Sarbanes-Oxley Internal Controls Provisions Forecast Accounting Fraud

By Jerri-Lynn Scofield, who has worked as a securities lawyer and a derivatives trader. She now spends much of her time in Asia and is currently working on a book about textile artisans.

A new study released last week establishes that material weaknesses in internal control provisions of the Sarbanes-Oxley Act (SOX) are good predictors of financial fraud.

The SOX legislation was enacted in 2002 in the wake of accounting scandals at companies including Enron and WorldCom– and which subsequently led to their collapse. It required CEOs and CFOs to attest personally to the adequacy of their internal controls provisions, and for outside auditors to sign off on them as well.

The study, Internal Control Weaknesses and Financial Reporting Fraud, conducted by Dain C. Donelson (University of Texas at Austin), Matthew Ege (Texas AM University), and John M. McInnis (University of Texas at Austin), examined 14,000 internal-control opinions from auditors for large and midsized corporations for the years 2004-2007. These reports provided the basis for assessing the relationship between reports of material weaknesses and reports of corporate fraud within the subsequent three years.

What did they find?

Well, to answer that, as well as to place its significance in context, allow me to quote extensively from Gretchen Morgenson’s piece, Sarbanes-Oxley, Bemoaned as a Burden, Is an Investor’s Ally, in Friday’s New York Times:

The exercise identified roughly 1,500 reports of material weakness at companies. And within three years, 127 of those companies faced legal actions that revealed fraud, the study said.

That’s not a big number. But here’s where the study gets compelling. Auditors had identified material weaknesses in financial reporting at about 30 percent of the companies that later disclosed accounting problems. Chief executives were named in 111 of the 127 fraud cases, and chief financial officers were identified in 108 of the cases.

“Over all, we believe this link should be of interest to regulators and the general public,” Mr. Ege said in an interview. “We need to ensure that entity-level weaknesses are being reported and not withheld.”

In the study itself, the researchers state quite clearly the implications of their research, not only for regulators, but for a panoply of others who use financial statements:

Our findings have implications for financial statement users, accounting scholars, policymakers, standard setters, and auditors. For users, our results indicate that the issuance by an auditor of an adverse internal control opinion is a ‘‘red flag,’’ indicating a higher probability that managers are committing (unrevealed) fraud. Further, the type of internal control weakness is important from a fraud prediction standpoint. For researchers, our findings imply that fraud and/or litigation prediction models should control for internal control weaknesses. For policymakers and regulators, our findings indicate that SOX Section 404(b) provides a potential benefit of an early warning system for future fraud revelation. Given the criticisms of SOX (e.g., Romano 2005) and discussion in favor of its repeal or curtailment (e.g., Rosen 2011), this benefit is an important consideration alongside the costs of internal control reporting. Policymakers and regulators could also consider ways to improve the accuracy of material weakness disclosures (study, p. 65; links omitted).

Ege has subsequently summarised these implications in pithier terms, as reported by Accounting Today, in Internal control weaknesses correlate with financial fraud:

“Although material-weakness reports mostly reflect accounting errors and portend revelations of fraud only infrequently, the fact that they precede almost 30 percent of the instances where fraud does, in fact, come to light should lead investors, regulators and legislators to take notice,” Ege said in a statement.

Campaign to Weaken Sarbanes-Oxley

The timing for release of this study couldn’t be better, as there’s currently a bit of a full court press going on, among companies, lobbyists, and business-friendly regulators, to weaken SOX’s Sarbanes-Oxley’s internal control provisions. This is just one part of the wider financial deregulation agenda, one in which some regulators are focusing on changes that might entice more companies to go public, as I discuss further below.

In addition to this study, I should mention in passing that other research suggests that promoting strong international controls promotes the interests of investors. Over to Morgenson again:

Here’s another reason to keep the financial reporting audit requirement: Research indicates that companies with weak financial reporting controls significantly underperform those with stronger setups. A 2007 study by Glass, Lewis & Company, for example, found that companies disclosing material weaknesses in their financial reporting during each of the prior three years were conspicuous market laggards.

The JOBS Act of 2012  relaxed SOX internal controls requirements for emerging growth companies (EGCs) with less than $1 billion in annual revenues.

Among those calling for further scaling back SOX’s internal control provisions is Tom Farley, president of the New York Stock Exchange, in testimony before a House subcommittee in July, as reported in the Wall Street Journal.

Farley’s testimony feeds into concern expressed by the new chairman of the Securities and Exchange Commission (SEC), Jay Clayton, over the decline in companies opting to go public. Their solution: weakening the securities law framework, in the hope that a reduced regulatory burden might entice these companies to hazard an initial public offering (IPO). SEC Commissioner Michael Piwowar, the most anti-regulatory of the three sitting SEC commissioners, favors expanding the exemption from the Sarbanes-Oxley internal controls provision.

The latest move to weaken SOX comes about as part of the wider Trump administration push for deregulation in general, and for the financial sector in particular– a subject I’ve previously written about in Financial Regulatory Rollback Proceeds and SEC Punts on Unfinished Dodd-Frank Agenda, Thus Avoiding Congressional Review Act . But the groundwork for gutting SOX was laid in the previous administration, with the JOBS Act that seriously weakened existing securities regulation for EGCs– and which Clayon has built upon and extended, as I discussed further in Doubling Down on Deregulation: SEC Extends JOBS Act Benefit in Elusive Quest to Goose IPO Market.

Bottom Line

While SOX was intended to increase accountability for faulty internal controls– and created penalties for CFOs and CEOs who signed off on them despite deficiences– the full potential of those provisions has never been effectively explored. Former Attorney General Eric Holder, followed by his successor, Loretta Lynch, failed to prosecute aggressively financial firms or their management for their actions that created the great financial crisis. Yves has posted extensively on the failure to tap the prosecutorial potential of SOX’s internal control provisions (see as only one of many examples, Wall Street Journal Tallies DoJ and SEC’s Pathetic Record in Tackling Wall Street Crime).

The Trump administration looks unlikely to do so either. Instead, what looks more likely is that Congress may scale back SOX’s internal controls provisions– or the SEC may seek to use tools at its disposal in pursuit of a similar objective. That would be a pity, as the latest study suggests that these regulations work as intended, to signal to those who use financial statements when to pay closer attention.


Print Friendly, PDF & Email