View/Download the Power Point Presentation

advertisement
Auditor Liability
Joe Dryer, Ph.D., JD
Breakaway Systems LLC
By
This presentation is for educational and informational purposes only. Any
use of the materials herein should be in conjunction with advice from a
licensed attorney.
2
Overview




Pre-Enron laws (still generally in effect)
Motivation for Sarbanes-Oxley Act (SOX)
SOX environmental changes
– IT merging with financial accounting
– SEC policies and capabilities
– Individual protections and responsibilities
Insurance and company protections
Joe Dryer
©2003
jdryer@breakawaysystems.com
3
Qualifications


Much of this discussion comes from securities
laws and many companies do not strictly fall
within the jurisdiction of these laws (nonprofit, privately-held, too small, etc.)
There has been much discussion that most
companies will conform
–
–
–
Creditors will require conformity
A company wanting to grow, merge or do an
IPO must conform
States have discussed application to nonprofits
Joe Dryer
©2003
jdryer@breakawaysystems.com
4
Pre-Sarbanes-Oxley (SOX)
Exchange Act of 1934


13b2-1 prohibits any person from directly or
indirectly falsifying certain books, records, or
accounts.
13b2-2 prohibits any director or officer of an
issuer from directly or indirectly making a
materially false or misleading statement. This rule
applies to statements made (1) to accountants in
connection with required audits or examinations
of financial statements or (2) in the preparation or
filing of documents or reports required to be filed
with SEC.
Joe Dryer
©2003
jdryer@breakawaysystems.com
5
Private Securities Litigation
Reform Act of 1995 (PSLRA)

Each required audit shall include, in
accordance with generally accepted auditing
standards
–
–
–
procedures designed to provide reasonable
assurance of detecting illegal acts that would
have a direct and material effect on the
determination of financial statement amounts
procedures designed to identify material related
party transactions
an evaluation of the ability of the issuer to
continue as a going concern during the ensuing
fiscal year.
Joe Dryer
©2003
jdryer@breakawaysystems.com
6
PSLRA Required Response To
Audit Discoveries

If, in the course of conducting an audit the
independent public accountant becomes
aware of information indicating that an illegal
act (whether or not material) has or may have
occurred, the accountant shall inform
management and assure that the audit
committee of the issuer is adequately
informed, unless the illegal act is clearly
inconsequential.
Joe Dryer
©2003
jdryer@breakawaysystems.com
7
PSLRA - Failure To Remedy


The public accountant shall directly report its
conclusions to the board of directors if the
illegal act is material and the senior
management has not taken timely and
appropriate remedial actions with respect to
the illegal act, and this is reasonably expected
to warrant departure from a standard report or
resignation from the audit engagement
The board, or failing that, the auditor must
report this to the SEC
Joe Dryer
©2003
jdryer@breakawaysystems.com
8
PSLRA 2nd Party Liability



Scienter - Plaintiffs must plead with particularly at the
outset of the litigation, before the plaintiff has
obtained any discovery, that the auditor acted with an
intent to defraud or a reckless indifference to the truth
or accuracy of the statement made.
Proportionate Liability - substituted proportionate
liability for joint and several liability as the standard of
damages in securities litigation. Auditors liable to a
smaller percentage of losses than management
unless it made a knowingly false statement
No RICO - denied the ability to assert a RICO claim
in any case that can be pled as a securities fraud
claim. No triple damages.
Joe Dryer
©2003
jdryer@breakawaysystems.com
9
DSAM Global Value Fund v. Altris
Software, 288 F.3d 385 (9th Cir. 2002)


“the complaint sets out a compelling case of
negligence – perhaps even gross negligence – but
does not give rise to a strong inference that the
auditor acted with an intent to defraud, conscious
misconduct, or deliberate recklessness, as is
required in a securities fraud case.”
“[t]he plaintiff must prove that the accounting
practices were so deficient that the audit amounted to
no audit at all, or an egregious refusal to see the
obvious, or to investigate the doubtful, or that the
accounting judgments which were made were such
that no reasonable accountant would have made the
same decisions if confronted with the same facts.”
Joe Dryer
©2003
jdryer@breakawaysystems.com
10
In re Enron Corp. Securities, Derivative
and ERISA Litigation (SD Tex 2002)


