Fraudulent Financial Reporting: An Update on SEC Investigations. Antoinette Lynch Stephanie Bryant Jacqueline Reck *

Transcription

1 Fraudulent Financial Reporting: An Update on SEC Investigations Antoinette Lynch Stephanie Bryant Jacqueline Reck * The Securities and Exchange Commission s enforcement activities came under significant scrutiny in the congressional hearings that culminated in the Sarbanes-Oxley Act of 2002 (SarbOx). In multiple sections of SarbOx, Congress gave new powers to the Securities and Exchange Commission (SEC) such as the ability to impose stiffer penalties on officers who certify and release fraudulent financial reporting. Additionally, several new crimes were considered punishable for securities violations. Congress also significantly increased the funding for the SEC, going significantly beyond the amounts requested by the President. Congress authorized the allocation of $776 million in 2003 to the SEC to improve everything from hiring qualified personnel to implementing new systems. Of the $776 million, $98 million was reserved for the SEC s enforcement responsibilities, specifically enforcing financial reporting laws. Prior studies have examined enforcement actions by the SEC in the pre-sarbox period (e.g., Beasley et al. 2000; Bonner et al. 1998, and Dechow et al. 1996). For example, Beasley et al. (2000) provide descriptive data about companies investigated for fraudulent financial reporting by analyzing SEC s Accounting and Auditing Enforcement Releases (AAER) between January 1987 and December However, much has changed since the issuance of SarbOx and the new responsibilities bestowed on the SEC. Given the increased * Antoinette Lynch is Assistant Professor of Accounting at Florida International University. Stephanie Bryant is Professor and Dan R. and Tina P. Johnson Distinguished Professor at the University of South Florida. Jacqueline Reck is Professor at the University of South Florida. 116

2 attention paid to the enforcement activities of the SEC by legislators, coupled with the substantial increase in the SEC s funding for enforcement activities, we can expect that the pattern of SEC enforcement actions would have changed in the post-sarbox period. In this paper, we provide insight into the investigations conducted by the SEC, prior to SarbOx ( ) and after SarbOx ( ). We investigate whether the profiles of companies investigated by the SEC for fraudulent financial reporting have changed in the post-sarbox period. A look into the current practices of the SEC s fraudulent financial reporting is necessary and timely given that listed companies have criticized the SEC for targeting certain industries and firm size, and imposing unwarranted stiff fines (Solomon 2004). The release of reported inefficiency within the SEC s internal financial reporting and documentation process also gives us a reason to study the SEC s current practices (GAO 2007). Additionally, auditors association with an SEC investigation can have negative consequences such as auditor litigation (Palmrose, et al. 2004; Kang 2008). Understanding SEC trends in particular industries is necessary to identify key risk areas in an audit (Deloitte & Touche LLP et al. 2004); thereby, assisting auditors in minimizing litigation risk, especially in areas common within SEC investigations. Our analysis focuses on SEC investigations issued between January 1, 1997, and December 31, In comparing our findings to Beasley et al. (2000) and Bonner et al. (1998), we find that there is one significant change in the profile of companies investigated before and after SarbOx the average size of a company that is the target of SEC enforcement actions is much larger in the post-sarbox period than in the pre-sarbox period. One possible reason could be that actions against larger companies may generate more attention, and hence perhaps can serve as a more effective deterrent to other companies and 117

3 their officers. Another significant change is the sharp decline in the number of firms within the financial services industry investigated by the SEC between 1997 and 2005, compared to prior years. We find similarities in industries heavily investigated by the SEC for financial statement fraud. There continues to be a heavy concentration of firms in the manufacturing, technology, and healthcare industries investigated by the SEC for fraudulent financial reporting. Further, not much has changed in the types of fraud identified by the SEC. Revenue recognition fraud, such as the recording of fictitious revenue, is the most prevalent fraud occurrence in manufacturing, healthcare, and technology industries. Consistent with past studies, we find a large number of frauds where the top executive (e.g., CEO, CFO or founder) is involved in the fraud. Surprisingly, the SEC seldom noted the involvement of technology in the commission of a fraud. We find this unusual given that general and application controls of systems are important factors in the quality of financial reporting. Additionally, we find that although the AAER was released post-sarbox, the period of fraud allegations was pre-sox for 75 percent of the investigations. These findings suggest that although much has changed since prior analyses of AAERs, the pattern of companies investigated and the type of fraud identified remain the same. Thus, even during a time of increased budget scrutiny, and indicators of different fraud types (e.g., off balance sheet entities) and methods (e.g., Internet and data mining software), it is evident that the SEC continues to utilize the traditional procedures from the past even today (Sitkin and Pablo 1992). The remainder of the paper is as follows. First, the literature review and research question are developed. This is followed by a discussion of the research. After the empirical results are presented, a summary and discussion are presented. 118

