Over the years, the Securities and Exchange Commission’s (“SEC”) enforcement efforts have focused on a wide range of alleged misconduct, related but not limited to, intentional and non-scienter frauds, issuer reporting and disclosures, auditor shortcomings, absent or insufficient internal controls, deficient disclosure controls, non-GAAP measures, the Foreign Corrupt Practices Act, securities offerings, insider trading, broker dealer, and cyber-related misconduct.
Given the unique impact of financial statement frauds and relevance to companies, auditors, and investors, the Anti-Fraud Collaboration (“AFC”) undertook a study to classify common financial statement fraud schemes based on an analysis of SEC enforcement actions involving accounting or auditing issues where the SEC has issued an Accounting and Auditing Enforcement Release (“AAER”).
The SEC issued a total of 531 AAERs from January 1, 2014 through June 30, 2019. This study focused on 204 enforcement actions related to financial statement frauds from which we identified 140 fraud schemes. The objective of this study is to provide observations on higher risk areas that are susceptible to fraud and insights into what companies can do to identify and mitigate these types of fraud risks more effectively.
The most common types of fraud identified included:
- Improper revenue recognition
- Reserves manipulation
- Inventory misstatement
- Loan impairment deferral
There was rarely a single root cause for each matter, as each scheme typically encompassed multiple issues. This study identified a significant number of fraud schemes that also included misleading or inaccurate financial statement disclosures, material weaknesses in internal controls, and unsupported journal entries.
The industry sector that was most commonly charged by the SEC was technology services. The finance, energy, manufacturing, and healthcare industries also experienced several accounting and reporting issues. While the SEC frequently charged the issuer, it often also charged employees involved in the schemes. CFOs were the most commonly charged employees, followed by CEOs.
The SEC often described circumstances and cited common issues—such as tone at the top, high-pressure environment, business challenges, and lack of adequately experienced personnel—that could foster an environment or culture more conducive to fraud. This observation suggests a need for the board and audit committee, management, internal auditors, and external auditors to be attuned to both quantitative and qualitative metrics.
Although in many cases individuals have gone to great lengths to circumvent existing controls, executives, companies, and financial reporting ecosystem participants can learn from the enforcement actions how controls were circumvented and should continue to evaluate the strength and efficacy of internal controls, identify potential weaknesses, and design and implement improvements to internal controls.
Cases were brought against issuers of all sizes, in multiple jurisdictions, and across various industries. Although there is no perfect formula for preventing or detecting every instance of fraud, the types of fraud identified by the SEC in recent years reveal that the most common schemes and higher risk areas are not necessarily new. The kinds of business challenges that were frequently present in enforcement cases—pressure to meet analyst expectations, increased supplier costs, slowing demand for products, and more—are exacerbated during a crisis like COVID-19.
As the SEC continues to reinforce its core principles, drive new initiatives, and increase scrutiny of corporate compliance programs, companies should not lose sight of the core issues and underlying themes that are most pertinent to them. The key to protecting companies against fraud is vigilance, a continued resolve to exercise skepticism, and attention to the potential risks. Companies should remain focused on the fundamentals—controls, processes, and environments that impact financial recordkeeping and decision-making—and company-specific risks by conducting regular risk assessments.