Claims of security fraud against Enron’s
outside directors dismissed as they failed “to
raise a strong inference of scienter”
Found that claims against several secondary
actor defendants, such as Enron’s outside
auditor Arthur Andersen, several investment
banks, and Enron’s attorneys, could proceed
under Section 10(b).
Joe Dryer
©2003
jdryer@breakawaysystems.com
11
Enron Conundrum
Accounting fraud is profitable
 Formalistic accounting – GAAP trumps
“materially misleading”
 Collusion in fraud
 Lack of responsibility

–
Sergeant Schultz Defense ("I know
nothing.")
Joe Dryer
©2003
jdryer@breakawaysystems.com
12
Joe Dryer
©2003
jdryer@breakawaysystems.com
13
Listed Companies Restating
4%
3%
NASDAQ
2%
NYSE
1%
0%
1997
AMEX
1998
Joe Dryer
1998
©2003
2000
2001
2002
jdryer@breakawaysystems.com
14
SEC Record of Enforcement
FY 2000 - 2002
Total Enforcement actions filed
Financial fraud and issuer reporting
actions filed
Officer and director bars sought
(in all categories of cases)
Temporary Restraining Orders filed
(in all categories of cases)
Asset Freezes
(in all categories of cases)
Trading Suspensions
Subpoena enforcement proceedings
Disgorgement Ordered (in millions)*
Penalties Ordered (in millions)*
FY
FY
2000
2001
503
484
103
112
FY
2002
598
163
38
51
126
33
31
48
56
43
63
11
8
$463
$43.70
2
11
15
19
$530 $1,328
$56.10 $116.40
* Includes amounts disbursed to the NASD as part of the Credit Suisse First Boston settlement.
Joe Dryer
©2003
jdryer@breakawaysystems.com
15
Rite Aid SEC Complaint




CEO and CFO both permitted improper vendor deductions to
continue even after other Rite Aid personnel raised with them in
1995 the question of whether the practice was proper.
The only documentation backing up quarterly adjustments was a
hand-written schedule prepared by CFO, showing eleven
separate accounts that he wanted credited.
The CFO personally determined the gross profit entries (>100
MM) without input or review by anyone. These entries were
completely unsubstantiated.
The CFO provided, and directed his staff to provide, false and
misleading information to KPMG. The false information included,
among other things, Rite Aid's books and records, unaudited
financial statements, and bank records.
Joe Dryer
©2003
jdryer@breakawaysystems.com
16
Internal Auditor’s Options

Raise issues – to who?
–
–
–
–


Management
Board of directors
Accounting committee of board
Governmental watchdogs
Join
Quit
Joe Dryer
©2003
jdryer@breakawaysystems.com
17
IIA Position Paper on Whistleblowing
“Some internal auditors, however, may not be afforded a means to deal
appropriately with findings that involve violations of law, rules, regulations, or
damage to public health or safety. Internal auditors may find resolving such
matters difficult if they do not have access to an Audit Committee comprised
solely of independent directors with a written charter setting forth the duties and
responsibilities of the Committee, and with adequate resources and authority to
discharge Committee responsibilities. Also, the problems may be compounded if
the internal auditing organizations are not independent when they carry out their
work and do not have organizational status sufficient to permit the
accomplishment of their auditing responsibilities in accordance with the
Standards. In such situations, the auditor is obligated by The IIA's Standards and
Code of Ethics to report through the normal channels and, if necessary,
ultimately to the Board of Directors and to ensure that the matter is resolved
satisfactorily within a reasonable period of time.”
Joe Dryer
©2003
jdryer@breakawaysystems.com
18
Or--
If the matter is not resolved satisfactorily, or the auditor is
terminated, or subject to other retaliation, the auditor should
secure the advice of outside counsel regarding further action.
Joe Dryer
©2003
jdryer@breakawaysystems.com
19
Internal Control Report


PRE SOX – nothing
POST SOX – As directed by section 404 of
SOX, the SEC requires that annual reports
(for FY ending after 6/15/2004 for most large
companies) must contain an “internal control
report” describing internal controls for
financial reporting
Joe Dryer
©2003
jdryer@breakawaysystems.com
20
Internal Control Statements to be
Included in the Annual Report




