Last week, the SEC announced the settlement of an enforcement proceeding against VMWare in which it alleged that the company misled investors about its order backlog management practices, which allowed it to push revenue into future quarters by delaying customer deliveries to customers. Here’s an excerpt from the SEC’s press release announcing the settlement:
The SEC’s order finds that, beginning in fiscal year 2019, VMware began delaying the delivery of license keys on some sales orders until just after quarter-end so that it could recognize revenue from the corresponding license sales in the following quarter. According to the SEC’s order, VMware shifted tens of millions of dollars in revenue into future quarters, building a buffer in those periods and obscuring the company’s financial performance as its business slowed relative to projections in fiscal year 2020. Although VMware publicly disclosed that its backlog was “managed based upon multiple considerations,” it did not reveal to investors that it used the backlog to manage the timing of the company’s revenue recognition.
Under the terms of the SEC’s order, the company agreed, without admitting or denying the agency’s allegations, to refrain from future violations of Section 17(a)(2) and 17(a)(3) of the Securities Act & the books and records provisions of the Exchange Act. Over on Radical Compliance, Matt Kelly blogged some thoughts on some of the proceeding’s implications for internal controls:
The company did have a written policy about how to use discretionary holds; but that policy was so broadly worded — “backlog is managed based upon multiple considerations, including product and geography” — that executives could twist the policy to fit whatever aims they wanted. Like, say, manipulating the sales backlog to meet earnings expectations and hide weakness in revenue growth.
In theory, one could say that management should have had more disciplined documentation requirements, forcing executives to justify their discretionary holds according to more objective criteria. I’ve mentioned that concept before, in other posts about poor management judgment that gets the company into trouble. Your internal controls should require enough documentation that poor decisions stick out like a sore thumb, so that auditors or the board’s audit committee can see those bad choices from a mile away.
Then again, there’s a broader lapse in management judgment here, too. The SEC rapped VMWare on the knuckles for failing to disclose that it used discretionary holds to manage earnings; but even if the company had disclosed that, does anyone believe that would be a good idea?
By the way, the SEC’s fiscal year ends next Friday, so brace yourself for the customary torrent of year-end announcements relating to settled enforcement actions.
– John Jenkins