4 II. BACKGROUND AND LITERATURE The literature on fraudulent financial reporting is vast and continues to grow. Fraudulent financial reporting literature has ranged from exploring indicators to assessing judgment and decision making by practitioners. The purpose of this study is to update our understanding of SEC Accounting and Auditing Enforcement Releases by examining the characteristics of firms investigated by the SEC and use these characteristics to examine the profile of companies, pre- and post-sarbox. We compare indicators prior to SarbOx investigations ( ) to post SarbOx investigations ( ) and to the findings of prior research, while discussing the implications of our findings. Most recently, Carcello and Nagy (2004) reviewed AAERs issued between 1990 and 2000 to examine the relationship between audit firm tenure and fraudulent financial reporting. Nieschewietz et al. (2000) discuss issues related to external auditors detection of fraud, noting that auditors should devote considerable attention to identifying and developing their ability to recognize fraud cues. Eilifsen and Messier (2000) reviewed prior research that examines the incidence of financial misstatements and auditors ability to detect misstatements. Among other findings, Eilifsen and Messier (2000) noted that industry-specific traits cause a variation in the error rate across industries. The aforementioned research is pre-sarbox and has investigated a multitude of predictors associated with fraud. In the current study, we focus on several factors related to fraudulent financial reporting: the size of the firms involved in AAERs, industries that have been found in prior studies to be problematic with respect to fraud, client governance (i.e., CEO and CFO), most commonly used fraud techniques, and whether these techniques have changed in comparison to earlier findings, given the SEC s mention of 119

5 technology to commit or control financial statement fraud. Firm Size Journal of Forensic & Investigative Accounting Anecdotal evidence suggests that the size of AAER firms is increasing. For example, Charles Niemeier, the head of accounting in the SEC s enforcement division and one of the five members of the Public Company Accounting Oversight Board (PCAOB), stated that the number of financial fraud cases is not the big story...the bigger story is the size of the companies being investigated. We are investigating more Fortune 500 companies than we ever have (Pulliam 2002). In this study, we investigate whether this anecdotal evidence is supported by empirical data; i.e., an increasing trend in the size of firms investigated for financial fraud. Previous studies (Beasley et al. 2000; Eilifsen and Messier 2000) have found that firms involved in AAERs are small relative to the Fortune Although not specifically examining financial statement fraud, other studies have found that larger firms engage in illegal activity (Gillet and Uddin 2005; Dalton and Kesner 1988). While strong and effective internal controls are necessary to mitigate the opportunity to engage in fraudulent financial reporting, smaller firms tend to have limited internal controls, as compared to larger firms. Carcello et al. (2005) find the budget of an internal audit department is positively associated with company size, suggesting smaller firms invest less in maintaining adequate controls of financial reporting compared to larger firms. Internal control differences in firm size are also noted by the PCAOB (PCAOB 2007, paragraph 13). Industries Standard-setting bodies have long recognized industry as a potential inherent risk indicator in a financial statement audit. Most recently, the Public Company Accounting 120

6 Oversight Board (PCAOB) Auditing Standard No. 5 (PCAOB 2007) requires auditors to consider characteristics of a client s industry when planning an audit of internal control over financial reporting (PCAOB 2007). As suggested by Carcello and Nagy (2004), the lack of industry knowledge by auditors is likely related to fraudulent financial reporting. In comparing AAERs to a nonfraud control group, Carcello and Nagy s (2004) findings suggest that unfamiliarity with the client s background increases the likelihood of fraudulent financial reporting. Literature also reveals that fraud appears to be pervasive in certain industries. Past research has provided evidence of fraud concentrations in the technology (Loebbecke et al. 1989; Dechow et al. 1996; Bell and Carcello 2000; Beasley et al. 2000), manufacturing (Bonner et al. 1998), financial services (Dechow et al. 1996; Bonner et al. 1998; Beasley et al. 2000) and healthcare (Beasley et al. 2000) industries. Corporate Governance Prior studies have provided insight into the relationship between corporate governance (e.g., board of directors and CEO) and the financial health of the company (Carcello and Neal 2000; Persons 2005; Sharma 2004; Beasley 1996; and Dechow et al. 1996). Persons (2005), using logit regression analysis, found evidence which suggests incidents of lower fraudulent financial reporting is achieved by having audit committees whose directors are all independent and whose directors limit their directorship with other companies. Both Beasley (1996) and Dechow et al. (1996) used a sample of fraud and nonfraud firms to examine the relationship between board of directors composition and fraudulent financial reporting. Beasley s (1996) results indicated that a higher proportion of outside directors to total directors on the board would reduce the likelihood of fraud in the 121

7 financial statements. More recently, Gillett and Uddin (2005) extend the theory of reasoned action to examine CFO s intention to engage in fraudulent financial reporting. Using structural equation modeling to analyze survey results, Gillett and Uddin (2005) found that CFOs of larger companies are more likely to engage in financial fraud reporting. Collectively, these studies suggest that there is an association between corporate executives and the likelihood of fraudulent financial reporting. Additionally, SAS No. 99 states that "management is in a unique position to perpetrate fraud because of its ability to directly or indirectly manipulate accounting records and prepare fraudulent financial statements by overriding established controls that otherwise appear to be operating effectively," and thus requires auditors to address risk of management override (SAS No. 99, paragraph 57). Top management s ability to override internal controls and perpetrate fraudulent financial reporting is a key factor underlying the provisions of the Sarbanes-Oxley Act of In addition to strengthening corporate governance practices, Sarbanes-Oxley requires CEOs and CFOs to attest to the accuracy of their firm s financial statements. Fraud Type Prior studies have shed light on the types of fraud (i.e., fictitious revenue) associated with fraudulent financial reporting. Loebbecke et al. (1989) examined the frequency of fraud types, finding that revenue recognition fraud schemes were the most prevalent type of fraud. Bonner et al. (1998) examined AAERs issued between for 261 firms, finding that omitted or improper disclosures comprise the largest number of frauds within the sample, followed by fictitious revenues and overvalued assets and/or reductions of 122