Management’s responsibility for establishing and
maintaining adequate internal control ;
Identification of the framework used by
management to conduct the required evaluation;
Management’s assessment of the effectiveness of
the company's internal control, including
disclosure of any “material weaknesses”; and
A statement that the auditing accounting firm has
issued an attestation report on management's
assessment.
Joe Dryer
©2003
jdryer@breakawaysystems.com
21
SEC Rule on Internal Controls
17 CFR 210, 228, 229, 240, 249 and 274


”management cannot delegate its
responsibility to assess its internal controls
over financial reporting to the auditor.”
”management must base its evaluation of the
effectiveness of the company’s internal
control over financial reporting on a suitable,
recognized control framework.” (e.g. COSO
Framework and COBIT)
Joe Dryer
©2003
jdryer@breakawaysystems.com
22
SEC Rule on Internal Controls


“inquiry alone generally will not provide an
adequate basis for management's
assessment”
“in conducting such an evaluation and
developing its assessment of the effectiveness
of internal control over financial reporting, a
company must maintain evidential matter,
including documentation, to provide reasonable
support for management's assessment of the
effectiveness of the company's internal control”
Joe Dryer
©2003
jdryer@breakawaysystems.com
23
SEC Rule on Internal Controls


“a company must disclose any change in its internal
control over financial reporting that occurred during
the fiscal quarter covered by the quarterly report, or
the last fiscal quarter in the case of an annual report,
that has, or is reasonable likely to have, materially
affected, the company's internal control”
“a company will have to determine whether the
reasons for the change constitute material
information necessary to make the disclosure about
the change not misleading”
Joe Dryer
©2003
jdryer@breakawaysystems.com
24
SOX Section 303 Application to IT

“We believe that section 303 of the Act
includes all accountants* engaged in
auditing or reviewing an issuer's
financial statements or issuing
attestation reports.”
Final Rule:Improper Influence on Conduct of Audits SEC
RIN 3235-AI67
The asterisk points directly to a
reference to section 404 Internal
Control auditor attestation
Joe Dryer
©2003
jdryer@breakawaysystems.com
25
Executive Officers & Directors,
Improper Influence


PRE SOX - Under state law fiduciary principles and
applicable federal securities laws, officers, directors
could be liable to the company and/or shareholder for
causing materially false corporate financial reports.
POST SOX – As directed by section 303 of the SOX,
the SEC enacted §240.13b2-2 on representations
and conduct in connection with the preparation of
required reports and documents. SEC says this is
“consistent with previous law, rules and cases.” But:
Joe Dryer
©2003
jdryer@breakawaysystems.com
26
§240.13b2-2 – Misleading Statements
(a) No director or officer of an issuer shall,
directly or indirectly:
(1) Make or cause to be made a materially false or
misleading statement to an accountant … ; or
(2) Omit to state, or cause another person to omit to
state, any material fact necessary in order to make
statements made, in light of the circumstances
under which such statements were made, not
misleading ,,,
Joe Dryer
©2003
jdryer@breakawaysystems.com
27
§240.13b2-2 – Misleading Statements



Misleading statements prohibited are those
made in connection with:
(i) Any audit, review or examination of the
financial statements of the issuer required to
be made pursuant to this subpart; or
(ii) The preparation or filing of any document
or report required to be filed with the
Commission pursuant to this subpart or
otherwise.
Joe Dryer
©2003
jdryer@breakawaysystems.com
28
§240.13b2-2 – Misleading Statements

(b)(1) No officer or director of an issuer, or any other
person acting under the direction thereof, shall
directly or indirectly take any action to coerce,
manipulate, mislead, or fraudulently influence any
independent public or certified public accountant
engaged in the performance of an audit or review of
the financial statements of that issuer that are
required to be filed with the Commission pursuant to
this subpart or otherwise if that person knew or
should have known that such action, if successful,
could result in rendering the issuer's financial
statements materially misleading.
Joe Dryer
©2003
jdryer@breakawaysystems.com
29
Examples of §240.13b2-2 Improper
Influence Prohibited Conduct




