Describe Fraud in Financial Statements and Sarbanes-Oxley Act Requirements

One of the most common ways companies cook the books is by manipulating revenue accounts or accounts receivables. Proper revenue recognition involves accounting for revenue when the company has met its obligation on a contract. Financial statement fraud involves early revenue recognition, or recognizing revue that does not exist, and receivable accountings, used in tandem with false revenue reporting. HealthSouth used a combination of false revenue accounts and misstated accounts receivable in a direct manipulation of the revenue accounts to commit a multibillion-dollar fraud between 1996 and 2002. Several chief financial officers and other company officials went to prison as a result.

Many companies may go to great lengths to perpetuate financial statement fraud. Besides the direct manipulation of revenue accounts, there are many other ways fraudulent companies manipulate their financial statements. Companies with large inventory balances can misrepresent their inventory account balances and use this misrepresentation to overstate the amount of their assets to get larger loans or use the increased balance to entice investors through claims of exaggerated revenues. The inventory accounts can also be used to overstate income. Such inventory manipulations can include the following:

• Channel stuffing: encouraging customers to buy products under favorable terms. These terms include allowing the customer to return or even not pick up goods sold, without a corresponding reserve to account for the returns.
• Sham sales: sales that have not occurred and for which there are no customers.
• Bill-and-hold sales: recognition of income before the title transfers to the buyer, and holding the inventory in the seller’s warehouse.
• Improper cutoff: recording sales of inventory in the wrong period and before the inventory is sold; this is a type of early revenue recognition.
• Round-tripping: selling items with the promise to buy the items back, usually on credit, so there is no economic benefit.

These are just a few examples of the way an organization might manipulate inventory or sales to create false revenue.

One of the most famous financial statement frauds involved Enron, as discussed previously. Enron started as an interstate pipeline company, but then branched out into many different ventures. In addition to the internal control deficiencies discussed earlier, the financial statement fraud started when the company began to attempt to hide its losses.

The fraudulent financial reporting schemes included building assets and immediately taking as income any projected profits on construction and hiding the losses from operating assets in an off-the-balance sheet transaction called special purpose entities, which are separate, often complicated legal entities that are often used to absorb risk for a corporation. Enron moved assets that were losing money off of its books and onto the books of the Special Purpose Entity. This way, Enron could hide its bad business decisions and continue to report a profit, even though its assets were losing money. Enron’s financial statement fraud created false revenues with the misstatement of assets and liability balances. This was further supported by inadequate balance sheet footnotes and the related disclosures. For example, required disclosures were ramped up as a result of these special purpose entities.

Internal Controls at HealthSouth

The fraud at HealthSouth was possible because some of the internal controls were ignored. The company failed to maintain standard segregation of duties and allowed management override of internal controls. The fraud required the collusion of the entire accounting department, concealing hundreds of thousands of fraudulent transactions through the use of falsified documents and fraudulent accounting schemes that included revenue recognition irregularities (such as recognizing accounts receivables to be recorded as revenue before collection), misclassification of expenses and asset acquisitions, and fraudulent merger and acquisition accounting. The result was billions of dollars of fraud. Simply implementing and following proper internal control procedures would have stopped this massive fraud.

The Enron scandal and related financial statement frauds led to investors requiring that public companies maintain better internal controls and develop stronger governance systems, while auditors perform a better job at auditing public companies. These requirements, in turn, led to the regulations developed under SOX that were intended to protect the investing public.

Since SOX was first passed, it has adapted to changing technology and now requires public companies to protect their accounting and financial data from hackers and other outside or internal forces through stronger internal controls designed to protect the data. The Journal of Accountancy supported these new requirements and reported that the results of SOX have been positive for both companies and investors.

As discussed in the Journal of Accountancy article, there are three conditions that are increasingly affecting compliance with SOX requirements:

• PCAOB requirements. The PCAOB has increased the requirements for inspection reports, with a greater emphasis on deficiency evaluation.
• Revenue recognition. The Financial Accounting Standards Board has introduced a new standard for revenue recognition. This requirement has led to the need for companies to update control documentation.
• Cybersecurity. Cybersecurity is the practice of protecting software, hardware, and data from digital attacks. As would be expected in today’s environment, the number of recent cybersecurity disclosures has significantly grown.

Under current guidelines, instead of the SOX requiring compliance with just the financial component of reporting and internal control, the guidelines now allow application to information technology (IT) activities as well. A major change under the SOX guidelines involves the method of storage of a company’s electronic records. While the act did not specifically require a particular storage method, it did provide guidance on which records were to be stored and for how long they should be stored.

The SOX now requires that all business records, electronic records, and electronic messages must be stored for at least five years. The penalties for noncompliance include either imprisonment or fines, or a combination of the two options.