Auditor Liability Joe Dryer, Ph.D., JD Breakaway Systems LLC By This presentation is for educational and informational purposes only. Any use of the materials herein should be in conjunction with advice from a licensed attorney. 2 Overview Pre-Enron laws (still generally in effect) Motivation for Sarbanes-Oxley Act (SOX) SOX environmental changes – IT merging with financial accounting – SEC policies and capabilities – Individual protections and responsibilities Insurance and company protections Joe Dryer ©2003 jdryer@breakawaysystems.com 3 Qualifications Much of this discussion comes from securities laws and many companies do not strictly fall within the jurisdiction of these laws (nonprofit, privately-held, too small, etc.) There has been much discussion that most companies will conform – – – Creditors will require conformity A company wanting to grow, merge or do an IPO must conform States have discussed application to nonprofits Joe Dryer ©2003 jdryer@breakawaysystems.com 4 Pre-Sarbanes-Oxley (SOX) Exchange Act of 1934 13b2-1 prohibits any person from directly or indirectly falsifying certain books, records, or accounts. 13b2-2 prohibits any director or officer of an issuer from directly or indirectly making a materially false or misleading statement. This rule applies to statements made (1) to accountants in connection with required audits or examinations of financial statements or (2) in the preparation or filing of documents or reports required to be filed with SEC. Joe Dryer ©2003 jdryer@breakawaysystems.com 5 Private Securities Litigation Reform Act of 1995 (PSLRA) Each required audit shall include, in accordance with generally accepted auditing standards – – – procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts procedures designed to identify material related party transactions an evaluation of the ability of the issuer to continue as a going concern during the ensuing fiscal year. Joe Dryer ©2003 jdryer@breakawaysystems.com 6 PSLRA Required Response To Audit Discoveries If, in the course of conducting an audit the independent public accountant becomes aware of information indicating that an illegal act (whether or not material) has or may have occurred, the accountant shall inform management and assure that the audit committee of the issuer is adequately informed, unless the illegal act is clearly inconsequential. Joe Dryer ©2003 jdryer@breakawaysystems.com 7 PSLRA - Failure To Remedy The public accountant shall directly report its conclusions to the board of directors if the illegal act is material and the senior management has not taken timely and appropriate remedial actions with respect to the illegal act, and this is reasonably expected to warrant departure from a standard report or resignation from the audit engagement The board, or failing that, the auditor must report this to the SEC Joe Dryer ©2003 jdryer@breakawaysystems.com 8 PSLRA 2nd Party Liability Scienter - Plaintiffs must plead with particularly at the outset of the litigation, before the plaintiff has obtained any discovery, that the auditor acted with an intent to defraud or a reckless indifference to the truth or accuracy of the statement made. Proportionate Liability - substituted proportionate liability for joint and several liability as the standard of damages in securities litigation. Auditors liable to a smaller percentage of losses than management unless it made a knowingly false statement No RICO - denied the ability to assert a RICO claim in any case that can be pled as a securities fraud claim. No triple damages. Joe Dryer ©2003 jdryer@breakawaysystems.com 9 DSAM Global Value Fund v. Altris Software, 288 F.3d 385 (9th Cir. 2002) “the complaint sets out a compelling case of negligence – perhaps even gross negligence – but does not give rise to a strong inference that the auditor acted with an intent to defraud, conscious misconduct, or deliberate recklessness, as is required in a securities fraud case.” “[t]he plaintiff must prove that the accounting practices were so deficient that the audit amounted to no audit at all, or an egregious refusal to see the obvious, or to investigate the doubtful, or that the accounting judgments which were made were such that no reasonable accountant would have made the same decisions if confronted with the same facts.” Joe Dryer ©2003 jdryer@breakawaysystems.com 10 In re Enron Corp. Securities, Derivative and ERISA Litigation (SD Tex 2002) Claims of security fraud against Enron’s outside directors dismissed as they failed “to raise a strong inference of scienter” Found that claims against several secondary actor defendants, such as Enron’s outside auditor Arthur Andersen, several investment banks, and Enron’s attorneys, could proceed under Section 10(b). Joe Dryer ©2003 jdryer@breakawaysystems.com 11 Enron Conundrum Accounting fraud is profitable Formalistic accounting – GAAP trumps “materially misleading” Collusion in fraud Lack of responsibility – Sergeant Schultz Defense ("I know nothing.") Joe Dryer ©2003 jdryer@breakawaysystems.com 12 Joe Dryer ©2003 jdryer@breakawaysystems.com 13 Listed Companies Restating 4% 3% NASDAQ 2% NYSE 1% 0% 1997 AMEX 1998 Joe Dryer 1998 ©2003 2000 2001 2002 jdryer@breakawaysystems.com 14 SEC Record of Enforcement FY 2000 - 2002 Total Enforcement actions filed Financial fraud and issuer reporting actions filed Officer and director bars sought (in all categories of cases) Temporary Restraining Orders filed (in all categories of cases) Asset Freezes (in all categories of cases) Trading Suspensions Subpoena enforcement proceedings Disgorgement Ordered (in millions)* Penalties Ordered (in millions)* FY FY 2000 2001 503 484 103 112 FY 2002 598 163 38 51 126 33 31 48 56 43 63 11 8 $463 $43.70 2 11 15 19 $530 $1,328 $56.10 $116.40 * Includes amounts disbursed to the NASD as part of the Credit Suisse First Boston settlement. Joe Dryer ©2003 jdryer@breakawaysystems.com 15 Rite Aid SEC Complaint CEO and CFO both permitted improper vendor deductions to continue even after other Rite Aid personnel raised with them in 1995 the question of whether the practice was proper. The only documentation backing up quarterly adjustments was a hand-written schedule prepared by CFO, showing eleven separate accounts that he wanted credited. The CFO personally determined the gross profit entries (>100 MM) without input or review by anyone. These entries were completely unsubstantiated. The CFO provided, and directed his staff to provide, false and misleading information to KPMG. The false information included, among other things, Rite Aid's books and records, unaudited financial statements, and bank records. Joe Dryer ©2003 jdryer@breakawaysystems.com 16 Internal Auditor’s Options Raise issues – to who? – – – – Management Board of directors Accounting committee of board Governmental watchdogs Join Quit Joe Dryer ©2003 jdryer@breakawaysystems.com 17 IIA Position Paper on Whistleblowing “Some internal auditors, however, may not be afforded a means to deal appropriately with findings that involve violations of law, rules, regulations, or damage to public health or safety. Internal auditors may find resolving such matters difficult if they do not have access to an Audit Committee comprised solely of independent directors with a written charter setting forth the duties and responsibilities of the Committee, and with adequate resources and authority to discharge Committee responsibilities. Also, the problems may be compounded if the internal auditing organizations are not independent when they carry out their work and do not have organizational status sufficient to permit the accomplishment of their auditing responsibilities in accordance with the Standards. In such situations, the auditor is obligated by The IIA's Standards and Code of Ethics to report through the normal channels and, if necessary, ultimately to the Board of Directors and to ensure that the matter is resolved satisfactorily within a reasonable period of time.” Joe Dryer ©2003 jdryer@breakawaysystems.com 18 Or-- If the matter is not resolved satisfactorily, or the auditor is terminated, or subject to other retaliation, the auditor should secure the advice of outside counsel regarding further action. Joe Dryer ©2003 jdryer@breakawaysystems.com 19 Internal Control Report PRE SOX – nothing POST SOX – As directed by section 404 of SOX, the SEC requires that annual reports (for FY ending after 6/15/2004 for most large companies) must contain an “internal control report” describing internal controls for financial reporting Joe Dryer ©2003 jdryer@breakawaysystems.com 20 Internal Control Statements to be Included in the Annual Report Management’s responsibility for establishing and maintaining adequate internal control ; Identification of the framework used by management to conduct the required evaluation; Management’s assessment of the effectiveness of the company's internal control, including disclosure of any “material weaknesses”; and A statement that the auditing accounting firm has issued an attestation report on management's assessment. Joe Dryer ©2003 jdryer@breakawaysystems.com 21 SEC Rule on Internal Controls 17 CFR 210, 228, 229, 240, 249 and 274 ”management cannot delegate its responsibility to assess its internal controls over financial reporting to the auditor.” ”management must base its evaluation of the effectiveness of the company’s internal control over financial reporting on a suitable, recognized control framework.” (e.g. COSO Framework and COBIT) Joe Dryer ©2003 jdryer@breakawaysystems.com 22 SEC Rule on Internal Controls “inquiry alone generally will not provide an adequate basis for management's assessment” “in conducting such an evaluation and developing its assessment of the effectiveness of internal control over financial reporting, a company must maintain evidential matter, including documentation, to provide reasonable support for management's assessment of the effectiveness of the company's internal control” Joe Dryer ©2003 jdryer@breakawaysystems.com 23 SEC Rule on Internal Controls “a company must disclose any change in its internal control over financial reporting that occurred during the fiscal quarter covered by the quarterly report, or the last fiscal quarter in the case of an annual report, that has, or is reasonable likely to have, materially affected, the company's