To issue or reissue a statement that is not
warranted in the circumstances;
Not to perform procedures required by
professional standards;
Not to withdraw an issued report; or
Not to communicate matters to an issuer's
audit committee.
Joe Dryer
©2003
jdryer@breakawaysystems.com
30
Destruction, Alteration,
Falsification of Records (PRE SOX)

Anyone who "corruptly persuades" others to
destroy, alter or conceal evidence can be
prosecuted under 18 U.S.C. § 1512.
–
–

Reaches destruction of evidence with intent to
obstruct an official proceeding that may not yet
have been commenced.
Section 1512 does not reach the “individual
shredder.”
18 U.S.C. § 1505 does not require “corrupt
persuasion” but it does require the existence
of a pending proceeding.
Joe Dryer
©2003
jdryer@breakawaysystems.com
31
Destruction, Alteration, Falsification
of Records (POST SOX)


Section 801 prohibits the alteration, destruction
or falsification of records, documents or tangible
objects, by any person, with intent to impede,
obstruct or influence, the investigation or proper
administration of any “matters” within the
jurisdiction of any department or agency of the
United States, or any bankruptcy proceeding, or
in relation to or contemplation of any such matter
or proceeding.
Violation imposes penalty of a fine or not more
than 20 years in prison or both.
Joe Dryer
©2003
jdryer@breakawaysystems.com
32
Destruction, Alteration, Falsification
of Records (POST SOX)

Section 1102 added a new criminal provision,
18 USC 1512, prohibiting any attempt to
–
–

corruptly alter, destroy, mutilate, or conceal a
record, document, or other object with the intent to
impair the object’s integrity or availability for use in
an official proceeding
otherwise obstructs, influences, or impedes any
official proceeding
Violation entails a fine or up to 20 years
prison, or both.’’.
Joe Dryer
©2003
jdryer@breakawaysystems.com
33
Destruction of Audit Records


PRE SOX - No general legal duty that an
accountant maintain client files for a particular
time interval.
POST SOX - SEC under SOX authority
requires accounting firms to retain for seven
years certain records relevant to their audits
and reviews of issuers' financial statements,
including an accounting firm's workpapers
and certain other documents containing
conclusions, opinions, analyses, or financial
data related to the audit or review.
Joe Dryer
©2003
jdryer@breakawaysystems.com
34
SOX Enforcement Started


Thomas C. Trauger, a former E&Y partner
was arrested September 25, 2003 for altering
and destroying audit working papers.
In the criminal complaint, he was charged
with one count of obstructing the examination
of a financial institution ( 5 years in
imprisonment and fine of $250,000), and one
count under the SOX of falsification of
records in a federal investigation ( 20 years in
prison and a fine of $250,000).
Joe Dryer
©2003
jdryer@breakawaysystems.com
35
Statute of Limitations for
Private Right of Action


PRE SOX - Allowed for a suit to be brought
within 1 year after discovery of violation or 3
years after occurrence of violation.
POST SOX - Section 804 establishes a
statute of limitations for claims of fraud,
deceit, manipulation, or contrivance in
contravention of a regulatory requirement
concerning federal securities laws within 2
years after discovery of facts constituting the
violation or 5 years after such violation.
Joe Dryer
©2003
jdryer@breakawaysystems.com
36
Whistle-blower Protection

POST SOX - Section 806 prohibits public
companies, their officers, employees,
contractors and agents from retaliatory
actions against employees who assist in
proceedings involving alleged securities
violations and provides an administrative
process for employees seeking relief for
violators. Also, the section provides for a civil
action based on a violation of the section.
Joe Dryer
©2003
jdryer@breakawaysystems.com
37
Penalties for Retaliation


PRE SOX – No explicit protection from
retaliation for an individual who provides
truthful information to a law enforcement officer
POST SOX - Section 1107 provides for a new
subsection (e) of 18 U.S.C. § 1513, which
creates a felony offense for any person
knowingly to take any action, with intent to
retaliate, harmful to a person who provides
such information concerning a federal offense.
An offense is subject to a fine or imprisonment
of not more than 10 years or both.
Joe Dryer
©2003
jdryer@breakawaysystems.com
38
Accounting Complaints


