lead to problems as Howell noted, “almost every time there has been a fraud that has gone undetected or a major failure that has gone undetected for long periods of time, that has resulted from the fact that the auditors didn’t have enough experience to find the kinds of weaknesses that they’re talking about. That often happens when a new auditor is involved. That’s when things seem to go wrong.”

It is a loss of institutional knowledge that can cause problems. An auditor needs to be asking probing, independent questions and being independent in attitude as well as on paper. Howell noted the “other thing that you lose is that sense of deep understanding of the kinds of transactions, the history, and how things flow together. I think that balance is hard to draw, but it really points to the need that the client has to have a clear understanding of their processes themselves and how those processes are going to effect the controlled environment.”

For the compliance practitioner this can be where an auditor fails because there is fraud or some other form of collusion which could generate a pot of money to fund a bribe, there are going to be telltale signs or evidence somewhere, but those red flags might be missed because the client is not thinking clearly about how those red flags would be monitored and how they could detect them.

Inspection Focus is another area that the PCAOB is concerned about and while it may not immediately appear applicable to the compliance department I believe it can have a significant impact. This area focuses on judgments clients make, most generally around revenue recognition or more simply “rev rec”. Howell began by noting, the “number of mistakes are very high and often they’re challenging because when you somehow mischaracterize the top line, the rest of the financial statements change their character because of a number of things that have keyed off of what your revenue is. The other thing that’s true is that it also causes the rest of the financial statements to become questionable just because that most important number was not right.”

The rules that evolved in the 1990’s and early 2000’s made revenue recognition increasingly more complicated. Now companies are gearing up to transition to a new revenue recognition methodology that is a more principles-based practice that is going to affect all industries the same, meaning we no longer have separate revenue recognition approaches for different industries.

This transition is going to also create a lot of opportunities for mistakes and worse, fraudulent accounting to hide evidence of bribery and corruption. This could be through strategies as diverse as channel stuffing to evaluation of long-term contracts. Rev rec is an area that the compliance function needs to depend more highly on the auditing function to help detect either over-rides of internal controls or more simple failures.

This ties into Howell’s next point, which was accounting estimates. Typically, goodwill is perhaps the most challenging when you acquire a company and you have an excessive payment over what the assets that you identified as tangible assets. Howell said, “You end up with this intangible number goodwill, which needs to be tested for impairment. You can’t go judge the fair value of goodwill other than by an accounting estimate at one point in time when you made an acquisition, but the accounting rules now require that you go back and reassess that value from time to time and put an impairment charge against it if you feel that it’s not what you paid for to begin with.”

I found this analysis interesting as Matt Kelly raised this same issue in a blog post, entitled “Impairment Data Hints at Problems Ahead”, on his site, Radical Compliance. Matt and I also explored this issue in greater depth in our podcast “Compliance Into the Weeds – Episode 6”. Kelly’s basic thesis was that goodwill impairment would negatively impact compliance particularly after an acquisition, when the value of the acquired entity can drop significantly or even propitiously. Witness the HP goodwill impairment charge around its acquisition of Autonomy of nearly $5.5 billion.

This ties into Howell’s concerns from the auditing perspective because, “You can’t say what goodwill is based upon today without understanding that, “Hey, it’s based upon the value I’m going to receive over a period of time in the future.” That means that the auditors have to look to the work that’s being done by the people who prepare those projections and those are usually the Financial Planning and Analysis (FP&A) folks”, who typically do not have an appropriate level of documentation to support their analysis of goodwill value.

Moreover, FP&A is actually trying to drive behavior through these projections. Howell said they typically cannot provide either the specific documentation of analysis or even a history of results over time. This is because they “frequently are developing these projections to be aspirational. They’re trying to drive business behavior, not really trying to predict it. You end up with some issues that are creating strain in accounting organizations around the world.” Such an approach would certainly raise issues in a compliance realm.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

First InningYou might figure that the year I decide to jump back on the Houston Astros bandwagon, they go back in the tank. Last year they were one game away from the American League (AL) Championship. This year they have the third worst record in the AL, with a paltry .419 winning percentage. Is it too early in the season to draw any conclusions? I will leave that one up to you. And yet…

What are the lessons to be learned from allegations of corruption in the early stages of any investigation? Indeed, are there any lessons to be learned at all? If so when should you learn them? The FCPA Professor recently explored some of these issues in a blog post, entitled “Lesson Learned…”. Proving once again that the FCPA Professor and I can look at the same event or set of facts and see different things, I see significant lessons to be learned when reviewing ongoing Foreign Corrupt Practice Act (FCPA) or other significant matters, even when reported in the press. Or to use the Professor’s analogy, I believe it is both useful and appropriate to consider the ongoing results of the National Basketball Association (NBA) playoffs, on an ongoing basis and apply those results going forward.