internal control” “a company will have to determine whether the reasons for the change constitute material information necessary to make the disclosure about the change not misleading” Joe Dryer ©2003 jdryer@breakawaysystems.com 24 SOX Section 303 Application to IT “We believe that section 303 of the Act includes all accountants* engaged in auditing or reviewing an issuer's financial statements or issuing attestation reports.” Final Rule:Improper Influence on Conduct of Audits SEC RIN 3235-AI67 The asterisk points directly to a reference to section 404 Internal Control auditor attestation Joe Dryer ©2003 jdryer@breakawaysystems.com 25 Executive Officers & Directors, Improper Influence PRE SOX - Under state law fiduciary principles and applicable federal securities laws, officers, directors could be liable to the company and/or shareholder for causing materially false corporate financial reports. POST SOX – As directed by section 303 of the SOX, the SEC enacted §240.13b2-2 on representations and conduct in connection with the preparation of required reports and documents. SEC says this is “consistent with previous law, rules and cases.” But: Joe Dryer ©2003 jdryer@breakawaysystems.com 26 §240.13b2-2 – Misleading Statements (a) No director or officer of an issuer shall, directly or indirectly: (1) Make or cause to be made a materially false or misleading statement to an accountant … ; or (2) Omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which such statements were made, not misleading ,,, Joe Dryer ©2003 jdryer@breakawaysystems.com 27 §240.13b2-2 – Misleading Statements Misleading statements prohibited are those made in connection with: (i) Any audit, review or examination of the financial statements of the issuer required to be made pursuant to this subpart; or (ii) The preparation or filing of any document or report required to be filed with the Commission pursuant to this subpart or otherwise. Joe Dryer ©2003 jdryer@breakawaysystems.com 28 §240.13b2-2 – Misleading Statements (b)(1) No officer or director of an issuer, or any other person acting under the direction thereof, shall directly or indirectly take any action to coerce, manipulate, mislead, or fraudulently influence any independent public or certified public accountant engaged in the performance of an audit or review of the financial statements of that issuer that are required to be filed with the Commission pursuant to this subpart or otherwise if that person knew or should have known that such action, if successful, could result in rendering the issuer's financial statements materially misleading. Joe Dryer ©2003 jdryer@breakawaysystems.com 29 Examples of §240.13b2-2 Improper Influence Prohibited Conduct To issue or reissue a statement that is not warranted in the circumstances; Not to perform procedures required by professional standards; Not to withdraw an issued report; or Not to communicate matters to an issuer's audit committee. Joe Dryer ©2003 jdryer@breakawaysystems.com 30 Destruction, Alteration, Falsification of Records (PRE SOX) Anyone who "corruptly persuades" others to destroy, alter or conceal evidence can be prosecuted under 18 U.S.C. § 1512. – – Reaches destruction of evidence with intent to obstruct an official proceeding that may not yet have been commenced. Section 1512 does not reach the “individual shredder.” 18 U.S.C. § 1505 does not require “corrupt persuasion” but it does require the existence of a pending proceeding. Joe Dryer ©2003 jdryer@breakawaysystems.com 31 Destruction, Alteration, Falsification of Records (POST SOX) Section 801 prohibits the alteration, destruction or falsification of records, documents or tangible objects, by any person, with intent to impede, obstruct or influence, the investigation or proper administration of any “matters” within the jurisdiction of any department or agency of the United States, or any bankruptcy proceeding, or in relation to or contemplation of any such matter or proceeding. Violation imposes penalty of a fine or not more than 20 years in prison or both. Joe Dryer ©2003 jdryer@breakawaysystems.com 32 Destruction, Alteration, Falsification of Records (POST SOX) Section 1102 added a new criminal provision, 18 USC 1512, prohibiting any attempt to – – corruptly alter, destroy, mutilate, or conceal a record, document, or other object with the intent to impair the object’s integrity or availability for use in an official proceeding otherwise obstructs, influences, or impedes any official proceeding Violation entails a fine or up to 20 years prison, or both.’’