8 expenses/liabilities. Feroz et al. (1991) examined AAERs issued between April 1982 and April 1989 for 224 firms, and found that more than 50 percent of the AAERs reviewed involved overstatement of accounts receivable, while 24 percent involved overstatement of inventory. Beasley et al. (2000) identified the types of fraud schemes most prevalent within the technology, healthcare, and financial services industries. Within the technology industry, recording fictitious revenues and recording revenues prematurely were the fraud schemes of choice, while overstating assets was the most often used fraud method within the financial services industry. The healthcare industry was not strongly associated with one particular type of fraud. Sample III. METHOD In gathering our sample, we analyzed all SEC Accounting and Auditing Enforcement Releases (AAERs) issued between January 1, 1997, and December 31, Consistent with prior studies that have used AAERs as a proxy for fraudulent financial reporting (Beasley 1996; Dechow et al. 1996; Bonner et al. 1998; Beasley et al. 2000; Carcello and Nagy 2004; Erickson et al. 2004), we focus on AAERs that involve violations of Rule 10(b)-5 of the 1934 Securities Exchange Act, as this is the primary antifraud provision related to financial statements (Beasley et al. 2000). Our initial search of the AAER database identified AAERs opened between January 1, 1997, and December 31, In this study, we focus on public companies only, thus AAERs that cited auditors for negligence were eliminated. Consistent with prior research 123

9 (Dechow et al. 1996), we also eliminated AAERs that cited misrepresentations in initial public offerings (IPOs). These IPOs did not directly affect the financial statements, and limited or no information was available on these companies. Finally, AAERs cited on the same firm were considered duplicates and eliminated, bringing us to our full sample size of 343 firms cited for fraudulent activity. Many of these firms were accused of committing multiple types of fraud (e.g., revenue fraud and omitted disclosure), and in these cases, each fraud type violation was reviewed and counted per firm. The pre-sarbanes-oxley period in our sample includes the years 1997 through 2001, while the post-sarbox period is years 2002 through Data Collection and Taxonomy of Fraud Types To classify fraud types, we adapted the taxonomy developed by Bonner et al. (1998), which has 12 general categories of fraud type. However, we modified Bonner et al. (1998) fraud type taxonomy by combining the revenue fraud categories into one group called Revenue recognition problems and the asset fraud categories into one group called Asset valuation problems, giving us 10 rather than the 12 general categories of fraud type. These modifications reduced the potential error of identifying different types of revenue and asset frauds based on limited and ambiguous information provided in some AAERs. Additionally, using a prior taxonomy assists in benchmarking our findings against prior literature. Finally, COSO s (1999) Report on Fraudulent Financial Reporting, other regulatory bodies, and prior research motivated our need to add two other categories addressing technology (Category 11-IT involvement to detect or commit fraudulent financial reporting) and management override (Category 12-CEO, CFO, or Founder involvement in fraudulent 1 Sarbanes-Oxley was passed in July of 2002; however, its passage was anticipated and the SEC was already under pressure to increase enforcement subsequent to Enron in

10 reporting). Table 1 identifies the taxonomy used in this paper (See Table 1). To collect data, we read each AAER in detail and gathered information to complete our checklist consisting of the classifications of fraud types, IT involvement, and fraud perpetrators. After developing working knowledge of the checklist and pilot testing approximately 20 AAERs face-to-face, we developed a data dictionary of the types of fraud, along with the fraud schemes implicit in that category. Next, we used two rounds of individual, preliminary coding to test for consistency among the coding of the three authors. Any ambiguities in how to classify certain schemes were discussed and resolved. Finally, we divided the AAERs evenly among the authors and coded the AAERs. Most AAERs cited multiple fraud schemes. IV. RESULTS Firm Size The information in Table 2, Panel A reports, by year, the size of firms in our sample, providing the mean and median of total assets and net sales. In the analysis of size our full sample of 343 firms is reduced to 237 firms due to data availability constraints imposed by the use of Compustat data for asset and sales amounts. Table 2, Panel A indicates that there is a relative increase in the size of firms committing fraud. Beasley et al. (2000) report median total assets for fraud firms as $11.1 million over the timeframe. Bonner et al. (1998) report the mean (median) total asset size of fraud firms as $2.8 billion ($34 million) over the time period. Our analysis over the timeframe shows a mean (median) total asset size of $14.8 billion ($1,590 million), providing evidence that the size of the firms involved in fraudulent financial reporting has increased relative to the 125

11 investigative periods. Cox-Stuart test of trends indicates a significant increase in the median size of assets and sales (one-sided p-value = 0.063) over the study period, Results are unchanged when the trend test is conducted on inflation adjusted assets and sales. Additionally, the trend persists when 1997, the year with the smallest mean firm size, is dropped. As a final test, we partition the data into the pre-sarbox and post-sarbox periods and find that assets and sales are significantly (one-sided p-value <0.01) larger in the post-sarbox period than in the pre-sarbox period. The results of the current study indicate an increase in firm size investigated by the SEC compared to the results of prior studies (Bonner et al. 1998; Beasley et al. 1999). Our findings suggest that the SEC has targeted larger companies that could have the potential to create a crisis in stockholder confidence, similar to the crisis that occurred with large companies such as WorldCom, Enron, and Adelphia. In Table 2, Panel B, we further study the trend of firm size by identifying the frequency of fraud categories by small compared to large firms for the 237 firms on which Compustat size data are available. We identify small and large firms based on the median value of firm assets in the year of the AAER. A Fischer s Exact test indicates that the proportion of revenue frauds (two-sided p-value=0.034), equity frauds (two-sided p- value=0.040) and CEO related frauds (two-sided p-value=0.022) committed by small firms is significantly greater than the proportion of revenue frauds and CEO related frauds committed by large firms. Conversely, the proportion of omitted or undervalued liability frauds committed by large firms is significantly (two-sided p-value=0.017) greater than the proportion committed by small firms. Perhaps not surprisingly, the number miscellaneous frauds, which includes consolidations is significantly (two-sided p-value,0.01) greater for 126

