Home / Commentary / Management communications with auditors: what, how much and when?

Management communications with auditors: what, how much and when?

floyd_joseph-webThe federal securities laws provide an added incentive for corporate officers at pubic registrants to be transparent and honest with their representations to their company’s auditors.

In fact, if a corporate officer lies, or simply omits to tell an auditor a material fact that makes other information misleading, he or she may receive up to 20 years in prison or $5 million in penalties, or both.

The most relevant provisions of the federal securities statutes and regulations regarding interactions with auditors are as follows:

17 CFR 240.13b2-2 — Representations and conduct in connection with the preparation of required reports and documents.

(a) No director or officer of an issuer shall, directly or indirectly:

(1) Make or cause to be made a materially false or misleading statement to an accountant in connection with; or

(2) Omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which such statements were made, not misleading, to an accountant in connection with:

(i) Any audit, review or examination of the financial statements of the issuer required to be made pursuant to this subpart; or

(ii) The preparation or filing of any document or report required to be filed with the Commission pursuant to this subpart or otherwise.

The penalties for violating 17 CFR 240.13b2-2 are found in 15 U.S. Code §78ff — Penalties, and are as follows:

  • Willful violations; false and misleading statements

Any person who willfully violates any provision of this chapter (other than section 78dd-1 of this title), or any rule or regulation thereunder … shall upon conviction be fined not more than $5,000,000, or imprisoned not more than 20 years, or both, except that when such person is a person other than a natural person, a fine not exceeding $25,000,000 may be imposed; but no person shall be subject to imprisonment under this section for the violation of any rule or regulation if he proves that he had no knowledge of such rule or regulation.

Interestingly, though these laws arose out of the Sarbanes-Oxley Act of 2002, their prosecutorial application over the years doesn’t appear to match the number of matters brought by the U.S. Securities and Exchange Commission that allege the misrepresentation of facts or withheld information from auditors by corporate officers.

However, recent actions applying the “lies and omissions to auditors” laws against corporate officers have appeared, including the recent case described in the SEC’s Accounting and Auditing Enforcement Release, or AAER, against Philip R. Jacoby Jr., the former principal accounting officer of Osiris Therapeutics, a publicly traded biotechnology company.

Jacoby pleaded guilty to violating 17 CFR 240.13b2-2 in an action filed in the Southern District of New York. Per the release, Jacoby was sentenced to two years of supervised release and ordered to pay a criminal monetary penalty of $10,000 as a result of his conviction. In addition, following his plea, the SEC suspended Jacoby from appearing or practicing before the SEC pursuant to Rule 102(e)(2) of the SEC’s Rules of Practice.

For legal counsel who serve corporate officers of public registrants, an overview of the Jacoby case and a discussion of best practices for identifying relevant information to share with auditors are useful to avoid corporate officers being second-guessed regarding their communications with auditors.

Osiris is a biotechnology company that researches, develops and markets products for orthopedics, sports medicine, and wound care. Per the SEC complaint, for the seven quarters ended Dec. 31, 2015, Osiris and its former senior officers engaged in fraudulent activities to inflate their reported revenue.

Per the SEC, in connection with one distributor in possession of consignment inventory, Jacoby caused Osiris to recognize revenue of over $1 million for a purported sale in the fourth quarter of 2014, even though the transaction was not finalized until January 2015.

Of note, Jacoby allegedly solicited a customer to buy the goods maintained at the distributor in December, expressing cooperation on favorable sales terms during December 2014, but the customer didn’t respond until January 2015. The customer agreed to the sales terms and produced documentation as if the purchase occurred in 2014.

An overview of the Jacoby case and a discussion of best practices for identifying relevant information to share with auditors are useful to avoid corporate officers being second-guessed regarding their communications with auditors.

To make matters worse for Jacoby, the Public Company Accounting Oversight Board subsequently inspected the work papers of Osiris’ auditor, and the auditor asked Osiris for additional support related to the timing for this transaction’s revenue recognition in December 2014.

Per the SEC, to fulfill that request for the auditor, Jacoby conspired with the customer to provide such additional support.  According to the complaint, Jacoby prepared a letter backdated to Dec. 29, 2014, to memorialize sales terms as of that date.

Next, Jacoby used his personal email account to send the letter to the customer and stated:

“attached is something that I think you should find and send to me in an email saying you had this in your file from late last year, and just came across it — and that it does memorialize our several phone conversations … . Call me if necessary, but write a wonderfully warm and convincing email, please — send it to my Osiris email.”

Upon receipt of the fabricated letter from the customer, Jacoby forwarded the information to Osiris’ auditor.

Needless to say, situations such as Jacoby’s fraudulent letter are clear violations of the law. The more difficult situations for corporate officers arise when making ordinary course judgments about what, how much, and when to share information with auditors to avoid allegations, made with hindsight, that the officers have been less than forthright or even acting in a misleading manner with auditors.

From the initial planning phase and throughout the audit, transparent discussions enhance an auditor’s trust in management and avoid misunderstandings that may be perceived as violations of the law. Best practices for corporate officers in response to the major communication questions are described below.

  • What should be shared with an auditor?

There really is no reason to guess or speculate as to what should be shared with an auditor. The easiest approach is to ask during the planning stages for the audit. Of course, the auditor may give an answer that’s overbroad and vague. In that case, there are a few simple guide posts that can be established, and all relate to areas of risk for establishing the financial statements are free from material misstatement.

First, major considerations in forming financial statement ordinary course estimates, assumptions and judgments are important to share. Examples may include bad debts reserves, percentage of completion accounting and sales returns allowances. In contrast, matters related to the simple accumulation of transactional information such as payroll records or selection criteria for vendor payment timing are of less consequence.

Second, communicate matters that make the closing process and producing financial statements laborious or stressful. Examples may include correcting divisional accounting reports submitted to headquarters, or financial reporting matters discussed but not recorded on the financial statements. The latter category would include accrued expenses that management deems less than probable to occur, so no current period expense is taken. Similarly, not writing off assets but acknowledging there may be some question about the strength of the asset’s recovery or conversion into cash is also an accounting judgment to share with the auditor.

Third, share what’s new, different or changed related to business and sales practices. Accounting and financial reporting is a language for reporting business results and can be done properly only when all the facts are taken into consideration. New sales programs, changes in accounts receivable terms, or entering into distribution agreements would all be examples of matters to be shared with the auditor.

  • How much information should be shared?

For starters, management should share whatever it uses to form its financial statement assertions. Management should also be prepared to share more depending on the auditor requests to fulfill its obligations. This question is actually best answered through the transparent and open communication with the auditor.

  • When should information be shared with an auditor?

Interestingly, this may be the most important question and the one with the greatest sensitivity, especially noting the omission to share language in the law.

Importantly, there is a balance in the decision when to share sensitive information. Management needs to do its job and have a point of view, with a foundation in Generally Accepted Accounting Principles, on the proper financial reporting treatment for a transaction or event. But management must not delay for so long that it may appear to be withholding information from the auditor.

Once again, open communications allow for discussions with auditors to occur earlier and avoid misperceptions about management intent.

Most important, the management and auditor relationship requires trust to ensure an efficient and thorough audit process, and anything that may raise questions or doubts about the relationship should be addressed timely, and with the assistance and leadership of the audit committee.

Joseph J. Floyd, a CPA and attorney, is president of Floyd Advisory, a consulting firm in Boston and New York City that provides financial and accounting expertise in the areas of business strategy, valuation, SEC reporting and transaction analysis.

Leave a Reply

Your email address will not be published. Required fields are marked *



/* code for sifitag */