Software company Globalscape announced it would be restating its fourth quarter earnings after an internal forensic audit discovered transactions that "circumvented the company's internal controls," according to the
San Antonio Express-News. The audit found "improper arrangements" with customers that led the San Antonio-based company to overstate its year-end accounts receivable by $403,000 and its fourth-quarter license revenue by $396,000. Globalscape shares fell 23 percent on the day of the announcement.
Whether deliberate or not, misstatements of revenues and earnings by companies is a major concern for financial regulators and auditors. Within the last year, the U.S. Securities and Exchange Commission (SEC) alone has levied tens of millions of dollars in fines against large, diverse companies such as Ener1 Battery, Logitech, and Monsanto. This story is a good opportunity for internal auditors to refamiliarize themselves with why companies and their employees misrepresent earnings, and what auditors should be on the lookout for when auditing financial information.
The motivations for manipulations of revenues and earnings statements generally fall into four categories:
Bonuses (and jobs) depend on it. Performance-based bonuses have now been around for a few decades, and an increasingly large portion of executive compensation is tied to hitting certain performance targets. In many cases, these are adjusted non-Generally Accepted Accounting Principles metrics that are designed to enable CEOs to always hit those incentive targets. Stock prices and shareholder interests also are involved.
A desire to "lower the bar." Many cases of earnings misrepresentation actually involve companies
decreasing their earnings. While counterintuitive at first, hitting their objectives often is more important to executives than the amount by which they do so.
Everyone else does it. As soon as one company in an industry starts manipulating its numbers, other companies in the same region or industry are pressured to follow suit or get left behind.
- There still is too little real accountability. Despite efforts by the SEC, companies and executives — and sometimes auditors themselves — continue to manipulate financial information.
Auditors can never rely solely on the past when assessing whether misstatements or fraud may be involved. For example, an external audit firm may have had the same audit client for many years, and there have been no concerns about revenue misstatement in previous audits. But both internal and external auditors must always be aware of what is happening and changing, both in the broader environment, and for the company being audited. For example, in this story, Globalscape recently introduced a new product line. A common technique used in terms of sale is to provide special offers that allow potential buyers to pay later and even return goods, while revenues and earnings are counted up front. If such special offers exist, the auditor must complete different procedures than simply inspecting documents.
Revenue and earnings manipulations can be hard to spot, even when manipulation turns to fraud. The financial operations and associated financial statements also may be complex. For some time, regulators and auditors have been turning to big data and analytical routines to examine patterns in financial information that may reveal misstatement or fraud. The SEC is using a quantitative analytic model that is econometric-based, called the Accounting Quality Model (AQM). AQM is designed to identify earnings management by, among other things, determining whether a registrant's financial statements stand out from other filers' in its industry. Some examples of the more specific indicators of risk examined and risk scored include total accruals versus discretionary accruals — the model classifies the estimated discretionary accruals as risk indicators that could be manipulated — or an accounting policy in which a high proportion of transactions are structured off-balance sheet. Of course, results of this kind of analytical work form the basis of further investigation, rather than "prima facie" evidence of wrongdoing.
More generally, auditors must appreciate why it's important to understand the entity, its environment, and the assertions — along with the associated fraud risks. That includes how it earns and records revenue, and the types of revenue and revenue transactions. Auditors should analyze more qualitative elements such as the experience and credibility of the management team because they set the tone or culture under which the company's internal accounting function will operate. Moreover, they should bear in mind the four main motivations for financial manipulation. Professional skepticism and critical thinking are essential tools to apply. Once auditors have identified the risks, they must design audit procedures to respond specifically to those risks. These procedures may be different for each type of revenue or revenue transaction. For a helpful example of a specific methodology and guidance, as well as the auditor's responsibility related to fraud in financial statements, see Canadian Auditing Standard 240 and CPA Canada's Implementation Tool for Auditors at