12 large firms than small firms. Thus, while the size of the firm involved in SEC investigations has increased, the frauds committed by smaller firms in the categories of revenue, equity, and CEO involvement is significantly greater than for larger firms. Larger firms had significantly higher incidents of omitted/undervalued liability frauds and other types of frauds, which include consolidation activities. Firm structure, inherently, determines the level of top management involvement and the perceived influence of management styles and actions on financial performance. For instance, top management of smaller firms is likely to face fewer hurdles (e.g., flatter organizational structure, influence over board members and CFO), and higher perceived opportunities and pressure to perpetrate fraud than top management of larger companies (See Table 2). Industries Our study also indicates changes in the industries involved in fraud. Using the frequency of AAERs associated with each SIC code, and the findings from Beasley et al. (2000) and Bonner et al. (1998), we focus our industry analysis on manufacturing, technology, healthcare, and financial services. As Table 3 shows, SIC codes are not mutually exclusive in our industry analysis. Thus, some of the 343 firms in our sample are counted in more than one industry category (e.g., SIC codes 28 and 38 appear in manufacturing and health care). Interestingly, for the manufacturing sector, we calculated the identical percentage of fraud as the Bonner et al. (1998) study (38 percent). Dividing the frauds into those identified pre-sarbox and post-sarbox, the percentage of frauds attributed to manufacturing firms is 42% in the pre-sarbox period compared to 34% in the pos- SarbOx period. The manufacturing sector has the highest incidence of fraud within our 127

13 sample 2. Manufacturing is followed by the technology industry and the service industry, with 27 and 28 percent of frauds, respectively, within our sample. Both the technology industry and service industries show sharp increases over the period covered by Bonner et al. (1998). This increase is reflected in both the pre-sarbox and the post-sarbox data. Further analysis indicates that 74 percent of the service industry frauds are attributable to SIC 73, which is also included in the technology industry. During the time period , our AAER sample of firms indicates fraud in the financial services industry sharply declined to 8 percent of firms compared to the 33 percent of firms found in Beasley et al. (2000) and the 26 percent of firms found in Bonner et al. (1998). The healthcare industry shows a sharp decrease from 29 percent over the period reported by Beasley et al. (2000) to 15 percent in the current study. In both instances the pre and post-sarbox data indicates lower percentages. Changes in regulatory environment could in part contribute to the differences seen in the current study relative to prior studies. Industry-specific regulation that indirectly relates to financial reporting for healthcare and financial services could be affecting the changes observed. For example, within the healthcare industry, noncompliance allegations related to the 1996 Health Information Portability and Accountability Act (HIPAA) totaled 19,420 between 2003 and 2006, increasing the salience of accountability and oversight in healthcare. The financial services industry continues to fall under an increasing number of regulations in addition to having to comply with SarbOx, which may help explain the industry s sharp decline in fraudulent behavior (See Table 3). 2 SIC 35, which we count separately in the technology industry, accounts for 16 percent (21/130) of the manufacturing sector fraud cases. When SIC 35 is removed from the manufacturing sector, the remaining manufacturing sector frauds (109/343) drop to 32 percent of all frauds still the largest percent of frauds. 128

14 Table 4 reports the frequency and relative percentage of fraud within industries. Beasley et al. (2000) identified fraud techniques most prevalent in the technology, healthcare, and financial services industry. Consistent with prior research (Bonner et al. 1998; Beasley et al. 2000), fraudulent financial reporting continues to be heavily concentrated in the manufacturing (SIC 28, 35, 36 and 38), healthcare (SIC 28 and 38), and technology (SIC 35 and 73) industries. A Kolmogorov-Smirnov test was conducted to determine if the frequency of a fraudulent financial reporting type was significantly different across the industries. To ensure proper weighting, the frequency variable used in the test was the frequency of the error divided by the number of firms in the industry (e.g., the frequency of revenue fraud in manufacturing was calculated as 71/130). 3 The results indicated no differences (p-values > 0.10) in the frequency of revenue, asset or executive management fraud across industries. Thus, across all industries, the relative percentage of fraud type occurrence is quite similar, whereas Beasley et al. (2000) found revenue fraud techniques to be significantly more pervasive in the technology industry compared to that of the financial services industry. Within the financial services industry, they found asset overstatement to be significantly more common than within the technology industry. Shortcomings within the industries identified by Beasley et al. (2000) and Bonner et al. (1998) still hold true. Staff Accounting Bulletin No. 101 (SAB 101), issued by the SEC in December 1999, outlines general revenue recognition rules (e.g., there is persuasive evidence of an arrangement; delivery has occurred or services have been rendered) for most traditional business models, and provides additional guidelines for companies with 3 Because the focus of Table 4 is the industries identified, not all firms in the full sample are used (e.g., firms in SIC 16, oil and gas). Additionally, some firms are counted more than once if their SIC code is classified in more than one industry (e.g., SIC code 28 and 38 are in both manufacturing and healthcare). 129