. Joe Dryer ©2003 jdryer@breakawaysystems.com 33 Destruction of Audit Records PRE SOX - No general legal duty that an accountant maintain client files for a particular time interval. POST SOX - SEC under SOX authority requires accounting firms to retain for seven years certain records relevant to their audits and reviews of issuers' financial statements, including an accounting firm's workpapers and certain other documents containing conclusions, opinions, analyses, or financial data related to the audit or review. Joe Dryer ©2003 jdryer@breakawaysystems.com 34 SOX Enforcement Started Thomas C. Trauger, a former E&Y partner was arrested September 25, 2003 for altering and destroying audit working papers. In the criminal complaint, he was charged with one count of obstructing the examination of a financial institution ( 5 years in imprisonment and fine of $250,000), and one count under the SOX of falsification of records in a federal investigation ( 20 years in prison and a fine of $250,000). Joe Dryer ©2003 jdryer@breakawaysystems.com 35 Statute of Limitations for Private Right of Action PRE SOX - Allowed for a suit to be brought within 1 year after discovery of violation or 3 years after occurrence of violation. POST SOX - Section 804 establishes a statute of limitations for claims of fraud, deceit, manipulation, or contrivance in contravention of a regulatory requirement concerning federal securities laws within 2 years after discovery of facts constituting the violation or 5 years after such violation. Joe Dryer ©2003 jdryer@breakawaysystems.com 36 Whistle-blower Protection POST SOX - Section 806 prohibits public companies, their officers, employees, contractors and agents from retaliatory actions against employees who assist in proceedings involving alleged securities violations and provides an administrative process for employees seeking relief for violators. Also, the section provides for a civil action based on a violation of the section. Joe Dryer ©2003 jdryer@breakawaysystems.com 37 Penalties for Retaliation PRE SOX – No explicit protection from retaliation for an individual who provides truthful information to a law enforcement officer POST SOX - Section 1107 provides for a new subsection (e) of 18 U.S.C. § 1513, which creates a felony offense for any person knowingly to take any action, with intent to retaliate, harmful to a person who provides such information concerning a federal offense. An offense is subject to a fine or imprisonment of not more than 10 years or both. Joe Dryer ©2003 jdryer@breakawaysystems.com 38 Accounting Complaints PRE SOX – No mandated complaint handling. POST SOX - Section 301 requires the Audit Committee to establish procedures to receive and respond to complaints received regarding accounting and auditing matters and procedures to receive confidential, anonymous complaints from employees regarding accounting and auditing matters Joe Dryer ©2003 jdryer@breakawaysystems.com 39 Certification of Financial Reports PRE SOX – No statutory requirements. POST SOX - SEC requires that the CEO and the CFO provide a statement certifying the periodic reports filed with SEC. Certifying a report while knowing that it does not comport with all of the requirements of § 1350 is punishable by a fine up to $1 million and imprisonment of up to 10 years. A willful violation is punishable by a fine up to $5 million and imprisonment of up to 20 years. Joe Dryer ©2003 jdryer@breakawaysystems.com 40 Certification As part of the CEO/CFO certification, management must certify that they have reported to the Audit Committee – – all significant deficiencies in the design or operation of internal controls which could adversely affect the registrant's ability to record, process, summarize and report financial data and have identified for the registrant's auditors any material weaknesses in internal controls. any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal controls. Joe Dryer ©2003 jdryer@breakawaysystems.com 41 Subcertification Sarbanes-Oxley requires only the CFOs and CEOs certify their company's financial statements. In an AFP survey of financial professionals, one third of those providing information used in company reports were asked by their company to sign an affidavit vouching for, or certifying, the accuracy of the information that they provide. Nearly all corporate practitioners report that when presented with an affidavit, they had signed the document. Joe Dryer ©2003 jdryer@breakawaysystems.com 42 Subcertification Article in Corporate Counsel described GC at an REIT who refused request by PWC auditors that he also sign CEO and CFO’s attestation. – – – CEO and CFO covered by D&O insurance, not GC acting as legal professional SEC fines, court judgments, fraudulent behavior and reporting malfeasance generally not covered by D&O insurance Had no knowledge of GAAP or audits Joe Dryer ©2003 jdryer@breakawaysystems.com 43 Enhanced Penalties for Exchange Rule Violations PRE SOX – Section 32(a) of the Exchange Act, 15 U.S.C. § 78ff, provides for a criminal fine of $1 million for individuals and/or imprisonment of up to 10 years, or a fine of $2.5 million for anyone other than an individual. POST SOX – Section 1106 increases penalties under the Exchange Act up to $5 million or imprisonment of not more than 20 years and increases the fine up to $25 million for persons other than a natural person. Joe Dryer ©2003 jdryer@breakawaysystems.com Joe Dryer ©2003 20 04 20 03 20 02 $841 million (proposed) $716 million (budgeted) $466.9 million (proposed) $437.9 million 44 $103 million not spent SEC BUDGET jdryer@breakawaysystems.com 45 Corporate Fraud Task Force Priorities Falsification of financial information, including false accounting entries and false transactions designed to evade regulatory