Monday, May 22, 2006

The 2002 U.S. Sarbanes-Oxley Act

Will it work and how does it affect Mexico?

By: Der Hurley MBA, CrFA, CFE

Most large corporations need the investing public to provide them with financing. Their shares are bought and sold in stock markets. The investing public will buy shares they think will bring the highest return. The value or price of a share is determined by how a company is doing at a given moment. Entities produce financial statements to inform the public how they are doing. Companies that offer their shares for sale to the public are mandated by law to hire an external auditing company to independently certify that their financial statements are true. U.S. stock exchanges are popular places for selling shares. Why? The U.S. is a wealthy country and one in every two U.S. adult citizen’s trade in stock markets. Most major multinationals of the world sell their shares in the U.S., including major Mexican based corporations. The U.S. share market is very competitive. There is tremendous pressure on companies to increase or at least maintain the price of their shares. They do this by putting their best face forward. People who are trying to sell themselves in an interview or on a date will dress or apply make-up to kill. So too can companies trying to sell their shares. The financial statements corporations produce to support their share price may range from the whole truth to a pack of downright lies. In the U.S. the regulatory body that oversees the public share market is the Securities and Exchange Commission or SEC for short. The SEC exists to oversee that all financial statements presented by share offerers to the U.S. public are not a bunch of lies. The 2002 Sarbanes-Oxley (SOX) Act extends the SEC’s regulatory powers. SOX was born out of a crisis just as the SEC itself was. The SEC was created soon after the Wall Street Crash of 1929. SOX was passed soon after the crashes of Enron, WorldCom and the external auditing company Arthur Andersen. Towards the end of the last decade some large U.S. based multinationals began to experience financial difficulties. Most rode the storm and reported the difficulties within their financial statements. A few decided differently, including Enron and WorldCom. Both companies produced false financial statements to cover up their financial woes. Enron and WorldCom deceived their outside auditors Arthur Andersen into thinking they were making profits when in fact they were losing money heavily. Once Enron and WorldCom got past their auditing gatekeepers they were able to deceive the SEC and the whole world. When the truth eventually came out, their share prices plummeted and both corporations went into bankruptcy. Arthur Andersen was barely recovering after Enron when WorldCom came along. WorldCom was Arthur Andersen’s deathblow and they too disappeared. Thousands lost their jobs. Millions lost their investments. The sheer scale of public outrage prompted the U.S. congress to introduce the SOX act.

Will SOX Work?

In the early 1930’s the SEC was created to protect the U.S. public from corporations and individuals that deliberately lie in order to attract investors. At that time the U.S. investing public cried out for a gatekeeper institution that would minimize the risk of their investing in fraudulent projects. The challenge for the SEC is that most investment projects that eventually turn fraudulent, start out honestly. The most notorious investment fraud scheme of all, the infamous Ponzi scheme, started life in good faith. Charles Ponzi was an impoverished Italian post World War 1 immigrant to the U.S. when he saw an opportunity that he genuinely thought was worth investing in. After the First World War, some European countries began issuing and selling postage stamps to finance reconstruction. Mr. Ponzi began buying and selling stamps. He initially turned a profit so he invited outside investors to participate. He promised huge short-term returns that he genuinely believed he could pay. The postage stamp business soon turned sour and Mr. Ponzi found himself in trouble. Rather than informing his investors that he could not meet his obligations he decided to pay them off. In order to get money to pay the initial investors Mr. Ponzi found more investors promising even higher returns. The new investors saw Mr. Ponzi paying huge dividends to the first investors so they thought they were onto a good thing. Many of the initial investors reinvested. Soon Mr. Ponzi forgot all about the postage stamps and concentrated all his efforts in persuading people to invest in nothing for huge returns. It went on and on, new investors paying off previous investors and also, of course, paying for Mr. Ponzi´s fabulous new lifestyle.

After the SEC was founded, two tools have been relied upon to achieve the objective of preventing people like Ponzi from soliciting investment funds from the U.S. public. The principal tool was that corporations were mandated to contract independent external auditors to verify whether or not their financial statements were true. A secondary tool was that the same corporations were required to send their quarterly and annual financial statements to the SEC. The system worked well. The U.S. economy grew by leaps and bounds. Most companies selling their shares through the U.S. stock markets were honest. Naturally they were exceptions. The SEC could not be expected to be 100% effective.