15 nontraditional models. Within the healthcare, technology, and manufacturing industries exists a diverse group of nontraditional business models, and thus various perceived alternatives for developing revenue recognition computations for multiple elements of products and services (e.g., license rights, post-contract customer service/products, delivery of service). Alternative measures leave room for fraudulent financial reporting in revenue recognition, asset valuation, and proper disclosures (e.g., side contract arrangements), even when terms are specified in a written contract (PwC 2008; Fich and Shivdasani 2007; Phillips et al. 2001; SEC 1999) (See Table 4). Comparison of Fraud Types In Table 5, we compare the frequency of fraud-type occurrences in the current study pre and post-sarbox and where appropriate we also include a comparison with Bonner et al. (1998). As stated previously, we adapted Bonner et al. s (1998) taxonomy of fraud classifications, allowing us to directly compare our results to the results of Bonner et al. (1998). Most telling is our finding on how many of the firms in our full sample indicated management s involvement in the fraudulent financial reporting activity. These findings are consistent with prior research examining senior executive involvement in fraudulent reporting (Dechow et al. 1996; Beasley et al. 1999; Beasley et al. 2000). In our sample, the CEO, CFO or founder was implicated in 220 of the 343 firms with fraudulent activity (64.1 percent). The number of times the CEO, CFO or founder was implicated is not significantly different in the pre and post-sarbox periods. The findings indicate how critical it is for the auditor to conduct a proper assessment of the control environment, including the ethical nature of the top executives within the firm. Additionally, the high percentage of fraud 130

16 allegations involving corporate executives lends support to SAS No. 99, which requires auditors to consider management overrides and revenue recognition principles. While the corporate board is charged with monitoring top management and protecting the interest of stockholders, the corporate CEO can also be the chairperson of the board (Jennings et al. 2006). Thus, top management involvement may reflect a need to further reform SarbOx s policies on board composition. In examining firm type, revenue recognition, asset valuation, and omitted or improper disclosures continue to be dominant forms of fraud. Revenue recognition frauds (item 1) (198 occurrences), represent a smaller percent (22.4 percent) of total fraud occurrences than in the Bonner et al. (1998) study (30.6 percent). There appears to be a decline in the number (19) and percentage occurrence (2.2 percent) of frauds related to omitted or undervalued liabilities (item 4) when compared to the earlier time period (39 occurrences representing 6.3%). The three areas where fraudulent activity appears to be increasing by the largest percentages are omitted or improper disclosures (item 5) (202 occurrences versus 104 occurrences) in the earlier study, illegal acts (item 9) (70 occurrences versus 18 occurrences in the earlier study) and miscellaneous types of fraud (item 10) (46 occurrences versus 5 occurrences in the earlier study). An analysis of fraud occurrences pre and post-sarbox indicates that there have been significant changes in three areas over the pre and post periods. The occurrence of misclassification activities (item 2) have significantly (two-sided p-value < 0.01) increased in the post-sarbox period examined, going from 7 to 24 occurrences. However, both equity fraud occurrences (two-sided p-value < 0.01) and illegal acts (two-sided p-value < 0.05) have significantly decreased in the post-sarbox period. Equity fraud occurrences have 131

17 decreased from 38 to 22 occurrences while illegal acts have gone from 41 to 29 occurrences. PCAOB highlights the importance of technology in ensuring financial statements are free of material misstatement. Additionally, IT effectiveness is not the same across industries, specially the healthcare industry. Lutchen and Collins (2005, 27) report: Industries around the world have embraced information technology (IT), successfully integrating it into their business models as a powerful way to foster growth, enhance interconnectivity, and bolster the bottom line. Leaders in these industries - from transportation to finance, communications to defense - consider IT integral and inseparable from their daily business operations. They recognize that there is no greater impediment to innovation and success than falling behind the IT curve. Unfortunately, the health care industry has fallen behind that curve. While the industry has been an innovative leader in clinical technology, it has failed to fully integrate IT into business operations. The result? The industry now faces an unprecedented crisis complete with economic pressures, performance issues, legislative directives, and critical risks. Thus, we found it appropriate to review each AAER for SEC s mention of technology in reference to IT governance and controls to either allow, prevent, or detect fraudulent financial reporting. Surprisingly, technology was seldom mentioned in the prevention or executive of fraudulent financial reporting. The use of technology was referenced in the commission of fraud for nine of the 343 firms investigated. Given our understanding of the benefits of technology (e.g., improve consistency, financial transparency, and regulatory reporting), this finding suggests that the SEC investigations should disclose whether technology was involved in the commission of fraud (See Table 5). Subsequent Analysis We tested whether there is an increasing trend related to number of frauds within 132

18 industry category for the period A Cox-Stuart trend test indicates that financial services and transportation industries show an increasing trend (p-value=.0625) related to number of frauds; however, no other industries show such a trend (p-values > 0.10). We also investigated whether structural changes within SIC codes could explain the differences in percentages between the studies. For example, were more frauds within the technology industry found because there are simply more technology firms now? Analysis does not bear this out. With the exception of manufacturing, Compustat listed fewer firms within the industries of interest: finance, insurance, and real estate (3,289 in 1997; 1,425 in 2005); healthcare (1,879 in 1997; 1,230 in 2005); manufacturing (1,830 in 1997; 2,900 in 2005); and technology (2,628 in 1997; 1,176 in 2005). To more closely examine the trend in fraud types, Table 6 breaks out fraud types by year. Using a Cox-Stuart test to analyze trends over the period, we find a significant upward trend in executive (i.e., CEO, CFO, and founder) involvement in fraudulent financial reporting, as indicated by the p-value of the Cost-Stuart test (p-value= ). Results are the same when the Cox-Stuart tests are conducted on the relative percentage of fraud occurrences (See Table 6). V. CONCLUSION This paper has examined characteristics of firms investigated by the SEC for fraudulent financial reporting during the timeframe and whether trends of SEC investigations exist between pre-sarbox and post-sarbox, in addition to examining the relationship between industry governance rules and technology usage. For the pre- and post- SarbOx investigation, we find the average company targeted by the SEC is significantly 133