Why should you consider reviewing events on an ongoing basis? When I look at these, I see information that could help the Chief Compliance Officer (CCO) or compliance practitioner going forward. I think Wal-Mart is a prime example. It really does not matter if you fall into the New York Times (NYT) or Wall Street Journal (WSJ) story camps; when the world’s largest retailer is on the front page, you can and should draw lessons from this applicable to your organization.

Such public reporting is a useful teaching paradigm for the FCPA practitioner. The day after the NYT broke the story I wrote a blog post about it and I called several client types (I am a proud card carrying member of FCPA Inc.) to make sure they were aware of the matter. Was it marketing? Or perhaps something more nefarious, like business development? How about the following – I wanted to make sure they were aware of it. Or a combination of all three? Does any of that lessen the messages to be learned from the NYT story about Wal-Mart? I would answer a resounding No.

The thing that struck me when I called around was how many CCOs had used the NYT front-page story about Wal-Mart as a teachable moment for several internal constituencies. These constituencies started with the C-Suite and the message was along the lines of this is what can happen if you do not have an effective compliance program in place. Several others used the Wal-Mart story as an opportunity to consider their internal use of facilitation payments; to explain to employees how they are defined under the FCPA and also to make sure they were properly recorded on the company’s books and records.

Was this in the first inning of Wal-Mart’s long trek FCPA investigation? Most probably, yet these CCOs were able to use this very public event as lessons learned for their organizations in a powerful and current events manner to help educate or reinforce.

What about the Unaoil matter? Once again, can the reported story provide anything worth writing about or commenting upon? I would certainly urge the answer is Yes. How could a CCO use the information in the Huffington Post story in the everyday doing of compliance? I can think of three immediate lessons to be learned that every compliance practitioner should take to heart and use going forward.

First and foremost, did your organization use Unaoil in any manner? If your organization has contracted with or has any contact with Unaoil in any company files you need to find out now as a Department of Justice (DOJ) subpoena could well be on its way. Second, as with Wal-Mart, can you utilize the discussion around Unaoil internally to educate senior management or others? Once again I think the answer is Yes and the most obvious way would be to discuss your risk management lifecycle of your third parties. Use this as an opportunity to explain that it is the management of the relationship which may well be the key element so that even if your due diligence was faulty you can demonstrate effective compliance. Finally, it is a very good reminder to review all of your third parties files to make sure they contain the required documentary evidence to support your compliance program. All of these lessons can be learned now, at the very beginning of the matter (first inning yet again).

Next, the Panama Papers. What can you draw from this event; even at the very beginning of what may be a very long slog? (Probably the top of the first inning.) As of today, you can review the 214,000 entities with offshore entities, in a searchable database. This is more than a lesson to be learned or even a teachable moment. This is a new resource available to anyone to use to find out if an entity their company is doing business with is who they say the are or even might be. This is information that is in the public domain, made available by the International Consortium of Investigative Journalism. You can search by jurisdiction or by country. It is axiomatic that when information becomes available a compliance practitioner should not only use it going forward but also use it to see if any third parties or counter-parties might need updating in your risk ranking.

As for the lesson to be learned, once again does your compliance department know with whom you are doing business with? Are you managing the relationship after the contract was signed? Have you Documented, Documented, and Documented the files and the relationship? When was the last time your business sponsor visited high-risk third parties to discuss your anti-corruption compliance program?

Information is critical to any best practices compliance program. Usually that information comes internally. Yet that information can also come from outside the organization. How many CCOs knew about Unaoil before the Huffington Post story? Or had thought about their company’s recordation of facilitation payments? Or had considered what it might mean if a third party was incorporated in Panama? I do not find any of the above to be scare mongering or even inappropriate questions to ask. For I have found it is always how you use information that forms the key inquiry; not when you obtain the information.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Big Data 3Earlier this year the Wall Street Journal (WSJ) ran a series called Journal Report entitled CIO Network. They met with and surveyed many Chief Information Officers (CIOs) over multiple business sectors. I found the entire section quite enlightening around the issues of big data and its uses by the compliance function and a Chief Compliance Officer (CCO).

In one panel the WSJ’s Rebecca Blumenstein spoke with Hilary Mason, the Chief Executive Officer (CEO) and Founder of Fast Forward Labs. I found her remarks quite useful for a CCO to consider. When asked what were some of the biggest misunderstandings about data, Mason replied that when people only look at individual data because it is more useful to “know what a population of people are doing.” Read More