PRE SOX – No mandated complaint
handling.
POST SOX - Section 301 requires the Audit
Committee to establish procedures to receive
and respond to complaints received regarding
accounting and auditing matters and
procedures to receive confidential,
anonymous complaints from employees
regarding accounting and auditing matters
Joe Dryer
©2003
jdryer@breakawaysystems.com
39
Certification of Financial
Reports


PRE SOX – No statutory requirements.
POST SOX - SEC requires that the CEO and
the CFO provide a statement certifying the
periodic reports filed with SEC. Certifying a
report while knowing that it does not comport
with all of the requirements of § 1350 is
punishable by a fine up to $1 million and
imprisonment of up to 10 years. A willful
violation is punishable by a fine up to $5
million and imprisonment of up to 20 years.
Joe Dryer
©2003
jdryer@breakawaysystems.com
40
Certification

As part of the CEO/CFO certification,
management must certify that they have
reported to the Audit Committee
–
–
all significant deficiencies in the design or
operation of internal controls which could
adversely affect the registrant's ability to record,
process, summarize and report financial data and
have identified for the registrant's auditors any
material weaknesses in internal controls.
any fraud, whether or not material, that involves
management or other employees who have a
significant role in the registrant's internal controls.
Joe Dryer
©2003
jdryer@breakawaysystems.com
41
Subcertification


Sarbanes-Oxley requires only the CFOs and
CEOs certify their company's financial
statements.
In an AFP survey of financial professionals,
one third of those providing information used
in company reports were asked by their
company to sign an affidavit vouching for, or
certifying, the accuracy of the information that
they provide. Nearly all corporate
practitioners report that when presented with
an affidavit, they had signed the document.
Joe Dryer
©2003
jdryer@breakawaysystems.com
42
Subcertification

Article in Corporate Counsel described GC at
an REIT who refused request by PWC
auditors that he also sign CEO and CFO’s
attestation.
–
–
–
CEO and CFO covered by D&O insurance, not GC
acting as legal professional
SEC fines, court judgments, fraudulent behavior
and reporting malfeasance generally not covered
by D&O insurance
Had no knowledge of GAAP or audits
Joe Dryer
©2003
jdryer@breakawaysystems.com
43
Enhanced Penalties for Exchange
Rule Violations


PRE SOX – Section 32(a) of the Exchange Act, 15
U.S.C. § 78ff, provides for a criminal fine of $1 million
for individuals and/or imprisonment of up to 10 years,
or a fine of $2.5 million for anyone other than an
individual.
POST SOX – Section 1106 increases penalties under
the Exchange Act up to $5 million or imprisonment of
not more than 20 years and increases the fine up to
$25 million for persons other than a natural person.
Joe Dryer
©2003
jdryer@breakawaysystems.com
Joe Dryer
©2003
20
04
20
03
20
02
$841 million (proposed)
$716 million (budgeted)
$466.9 million (proposed)
$437.9 million
44
$103 million not spent
SEC BUDGET
jdryer@breakawaysystems.com
45
Corporate Fraud Task Force
Priorities



Falsification of financial information, including
false accounting entries and false
transactions designed to evade regulatory
oversight;
Self-dealing by corporate insiders
Obstruction of justice designed to conceal
either of these types of criminal conduct,
particularly when that obstruction impedes
the regulatory inquiries of the SEC or other
agencies.
Joe Dryer
©2003
jdryer@breakawaysystems.com
46
Charging a Corporation:
Factors to Be Considered



4. the corporation's timely and voluntary disclosure of
wrongdoing and its willingness to cooperate in the
investigation of its agents, including, if necessary, the
waiver of corporate attorney-client and work product
protection
6. the corporation's remedial actions, including … any
efforts to replace responsible management, to
discipline or terminate wrongdoers, to pay restitution,
and to cooperate with the relevant government
agencies
8. the adequacy of the prosecution of individuals
responsible for the corporation's malfeasance;
Joe Dryer
©2003
jdryer@breakawaysystems.com
47
DOJ Cooperation Quote