19 larger in the post-sarbox period, compared to the pre-sarbox period. We find that relative to earlier studies, there have been some important trends in AAERs and fraudulent financial reporting. Relative to prior research studies (e.g., Beasley et al. 2000; Bonner et al. 1998) the mean (median) size of the AAER firms in our study is larger, and the trend, over the time studied, shows AAER firms becoming somewhat larger. While manufacturing remains the industry with the highest incidence of fraud, the financial industry does not exhibit the same level of financial fraud as reported in earlier studies (e.g., Beasley et al. 2000). Consistent with prior research, the technology industry continues to experience a high level of fraud. The decline in the number of AAERs in the financial services industry, including banking, may be due to the increased scrutiny received by these industries. In particular, previous studies such as Bonner et al. (1998) contained sample years in which the savings and loan industry collapsed. Since then, new legislation such as the Federal Institutions Reform, Recovery, Enforcement Act of 1989 (FIRREA), which instigated the bailout and deregulation of the S&L industry, has greatly altered the landscape of the financial services and banking industry. In prior research, the financial industry was listed as a major industry investigated for fraudulent behavior. However, our data collection revealed a sharp decline of investigations within this industry compared to prior research. Prior research analyzed SEC investigations during a time when globalization and diversification of services via technology was uncommon within the financial industry; thus, increased and necessary reliance on technology to meet regulatory requirements may support our trend of fraudulent behavior within the financial industry. In our data collection, 66 percent of the companies within the healthcare industry were being investigated for revenue recognition problems. Compliance through the use of technology could have potentially enabled auditors to 134

20 determine access privileges to billing and trace billing back to the initiating document and payment, making it difficult to circumvent detection procedures without collusion. Similar to healthcare, most fraud within the manufacturing and technology industries occurred in the area of revenue recognition. While overall the firms in our sample are relatively larger than those in past studies, it is the smaller firms within our sample that show the highest proportion of revenue fraud and frauds committed by top level management. Conversely, the larger firms show a higher proportion of asset frauds. Our research suffers from several limitations. Some measurement error exists since classifying frauds required subjective assessment on the part of the authors. We attempted to mitigate measurement error by consulting co-authors for particularly troublesome classifications. Additionally, bias exists because only those frauds identified through AAER actions are included in the sample, thus, excluding all fraud incidents that the SEC chose not to investigate. Additionally, the descriptions provided in AAER actions range in their amount of detail. For example, while the frequency of AAERs that involved IT was low, we believe that due to the pervasiveness of technology within the corporate financial data transmission structure, that many fraud incidents involved the use of technology (e.g. Internet, software, or technology). However, such information was not noted in the AAERs. Also, our findings may differ from prior research due to a different data collection method and investigative strategies of the SEC. For example, over the last several years, the SEC has implemented policies intended to increase the likelihood that whistleblowers and investors will file a complaint. Finally, small sample sizes within some types of fraud limit the ability to test each fraud category separately. 135

21 For auditors, the findings have tremendous practical application. Audits of manufacturing and technology firms should be carefully planned with an eye to fraud within this industry. Revenue recognition procedures and asset valuation should be scrutinized with the increased professional skepticism required by SAS No. 99. Larger firms should not be assumed to be free of fraud. Indeed, it is larger firms that are increasingly involved in fraudulent financial reporting. With respect to revenue recognition issues, smaller companies should bear significant scrutiny; while larger companies bear scrutiny relative to asset valuation issues. Lastly, the ethos of the CEO and CFO should be particularly examined. In over 60 percent of the firms we examined the CFO, CEO or founder was implicated in the fraud. Auditors must be vigilant in investigating the ethics of these particular top management individuals. The findings herein can aid auditors greatly in audit planning as they continue to wage war on fraudulent financial reporting. 136

22 TABLE 1 Taxonomy for Fraud Classification Code a Fraud Type/Category 1 Revenue recognition problems (fictitious, premature and improper) 2 Misclassifications 3 Asset valuation problems (fictitious or overvalued) 4 Omitted or undervalued liabilities 5 Omitted or improper disclosure 6 Equity fraud 7 Related party transactions 8 Frauds going the wrong way 9 Illegal acts 10 Miscellaneous (including consolidation) 11 IT involved in the fraud 12 CEO, CFO or Founder involvement with the fraud a 1-10 are adapted from Bonner et al (1998). Items 11 and 12 are adapted from COSO (1999). 137

23 TABLE 2 Descriptive Data on Size of AAER Firms Panel A: Number and Size (in Millions of Dollars), Identified by Year of AAER Action Year Total AAER Firms in Sample Subsample of Firms with Size Information Available on Compustat Total Assets a, b Mean (Median) Net Sales a, b Mean (Median) $323 ($46) $226 ($53) $4,820 ($38) $4,633 ($33) $5,171 ($105) $606 ($82) $3,249 ($40) $3,301 ($66) $17,060 ($156) $4,202 ($194) $4,744 ($170) $2,575 ($179) $62,887 ($711) $7,085 ($888) $38,240 ($1,154) $12,964 ($716) $14,754 ($1,590) $5,556 ($1,312) Total Pre Post $5,509 (69) $2,296 (73) $28,299(622) $6,530 (478) Panel B: Fraud Category Frequency by Firm Size c Fraud Categories Small Large Firms Firms d 1 - Revenue recognition problems (fictitious premature and improper) Misclassifications Asset valuation problems (fictitious or overvalued) Omitted or undervalued liabilities Omitted or improper disclosure(s) Equity fraud Related party transactions Frauds going the wrong way Illegal acts Miscellaneous (including consolidations) IT involved in the fraud CEO, CFO or Founder involvement with the fraud