Then came Enron and WorldCom. The problem was not only the scale of the debacle. Another major issue was that Enron and WorldCom easily surmounted the principal SEC safeguard - independent assessment of the financial statements by the external auditors. There was a strong perception within U.S. public opinion that not only did Enron and WorldCom succeed in duping Arthur Andersen but they actually succeeded in co-opting the external auditors on board their fraudulent schemes. Forensic accountants and fraud examiners combed through Enron and WorldCom. They discovered the relationship both companies had with Arthur Andersen was altogether too cozy. The external auditing company was providing both Enron and WorldCom with all sorts of services that had nothing to do with the external audit. It was then perfectly legal for the external auditors to provide extra services to their clients. Something had to be done about this.

SOX attempts to address the ‘duping/co-opting’ issue through mandating external auditors to limit their services to each client to external auditing or other services but not both. Differently expressed, an external auditing company providing external audit services to a public corporation cannot provide other consulting services to the same client. Through this measure, SOX attempts to limit the commercial relationship between a publicly quoting corporation and its independent external auditors. It limits the commercial relationship but it does not avoid it. A corporation still has to pay an external auditing company to perform the audit. Some would argue that as long as the external auditors continue to have a commercial relationship with the company being audited they could never be truly independent.

Another issue highlighted by the Enron and WorldCom financial statement frauds was that their CEO’s cried ‘I did not know this was going on, I really thought our company was in great shape’. They tried to blame it all, at least initially, on lower-level employees. We all know what any good accountant is likely to say when asked what is two plus two - what would you like it to be is the half joking, half real reply! The moral of the story is that an accountant will declare that two plus two is equal to ten, only when requested to do so by the boss. SOX addresses the ‘no clue what was going on’ syndrome through mandating all CEO´s and CFO´s to sign-off on their quarterly and annual financial statements sent to the SEC. SOX mandates heavy jail time for signing off on falsified financial statements. However, there is no doubt that we will see in the future a CEO claiming the defense ‘I know I signed off on those financial statements but I was told by our financial people everything was okay.’

It is a commonly held belief that the financial statement fraud that occurred in Enron and WorldCom was due to weak internal controls. This is a myth. The internal controls over financial reporting in place in Enron and WorldCom were fine. What occurred at both companies is that top management overrode the internal controls. They put the internal controls to one side and went about their shenanigans. Fraud is more likely to occur in a company with weak internal controls. This statement is true for all frauds other than financial statement fraud. Internal controls over financial reporting will only function well in preventing financial statement fraud if allowed to by top management. The perpetrators of financial statement frauds are in a position to command their subordinates to ignore internal controls. SOX addresses the supposed weak internal control issue by mandating all publicly quoting companies to perform a yearly review of their internal controls over financial reporting. SOX further requires the external auditor’s certification of management’s review. Will this SOX measure be effective in preventing financial statement frauds in the future? As a forensic accountant and fraud examiner I am convinced that it will have little or no affect. I said above that occasionally corporations present financial statements that are a pack of lies. That is not quite true. What I should have said was - the final profit figure they come up with can be a huge lie. What occurred at Enron and WorldCom was that top management decided to manipulate a few accounts in order to come up with the final results they required. It was a bit like asking the accountants one hundred times what is two plus two. Ninety nine times out of the hundred they came up with four as the correct answer. Once in a hundred times they came up with ten as the false answer. Within Enron and WorldCom most of the financial reporting was done correctly. Consequently, the internal controls over financial reporting had to be functioning correctly. That little part of the financial reporting that was falsified and that had such enormous consequences was not a result of poor internal controls. It was a result of top management overriding the adequate internal controls in place in order to manipulate a limited number of accounting entries. With the internal control review mandate, SOX is trying to fix something that isn’t broken. The issue should not be the internal controls over financial reporting. The issue should be corporate governance and top management’s override of internal controls already in place. Apparently, there are thousands of public corporations currently spending millions of dollars in reviewing their internal controls over financial reporting. They are spending further enormous sums in paying their external auditors to review their review.

