Enron Story and ERP Implications History October 16, 2001 – Enron (one of the world’s largest electricity and natural gas traders) reported a $618 million third-quarter loss and disclosed a $1.2 billion reduction in shareholder equity. This was partly because of partnerships run by its CFO Andrew Fastow. Until then, Enron had been a rapidly growing firm that was revolutionizing the energy business and making their investors millions. Former CEO Jeffrey Skilling had helped transformed the company from a natural gas pipeline company to a global marketer and trader of energy. Employees of the company encouraged to invest large portions of their 401K retirement savings accounts in Enron stock by matching employee contributions. October 17, 2001 – The day after they reported their major loss, the SEC sent a letter asking for information about the loss. SEC dedicated to protecting investors and maintaining the integrity of the securities markets. Enron’s high-flying business practices immediately began to fall apart. October 22, 2001 – Shares of Enron stock sank more than 20% Two days later, Enron fired Fastow. November 8, 2001 – Arthur Anderson, which was Enron’s auditing firm received a federal subpoena for documents related to Enron. December 2, 2001 – Enron filed for the largest chapter 11 bankruptcies in history. Clearly the accounting records made public from Enron did not reflect the financial health of the company. Problem As Enron’s services became more complex, its stock soared, and CFO Fastow created partnerships between Enron and companies involved in Internet broadband technologies, computer technology, and energy. Some of these partnerships were faked to mask billions of dollars in debt, which allowed managers to shift debt off the books Also, Enron owned a lot of subsidiaries, but made sure that it owned no more than 50% of the voting stock. Because of this, Enron was able to keep the debt and assets of these subsidiaries off of Enron’s books. These clever accounting practices prevented Enron from having to report a much higher percentage of debt. Arthur Anderson did the auditing of Enron’s financial statements for years. A highly regarded accounting firm, AA issued annual reports attesting to the validity of Enron’s financial statements. The worst part of AA’s indictment was the destruction of documents. Anderson employees were told to work overtime if necessary to accomplish the destruction of the documentation. The next few weeks yielded shredding of paper documentation and the deletion of hundreds of computer files. Outcome 20,000 + creditors will receive about one-fifth of the approximate $63 billion dollars they owned Enron Shareholders will receive nothing, meaning that employees that invested in the company’s 401K program lost their investment Thousands of people lost their jobs and 31 individuals are facing trial or have pleaded guilty to criminal charges. ( Jeffrey Skilling, Kenneth Lay) Pleaded innocent to fraud and conspiracy Andrew Fastow faces the most charges. ( fraud, money laundering, conspiracy, and others) June 15, 2002 – jurors convicted AA for obstructing justice when they destroyed Enron documents while under investigation. Housekeeping ??? AA sentenced to 5 years probation, and $500,000 dollars, but since has been dismantled. 28,000 down to 250 people left in organization. As a result of Enron’s collapse, the Sarbanes-Oxley Act of 2002. The act was designed to prevent the kind of fraud and abuse that led to the Enron downfall. Sarbanes-Oxley Act Designed to encourage top management accountability, Since top executives usually claim that they are unaware of what happens in the company below them in corporate scandals. Title IX – adds requirements that financial statements filed with the SEC must include a statement signed by the CEO and the CFO that the financial statement complies with SEC rules. Title II of the act addresses auditor independence and limits the non-audit services that an auditor can provide. Prohibited (Legal services, HR functions, Management functions, etc) Title IV – is Enhanced Financial Disclosures, which specifies more stringent requirements for financial reporting. Includes an outline of managements responsibility for establishing and maintaining adequate internal control over financial reporting and assesses the effectiveness of its internal control over financial reporting. Also, addresses timeliness of reports, and may require companies to file an SEC report within two days of a significant trigger event. Implications of the Sarbanes-Oxley Act for ERP systems Important to note that it is unlikely that an ERP system can prevent all fraud, but companies that have ERP system in place will have an easier time complying with the Sarbanes Oxley Act. Ways in which SAP R/3 and Other ERP systems can prevent corporate fraud and abuse. Archiving **** A new SAP R/3 user will notice there are Few ways to delete items. There are options for creating, changing, and displaying but NOT simply deleting. Closest option is Flag for deletion. Before a material can be deleted from the SAP R/3 system, a User must create an auditable record of its existence. Data is removed from the SAP R/3 system only after they have been recorded to media (tape backup, DVD-R) for permanent storage. This is known as an archive. Allows auditors to reconstruct the company’s position at any point in the past. Not only does the system require archiving before data can be deleted, but it also keeps track of when data are created or changed. Example: If data could be freely deleted, an employee could create a fictitious vendor, post an invoice from the vendor, have payment made for the fake invoice to a Swiss bank account, and then delete all records of the transaction making detection of the fraud difficult. User Authorizations**** In the example just mentioned, the employee made payments to a fictitious vendor. This can be prevented with User authorizations and separation of duties. SAP R/3 has sophisticated user administration tools to ensure that employees can perform only the transactions required for their jobs. It provides tools for different levels of authorization management. SAP controls user authorizations through PROFILE GENERATOR. It provides a simple method for selecting the functions that a user should be allowed to perform. Example: If a user is assigned the task of managing materials masters and bills of materials, then that person can perform any of the transactions involved with that particular role. This can be shown on page 130. Tolerance Groups **** One way ERP makes sure employees don’t exceed their authority in financial transactions is by setting limits on the SIZE of transactions that an employee can process. In an ERP system, this is done using Tolerance Groups (Pre-set limits on an employee’s ability to post transactions. Tolerance groups: Set limits on the dollar value for a single item in a document and the Total value of the document Also it sets limits on payment differences. Example: a customer has been invoiced for $1005 but accidentally sends in a check for $1000. The cost of requesting and processing a second payment of $ 5.00 would cost both parties more than the $5.00 error. In this case it is better to just accept the $1000 payment in full and account for the difference as a variance. A default tolerance group will be set, If an employee is not assigned to any other tolerance group, then by default the limits in the default group apply. As with authorizations, it is a safe policy to define a Default Tolerance Group with LOW LIMITS. Financial Transparency ***** Key feature of any ERP system is the ability to drill down from a report to the source documents that created it. IF sales figures for a region look suspiciously HIGH, the user can double-click the figure in the report and drill down to review the specific sales orders that comprise the overall sales figures to verify the RESULTS. The ability to drill-down from reports to transactions makes it easier for auditors to confirm the integrity of the reports. Example: Two items make up the $8,810.00 raw material consumption. If a manager wants to know more on what caused the expense, he/she could click the detail button which will provide detailed information on the expense. With a properly configured ERP system, there are Direct Links between the company’s financial statements and the individual transactions that make up the statements, so that fraud and Abuse can be detected more easily.