24 a A Cox-Stuart test for trends conducted on medians indicates an increasing trend (one-sided p- value = 0.063) in the size of assets and sales. b Represents the mean (median) for total number of firms for which asset and sales information are available on Compustat. c Firms are divided into small and large at the median of firm assets in the year the AAER is identified. Data are provided for those firms with size information available on Compustat. d Significant differences are found between large and small firms using Fischer s Exact test for: revenue recognition problems (p-value=0.034), omitted or undervalued liabilities (p-value=0.017), equity fraud (p-value=0.040), miscellaneous (p-value<0.01) and CEO, CFO or Founder involvement in fraud (p-value=0.022). 139

25 Manufacturing Industry (SIC 20-39) TABLE 3 Current and Prior Studies - Comparison of Fraud a Categories by Industry Transportation, Wholesale and Retail Industry (SIC 40-59) Services Industry (SIC 70-87) Financial Services Industry (SIC and 67) Healthcare Industry (SIC 28, 38 and 80) Pre- SarbOx (n=164) b 42% n=69 16% n=27 27% n=44 7% n=11 16% n=26 Technology Industry (SIC 35 and 73) c 24% n=40 Post- SarbOx (n=179) b 34% n=61 22% n=40 30% n=53 10% n=17 13% n=24 30% n=53 Current study b (n=343) 38% n=130 20% n=67 28% n=97 8% n=28 15% n=50 27% n=93 Beasley et al. (2000) (n=66) n/a n/a n/a 33% n=22 29% n=19 38% n=25 Bonner et al. (1998) (n=251) 38% n=99 17% n=44 13% n=34 26% n=65 n/a 9% n=23 a Fraud includes items 1-10 on Table 3 b The n represents the number of firms in the total sample. Because SIC codes are not mutually exclusive to industries, some firms are represented more than once in the column. c Bonner et al. (1998) defines technology as SIC 35 and 73. n/a = The authors did not report on data with this industry. 140

26 Fraud Type/Categories 1 - Revenue recognition problems (fictitious premature and improper) TABLE 4 Fraud Techniques by Industry The Frequency and (Relative Percentage) a of Each Fraud Category for Selected Industries b Manufacturing (n=130) Healthcare (n=50) Technology (n=93) Financial (n=28) 71 (17.2) 33 (20.6) 69 (23.4) 10 (11.2) 2 - Misclassifications 12 (2.9) 6 (3.8) 7 (2.4) 2 (2.3) 3 - Asset valuation problems (fictitious or overvalued) 73 (17.7) 28 (17.5) 30 (10.2) 16 (18.0) 4 - Omitted or undervalued liabilities 7 (1.7) 1 (0.6) 1 (0.3) 3 (3.4) 5 - Omitted or improper disclosure(s) 77 (18.7) 30 (18.8) 55 (18.6) 18 (20.2) 6 - Equity fraud 16 (3.9) 3 (1.9) 24 (8.1) 3 (3.4) 7 - Related party transactions 18 (4.4) 7 (4.4) 14 (4.8) 6 (6.7) 8 - Frauds going the wrong way 6 (1.5) 4 (2.5) 4 (1.4) 1 (1.1) 9 - Illegal acts 10 - Miscellaneous (including consolidations) 21 (5.1) 8 (5.0) 17 (5.8) 14 (3.4) 4 (2.5) 12 (4.1) 7 (7.9) 8 (9.0) 11 - IT involved in the fraud 9 (2.2) 1 (0.6) 2 (0.7) 1 (1.1) 12 - CEO, CFO or Founder involvement with the fraud 88 (21.4) 35 (21.9) 60 (20.3) 14 (15.7) 141

27 Frequency of problems by industry a The relative percentage is shown in parentheses and is calculated as the frequency of AAERs divided by total number of AAERs for a given year (column total) b The selected industries/sectors are represented by the following 2-digit SIC codes: manufacturing, 20-39; healthcare, 28, 38, and 80; technology 35 and 73; financial services, and 67. Notice that the industry/sectors do not contain mutually exclusive SIC codes. 142

28 Fraud Type/Categories 1 Revenue recognition problems (fictitious, premature and improper) TABLE 5 Current Study Compared with Bonner et al. s (1998) Taxonomy Pre- SarbOx n=164 b Fraud Occurrence and (Relative Percent of Frauds a ) Post- SarbOx n=179 b Current study Total Sample n=343 b Bonner et al. (1998) Total Sample n= (20.1%) 111 (24.6%) 198 (22.4%) 188 (30.6%) 2 Misclassifications 7 (1.6%) 24 (5.3%) c 31 (3.5%) 21 (3.4%) 3 Asset valuation problems (fictitious or overvalued) 4 Omitted or undervalued liabilities 5 Omitted or improper disclosure(s) 96 (22.2%) 90 (19.9%) 186 (21.0% 133 (21.6%) 10 (2.3%) 9 (2.0%) 19 (2.2%) 39 (6.3%) 102 (23.6%) 100 (22.2%) 202 (22.9%) 104 (17.0%) 6 Equity fraud 38 (8.8%) 22 (4.9%) d 60 (6.8%) 29 (4.7%) 7 Related party transactions 8 Frauds going the wrong way 27 (6.3%) 30 (6.6%) 57 (6.5%) 52 (8.5%) 7 (1.6%) 8 (1.8%) 15 (1.7%) 26 (4.2%) 9 Illegal acts 41 (9.5%) 29 (6.4%) e 70 (7.9%) 18 (2.9%) 10 Miscellaneous (including consolidations) Total Occurrences of Fraud 17 (3.9%) 29 (6.4%) 46 (5.2%) 5 (0.8%) IT involved in the fraud n/a Executive Involvement 12 CEO, CFO or Founder n/a 143

