SEC Enforcement Heats Up


by Edith Orenstein

SEC Enforcement is heating up with recent charges brought against one company for FCPA violations, and charges against another company's CEO and former CFO for fraudulent financial reporting, withholding information on significant internal control weaknesses, and filing false certifications under the Sarbanes-Oxley Act.

© MonkeyBusinessImages/Thinkstock

In the first case, Smith and Wesson agreed to settle charges brought by the SEC for $2 million, greatly outweighing the profit earned relating to one closed contract that brought a profit of $100,000 to the company arising from the illegal activities under the Foreign Corrupt Practices Act (FCPA). Such activities broadly defined under FCPA include improper payments to induce foreign officials to enter into contracts. Although certain activities may be considered common business practices in other countries, they are generally  frowned upon in the international regulatory community.

The questioned activities in the Smith and Wesson case allegedly took place in Pakistan, Indonesia, Turkey, Nepal and Bangladesh between 2007 and 2010 and involved, among other things, the use of third-party agents and gifts. The SEC said the company violated FCPA provisions related to anti-bribery, internal controls, and books and records. Smith & Wesson consented to the SEC order without admitting or denying the commission's findings.

Kara Brockmeyer, chief of the SEC's FCPA unit in the SEC's Enforcement Division, referred to this case as a "wake-up call" for companies entering high-risk markets, adding, "When a company makes the strategic decision to sell its products overseas, it must ensure that the right internal controls are in place and operating."

Further on the internal controls front, the SEC's second case this week brought charges on the CEO of QSGI Inc., Marc Sherman, and the company's former CFO Edward L. Cummings, for a slew of alleged violations ranging from fraudulent financial reporting to internal controls violations, failing to disclose internal controls violations (significant deficiencies) to their auditors, and  falsely certifying their Sarbanes-Oxley Section 302 Certifications.

The SEC's Enforcement Division found that the CEO and CFO misled the auditors, and that, "Had they disclosed the deficiencies and the circumvention of inventory controls as well as the improper acceleration of accounts receivable and inventory recognition, the auditors would have changed the nature, timing, and extent of their procedures in conducting the audit of QSGI’s financial statements."

More Heat for the 'Perfect Storm'?

Are the SEC Enforcement Division's two recent actions on the financial reporting and internal controls frontier an indicator of fulfillment of a promise made earlier this summer by SEC Enforcement Director Andrew Ceresney? I believe this is likely so, and further, I believe this is not surprising since the SEC has a regulatory mandate with respect to enforcing not only financial reporting, but also management reporting on internal control, and that management does in fact have internal controls over financial reporting in place.

With the 2013 release of COSO's updated Internal Control-Integrated Framework, due to supercede COSO's 1992 internal control framework in December of this year,  many presentations on implementing the new COSO framework have referred  to a key speech given earlier this year by PCAOB Board Member Jeanette Franzel, entitled Effective Audits of Internal Control in the Perfect Storm.

There are two particularly important themes among many that I'd like to highlight. First is taking a fresh look at internal control for your company's sake as you implement the updated COSO framework. This provides an opportune time to satisfy the SEC, and for your auditor to satisfy PCAOB's inspection requirements.

Second, Franzel noted that the most important objective of implementing the updated COSO internal control framework is not as a 'mapping' exercise, but as a top-down, risk-based review.

In addition to the Enforcement Division's statements that they are looking to become more aggressive in the area of financial reporting fraud cases, staff in the SEC Office of the Chief Accountant have made it clear that they would be focusing on internal control reporting this year. Specifically, SEC Professional Accounting Fellow Ryan Evans told an Accounting Workshop at PLI's SEC Speaks on February 21 that:

  • Internal Control over Financial Reporting (ICFR) is an ongoing area of focus
    • Make sure management/preparers stay focused on this important issue
    • [Many are] Hoping that any deferred maintenance of internal control doesn’t creep back
  • Some PCAOB inspection findings appear to [indicate] undisclosed material weaknesses
  • Management [should] focus [on this] issue
  • Last year, COSO released its updated internal control framework
    • 17 principles in the updated internal control framework
    • Each principle [gives you the] opportunity to have relevant controls
    • Great opportunity to take a fresh look [at your controls]
  • Think about whether a company’s internal control needs some of that [deferred] maintenance
A commitment to regulatory cooperation is another important area to consider. In announcing the Smith & Wesson decision, the SEC noted the company had cooperated with investigators and took several remedial actions, including halting the pending sales before they were completed and implementing significant measures to improve its internal controls and compliance processes. The company also terminated its international sales staff.

And, in late breaking news, the SEC  announced on Thursday an award of over $400,000 to a whistleblower who reported a fraud to the SEC. (See related column: Denial is Not a Strategy, Whistleblower Watchdog Warns.

Additional Resources: www.coso.org, www.antifraudcollaboration.org, www.financialexecutives.org/coso, http://www.sec.gov/spotlight/fcpa.shtml.