SOX does attempt to address the corporate governance issue through requiring the external auditors to report to the audit committee rather than top management. This sounds like the audit committee is being given some teeth at last. But who controls the audit committee’s budget? Will the CFO continue to control the cheques going out to the external auditors? In practice, the outside auditors will still have to deal mainly with the finance area for the day-to-day operation of the audit.

Another attempt to address the management override issue is the SOX mandate to all publicly quoting companies to allow their employees the opportunity to access a confidential fraud reporting mechanism. The SOX measure requires the confidential reporting mechanism, also known as a fraud hot-line, to be overseen by the audit committee and not top management. The thinking behind this measure is – would one or more of the lower-level employees at Enron and WorldCom have blown-the-whistle sooner if they had the opportunity? I am convinced they would have. Most accountants resent it when asked by their boss to declare two plus two is equal to ten. Many would jump at the opportunity to report the behaviour confidentially. The eventual whistle-blowers at WorldCom were their own internal auditors. Although they, like their external counterparts, are frequently seen as the enemy the internal auditors at WorldCom were tipped off by a lower-level financial employee. Studies conducted by the Association of Certified Fraud Examiners consistently show that fraud hot-lines are the most effective means of discovery of all types of fraud, not just financial statement fraud.

Under current corporate governance practice the chief internal auditor reports to the CFO or CEO. It was a miracle at WorldCom that the internal auditors eventually blew the whistle. The last decades have seen large corporations eliminating or downsizing their internal audit function. The U.S. investing public would have been well served if SOX mandated all public corporations to have an internal audit area. It would have been doubly well served if SOX mandated the head internal auditor to report directly to the chairperson of the audit committee. Then the internal auditors would be really looked upon as the enemy. Maybe after Enron, WorldCom and Arthur Andersen that would not be such a bad thing.


SOX applies to all Mexican corporations that quote their shares in the U.S. or are subsidiaries of any corporation that quotes its shares in the U.S.

When SOX first appeared some non-U.S. based multinationals immediately cried foul. Many European commentators complained the U.S. was attempting to breach their sovereignty through the application of an extra-territorial law. It was quickly pointed out to European corporations if they wanted to enter the U.S. to look for financing they would have to abide by U.S. laws protecting that financing. The extra-territoriality issue has recently been brought to the fore in Mexico as a result of the SEC investigation into TV Azteca. Newspaper columnists have questioned the SEC´s right to investigate the Mexico City based conglomerate. The SEC´s reply is that TV Azteca quotes in the U.S. stock market. The SEC is actually not looking at the dealings of TV Azteca. Rather, it is looking at one deal carried out by TV Azteca’s president Ricardo Salinas. By questioning the deal, the SEC’s states it is looking after the interests of TV Azteca’s minority shareholders.

SOX mainly addresses financial statement fraud such as that occurred at Enron and WorldCom. However, the TV Azteca case does not involve financial statement fraud at all. It would be better described as a conflict-of-interest fraud. The key points of the case appear to be as follows:

TV Azteca owns some 45% of a telecommunications company called Unefon.

·- Unefon owed some U.S. $325M. to Canadian based communications equipment supplier Nortel.

·- Unefon claims to have financial difficulties and cannot pay Nortel.

·- Nortel finally agrees to accept U.S. $107M. to liquidate the debt.

·-A Unefon now claims it cannot pay the U.S. $107M.

·- TV Azteca president Ricardo Salinas and Unefon president Moises Saba form a U.S. corporation called Codisco.

·- Codisco pays Nortel U.S. $107M.

·- Unefon pays Codisco U.S. $325M. for services rendered.

·- Messrs. Salinas and Saba, apparently, make U.S. $109M. each on the deal.

No criminal charges have yet to be brought against anyone. The Mexican financial authority the Comisión Nacional Bancaria y Valores (CNBV) is currently investigating. The SEC alleges Mr. Salinas and Mr. Saba defrauded Unefon of some U.S. $218M. Many have asked in Mexico what business is that of the SEC’s? The SEC´s reply is that it is their business because TV Azteca is a 45% shareholder in Unefon and TV Azteca quotes in the U.S. stock market. The SEC claims that TV Azteca’s minority shareholders were damaged by the deal. The SEC has informed Mr. Salinas he has to pay damages to TV Azteca and a fine to the SEC. Otherwise, Mr. Salinas would be banned from executive office in any corporation that sells its shares in the U.S.