“Another factor to be weighed by the prosecutor is
whether the corporation appears to be protecting its
culpable employees and agents. Thus, a
corporation's promise of support to culpable
employees and agents, either through the advancing
of attorneys fees, through retaining the employees
without sanction for their misconduct, or through
providing information to the employees about the
government's investigation may be considered by the
prosecutor in weighing the extent and value of a
corporation's cooperation.”
“Prosecutors should rarely negotiate away individual
criminal liability in a corporate plea.”
Joe Dryer
©2003
jdryer@breakawaysystems.com
48
Principles of Federal
Prosecution

9-27.420 Plea Agreements -- Considerations
to be Weighed
A. In determining whether it would be
appropriate to enter into a plea agreement,
the attorney for the government should
weigh all relevant considerations,
including:
1. The defendant' s willingness to
cooperate in the investigation or
prosecution of others;
Joe Dryer
©2003
jdryer@breakawaysystems.com
49
Elements of Commercial Fraud
Misrepresentation of some fact.
Knowledge that the fact was false or reckless
disregard of the truth.
Reliance by receiver on the fact.
That is reasonable.
Damages that were caused by the
misrepresentation.
Joe Dryer
©2003
jdryer@breakawaysystems.com
50
Privity of Contract

Many courts have held an accountant does
not owe a duty to the public at large unless:
–
–
–

the accountant is aware that the report in
question is to be used for a particular purpose
a party known to the accountant is intended to
rely on the report
conduct by the accountant must link the
accountant to plaintiff’s reliance.
Due diligence investigations?
Joe Dryer
©2003
jdryer@breakawaysystems.com
51
SAS70 audits implicated?

The PCAOB draft audit standard of 7 October
2003 states:
B25. The use of a service organization does not
reduce management’s responsibility to maintain
effective internal control over financial reporting.
Rather, management should evaluate controls at
the service organization, as well as related
controls at the company, when making its
assessment about internal control over financial
reporting.
Joe Dryer
©2003
jdryer@breakawaysystems.com
52
Commercial Fraud and Privity

A college sued Coopers for professional negligence
and for breach of contract-for failure to detect and
notify the board of treasurer’s illegal, inappropriate,
and highly risky investments. College awarded
$12.65 million for negligence and $378,000 for
breach of contract. Board of Trustees of Community College Dist. No. 508 v.
Coopers & Lybrand

JNL alleged that E&Y’s audits of electronics
wholesaler Kent International Associates, Ltd., to
whom JNL was a lender, were negligent and
fraudulent. E&Y’s motion to dismiss was denied since
JNL sufficiently alleged a relationship approaching
privity with E&Y, and that JNL had properly alleged
fraud. Jackson National Life Ins. Co. v. Ernst & Young
Joe Dryer
©2003
jdryer@breakawaysystems.com
53
D&O Insurance



In several recent cases, courts have ruled that the
D&O policy proceeds, due to its inclusion of
corporate (entity) coverage, are part of the
corporation’s assets and awarded bankruptcy
trustees the proceeds to satisfy creditors.
In a few, recent high profile cases, D&O insurers
have attempted to rescind coverage as a result of a
financial restatement since the policy was issued
based on the understanding that the financial
statements were accurate.
D&O insurer will rescind policy once fraud is admitted
or if a company otherwise materially misrepresents
its risks during the D&O application process.
Joe Dryer
©2003
jdryer@breakawaysystems.com
54
Crime Pays?



SEC ordered Xerox executives to pay
$22.5 million in accounting fraud,
including $19.4 million disgorgement of
“profits attributable to the fraud”
Xerox said its bylaws required it to
reimburse executives’ disgorgement,
with the money to come from D&O
AIG is asking a state court in New York
City to void the D&O insurance since it
was issued under false pretenses due to
the accounting fraud.
Joe Dryer
©2003
jdryer@breakawaysystems.com
55
Summary
Sarbanes-Oxley, directly and indirectly,
materially expands individual liability for
problems judged after-the-fact
 Individuals should educate themselves
on their professional responsibilities and
rights
 Run a clean ship and document

Joe Dryer
©2003
jdryer@breakawaysystems.com
Download