Corporate Governance and Borrowing Powers of Directors - VII

The Enron scandal deeply influenced the development of new regulations to improve the reliability of financial reporting, and increased public awareness about the importance of having accounting standards that show the financial reality of companies and the objectivity and independence of auditing firms. One consequence of these events was the passage of Sarbanes–Oxley Act in 2002, as a result of the first admissions of fraudulent behavior made by Enron. The act significantly raises criminal penalties for securities fraud, for destroying, altering or fabricating records in federal investigations or any scheme or attempt to defraud shareholders. The act expanded criminal penalties for destroying, altering, or fabricating records in federal investigations or for any attempt to defraud shareholders.

A variety of complex factors created the conditions and culture in which a series of large corporate frauds occurred between 2000-2002. The spectacular, highly-publicized frauds at Enron,WorldCom, and Tyco exposed significant problems with conflicts of interest and incentive compensation practices. The analysis of their complex and contentious root causes contributed to the passage of SOX in 2002. In a 2004 interview, Senator Paul Sarbanes stated:

“

The Senate Banking Committee undertook a series of hearings on the problems in the markets that had led to a loss of hundreds and hundreds of billions, indeed trillions of dollars in market value. The hearings set out to lay the foundation for legislation. We scheduled 10 hearings over a six-week period, during which we brought in some of the best people in the country to testify...The hearings produced remarkable consensus on the nature of the problems: inadequate oversight of accountants,  lack of auditor independence,  weak corporate governance procedures,  stock analysts' conflict of interests,  inadequate disclosure provisions, and  grossly inadequate funding of the Securities and Exchange Commission.

”

• Auditor conflicts of interest: Prior to SOX, auditing firms, the primary financial "watchdogs" for investors, were self-regulated. They also performed significant non-audit or consulting work for the companies they audited. Many of these consulting agreements were far more lucrative than the auditing engagement. This presented at least the appearance of a conflict of interest. For example, challenging the company's accounting approach might damage a client relationship, conceivably placing a significant consulting arrangement at risk, damaging the auditing firm's bottom line.
• Boardroom failures: Boards of Directors, specifically Audit Committees, are charged with establishing oversight mechanisms for financial reporting in U.S. corporations on the behalf of investors. These scandals identified Board members who either did not exercise their responsibilities or did not have the expertise to understand the complexities of the businesses. In many cases, Audit Committee members were not truly independent of management.
• Securities analysts' conflicts of interest: The roles of securities analysts, who make buy and sell recommendations on company stocks and bonds, and investment bankers, who help provide companies loans or handle mergers and acquisitions, provide opportunities for conflicts. Similar to the auditor conflict, issuing a buy or sell recommendation on a stock while providing lucrative investment banking services creates at least the appearance of a conflict of interest.
• Inadequate funding of the SEC: The SEC budget has steadily increased to nearly double the pre-SOX level. In the interview cited above, Sarbanes indicated that enforcement and rule-making are more effective post-SOX.
• Banking practices: Lending to a firm sends signals to investors regarding the firm's risk. In the case of Enron, several major banks provided large loans to the company without understanding, or while ignoring, the risks of the company. Investors of these banks and their clients were hurt by such bad loans, resulting in large settlement payments by the banks. Others interpreted the willingness of banks to lend money to the company as an indication of its health and integrity, and were led to invest in Enron as a result. These investors were hurt as well.
• Internet bubble: Investors had been stung in 2000 by the sharp declines in technology stocks and to a lesser extent, by declines in the overall market. Certain mutual fund managers were alleged to have advocated the purchasing of particular technology stocks, while quietly selling them. The losses sustained also helped create a general anger among investors.
• Executive compensation: Stock option and bonus practices, combined with volatility in stock prices for even small earnings "misses," resulted in pressures to manage earnings.Stock options were not treated as compensation expense by companies, encouraging this form of compensation. With a large stock-based bonus at risk, managers were pressured to meet their targets.

The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR).

Under Section 404 of the Act, management is required to produce an “internal control report” as part of each annual Exchange Act report. The report must affirm “the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.” The report must also “contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” To do this, managers are generally adopting an internal control framework such as that described in COSO.

To help alleviate the high costs of compliance, guidance and practice have continued to evolve. The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007. This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance on June 27, 2007. It is generally consistent with the PCAOB's guidance, but intended to provide guidance for management. Both management and the external auditor are responsible for performing their assessment in the context of a top-down risk assessment, which requires management to base both the scope of its assessment and evidence gathered on risk. This gives management wider discretion in its assessment approach. These two standards together require management to:

• Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks;
• Understand the flow of transactions, including IT aspects, sufficient enough to identify points at which a misstatement could arise;
• Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework;
• Perform a fraud risk assessment;
• Evaluate controls designed to prevent or detect fraud, including management override of controls;
• Evaluate controls over the period-end financial reporting process;
• Scale the assessment based on the size and complexity of the company;
• Rely on management's work based on factors such as competency, objectivity, and risk;
• Conclude on the adequacy of internal control over financial reporting.