oversight; Self-dealing by corporate insiders Obstruction of justice designed to conceal either of these types of criminal conduct, particularly when that obstruction impedes the regulatory inquiries of the SEC or other agencies. Joe Dryer ©2003 jdryer@breakawaysystems.com 46 Charging a Corporation: Factors to Be Considered 4. the corporation's timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents, including, if necessary, the waiver of corporate attorney-client and work product protection 6. the corporation's remedial actions, including … any efforts to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies 8. the adequacy of the prosecution of individuals responsible for the corporation's malfeasance; Joe Dryer ©2003 jdryer@breakawaysystems.com 47 DOJ Cooperation Quote “Another factor to be weighed by the prosecutor is whether the corporation appears to be protecting its culpable employees and agents. Thus, a corporation's promise of support to culpable employees and agents, either through the advancing of attorneys fees, through retaining the employees without sanction for their misconduct, or through providing information to the employees about the government's investigation may be considered by the prosecutor in weighing the extent and value of a corporation's cooperation.” “Prosecutors should rarely negotiate away individual criminal liability in a corporate plea.” Joe Dryer ©2003 jdryer@breakawaysystems.com 48 Principles of Federal Prosecution 9-27.420 Plea Agreements -- Considerations to be Weighed A. In determining whether it would be appropriate to enter into a plea agreement, the attorney for the government should weigh all relevant considerations, including: 1. The defendant' s willingness to cooperate in the investigation or prosecution of others; Joe Dryer ©2003 jdryer@breakawaysystems.com 49 Elements of Commercial Fraud Misrepresentation of some fact. Knowledge that the fact was false or reckless disregard of the truth. Reliance by receiver on the fact. That is reasonable. Damages that were caused by the misrepresentation. Joe Dryer ©2003 jdryer@breakawaysystems.com 50 Privity of Contract Many courts have held an accountant does not owe a duty to the public at large unless: – – – the accountant is aware that the report in question is to be used for a particular purpose a party known to the accountant is intended to rely on the report conduct by the accountant must link the accountant to plaintiff’s reliance. Due diligence investigations? Joe Dryer ©2003 jdryer@breakawaysystems.com 51 SAS70 audits implicated? The PCAOB draft audit standard of 7 October 2003 states: B25. The use of a service organization does not reduce management’s responsibility to maintain effective internal control over financial reporting. Rather, management should evaluate controls at the service organization, as well as related controls at the company, when making its assessment about internal control over financial reporting. Joe Dryer ©2003 jdryer@breakawaysystems.com 52 Commercial Fraud and Privity A college sued Coopers for professional negligence and for breach of contract-for failure to detect and notify the board of treasurer’s illegal, inappropriate, and highly risky investments. College awarded $12.65 million for negligence and $378,000 for breach of contract. Board of Trustees of Community College Dist. No. 508 v. Coopers & Lybrand JNL alleged that E&Y’s audits of electronics wholesaler Kent International Associates, Ltd., to whom JNL was a lender, were negligent and fraudulent. E&Y’s motion to dismiss was denied since JNL sufficiently alleged a relationship approaching privity with E&Y, and that JNL had properly alleged fraud. Jackson National Life Ins. Co. v. Ernst & Young Joe Dryer ©2003 jdryer@breakawaysystems.com 53 D&O Insurance In several recent cases, courts have ruled that the D&O policy proceeds, due to its inclusion of corporate (entity) coverage, are part of the corporation’s assets and awarded bankruptcy trustees the proceeds to satisfy creditors. In a few, recent high profile cases, D&O insurers have attempted to rescind coverage as a result of a financial restatement since the policy was issued based on the understanding that the financial statements were accurate. D&O insurer will rescind policy once fraud is admitted or if a company otherwise materially misrepresents its risks during the D&O application process. Joe Dryer ©2003 jdryer@breakawaysystems.com 54 Crime Pays? SEC ordered Xerox executives to pay $22.5 million in accounting fraud, including $19.4 million disgorgement of “profits attributable to the fraud” Xerox said its bylaws required it to reimburse executives’ disgorgement, with the money to come from D&O AIG is asking a state court in New York City to void the D&O insurance since it was issued under false pretenses due to the accounting fraud. Joe Dryer ©2003 jdryer@breakawaysystems.com 55 Summary Sarbanes-Oxley, directly and indirectly, materially expands individual liability for problems judged after-the-fact Individuals should educate themselves on their professional responsibilities and rights Run a clean ship and document Joe Dryer ©2003 jdryer@breakawaysystems.com