July 20, 2015

Study: Disclosing Internal Control Weaknesses May Backfire

Here’s news from Baker & McKenzie’s Dan Goelzer: As noted in prior Updates, SEC officials have expressed concern that companies are not properly identifying and disclosing material weaknesses in internal controls, and that such weaknesses are too frequently disclosed only in conjunction with a restatement – after the damage is, in effect, done (e.g., January 2014 Update). However, an academic study in the May/June 2015 issue of The Accounting Review, published by the American Accounting Association, suggests that companies may have good reasons to be reticent about disclosing their control weaknesses: Companies that disclose material weaknesses in advance of a restatement are more likely to be penalized than those that do not. As summarized in an AAA press release, the study finds that there is:

“[N]o evidence that penalties following a restatement are more likely for firms that fail to detect and disclose their control weakness as required. Instead, firms that do report their control weaknesses in a timely manner are generally more likely to face [varied] penalties in the event of a later restatement. These results are consistent with the disclosure of control weaknesses making it difficult for management to plausibly claim later that they had been unaware of the underlying conditions in the control environment that led to their restatements.”

The study, entitled “Does SOX 404 Have Teeth? Consequences of the Failure to Report Existing Internal-Control Weaknesses,” was authored by Sarah C. Rice of Texas A&M University and David P. Weber and Biyu Wu of the University of Connecticut. According to the press release, the findings are based on analysis of the disclosures made by 659 companies that filed restatements between November 14, 2004 (when the internal control reporting requirements of SOX Section 404 became effective) and the end of 2010. During that period, 134 of the restating companies reported material weaknesses in their internal controls prior to announcing the restatement, while 525 did not report control weaknesses. Of those that did not disclose a material weakness prior to the restatement, 314 made after-the-fact disclosure of the existence of an internal control weaknesses at the time of the restatement.

The SEC enforcement risk associated with disclosing a material weakness is fairly small. The press release states that pre-restatement disclosure of a material weakness increases the likelihood of SEC enforcement action by about 6 percent, “probably because it aids the agency ‘in identifying cases where potential enforcement actions are likely to succeed and make it difficult for management to claim they were unaware of the problems that led to the restatement.’” Companies that make pre-restatement disclosures may also suffer other consequences:

– Class action lawsuits are “5 to 10% more likely when firms report internal control weaknesses prior to restatements”
– “Top management turnover is 15 to 26% more likely”
– “Auditor turnover is 6 to 9% more likely”

Professor Weber summarizes the study in these terms:

“For as long as anyone can recall, investors have complained about being blindsided by companies, where one day everything is fine and the next day it all falls apart. SOX 404 is supposed reduce the incidence of that sort of thing, but to do its job there has to be an incentive for top execs and auditors to divulge control problems in the company annual report, as mandated by the provision. I must admit that my colleagues and I were only mildly surprised that firms which fail to do so aren’t penalized. What surprised us a lot more is that companies which evidently take SOX 404 to heart are penalized.”

Comment: The study’s findings may provide interesting insight into SEC enforcement policy. The study should not, however, be used as a guide to corporate disclosure policy. If the Commission were to uncover evidence that a company intentionally withheld disclosure of a known material weakness, it is quite likely that it would bring enforcement action against the individuals – including, if applicable, audit committee members who made that decision or were aware of it.

Podcast: Fraud Enforcement Compliance

In this podcast, Michael Peregrine of McDermott Will & Emery discusses corporate governance & compliance matters relating to increased government fraud enforcement, including:

– What areas of corporate governance & compliance should directors & counsel be evaluating as a result of increased government fraud enforcement matters?
– How much of this is as a result of financial fraud enforcement and how much of this is as a result of health care fraud enforcement?
– What steps should be taken now to strengthen governance, compliance & oversight?
– What initial steps should be taken by a company that is the subject of a fraud enforcement matter?

Tomorrow’s Webcast: “Selling the Public Company – Methods, Structures, Process, Negotiating, Terms & Director Duties”

Tune in tomorrow for the webcast – “Selling the Public Company: Methods, Structures, Process, Negotiating, Terms & Director Duties” – to hear Greenberg Traurig’s Cliff Neimeth, Richards Layton’s Ray DiCamillo and Richards Layton’s Mark Gentile analyze the legal and commercial parameters of what you can – and can’t do (or should & shouldn’t do) – when shopping and agreeing to sell control of a public company are evolving due to judicial decisions, legislative developments and market conditions.

– Jeff Werbitt