29 Total AAERs , a The relative percentage is shown in parentheses and is calculated as the frequency of fraud occurrence divided by Total Occurrences of Fraud b The n represents the number of firms in the total sample. Because SIC codes are not mutually exclusive to industries, some firms are represented more than once in the column c Frauds were significantly (Chisq <.01) larger in number in the post-sarbox period d Frauds were significantly (Chisq <.01) larger in number in the pre-sarbox period e Frauds were significantly (Chisq<.05) larger in number in the pre-sarbox period 144

30 TABLE 6 The Frequency and (Relative Percentage) a of Each AAER Problem Identified by Year for the 343 Firms Included in the Sample Fraud Catgories b Total 1 - Revenue recognition problems (fictitious, premature and improper) 25 (16.0) 2 - Misclassifications 5 (3.2) 3 - Asset valuation problems (fictitious or 23 overvalued) (14.7) 4 - Omitted or undervalued liabilities 1 (0.6) 5 - Omitted or improper disclosure(s) 33 (21.2) 6 - Equity fraud 12 (7.8) 7 - Related party transactions 8 (5.1) 8 - Frauds going the wrong way 1 (0.6) 9 - Illegal acts 14 (9.0) 10 - Miscellaneous (including consolidations) 3 (1.9) 11 - IT involved in the fraud 0 (0.0) 12 - CEO, CFO or Founder involvement with the 31 fraud (19.9) 10 (11.9) 0 (0.0) 15 (17.9) 1 (1.2) 17 (20.2) 7 (8.3) 4 (4.8) 2 (2.4) 7 (8.3) 3 (3.6) 1 (1.2) 17 (20.2) (13.1) 1 (0.8) 27 (20.8) 3 (2.3) 21 (16.2) 9 (6.9) 11 (8.5) 1 (0.8) 12 (9.2) 3 (2.3) 5 (3.9) 20 (15.4) 21 (22.6) 1 (1.1) 15 (16.1) 4 (4.3) 16 (17.2) 5 (5.4) 2 (2.2) 2 (2.2) 3 (3.2) 3 (3.2) 2 (2.2) 19 (20.4) 14 (17.5) 0 (0.0) 16 (20.0) 1 (1.3) 15 (18.8) 5 (6.3) 2 (2.5) 1 (1.3) 5 (6.3) 5 (6.3) 1 (1.3) 15 (18.8) 37 (20.7) 3 (1.7) 29 (16.2) 3 (1.7) 26 (14.5) 8 (4.5) 11 (6.2) 5 (2.8) 13 (7.3) 9 (5.0) 0 (0.0) 35 (19.6) 34 (19.5) 13 (7.5) 24 (13.8) 5 (2.9) 26 (14.9) 8 (4.6) 8 (4.6) 3 (1.7) 2 (1.2) 13 (7.5) 0 (0.0) 38 (21.8) 23 (18.7) 4 (3.3) 18 (14.6) 0 (0.0) 29 (23.6) 2 (1.6) 7 (5.7) 0 (0.0) 9 (7.3) 5 (4.1) 1 (0.8) 25 (20.3) 17 (17.4) 4 (4.1) 19 (19.4) 1 (1.0) 19 (19.4) 4 (4.1) 4 (4.1) 0 (0.0) 5 (5.1) 2 (2.0) 3 (3.1) 20 (20.4) Frequency of problems per year ,117 Number of AAER firms per year a The relative percentage is shown in parentheses and is calculated as the frequency of AAERs divided by total number of AAERs for a given year (column total) b A Cox-Stuart test for trends indicates a significantly (one-sided p-value=0.0625) increasing trend in CEO type frauds (12). 198 (17.7) 31 (2.8) 186 (16.7) 19 (1.7) 202 (18.1) 60 (5.4) 57 (5.1) 15 (1.3) 70 (6.3) 46 (4.1) 13 (1.2) 220 (19.7)

31 REFERENCES Beasley, M An empirical investigation of the relation between board of director composition and financial statement fraud. The Accounting Review (October): Beasley, M., J. Carcello, and D. Hermanson Fraudulent Financial Reporting : An Analysis of U.S. Public Companies. Committee of Sponsoring Organizations of the Treadway Commission. Jersey City, NJ: AICPA. Beasley, M., J. Carcello, D. Hermanson, and P. Lapides Fraudulent financial reporting: Consideration of industry traits and corporate governance mechanisms. Accounting Horizons 14 (4): Bell, T., and J. Carcello A decision aid for assessing the likelihood of fraudulent financial reporting. Auditing: A Journal of Practice & Theory (Spring): Bonner, S., Z. Palmrose, and S. Young Fraud type and auditor litigation: An analysis of SEC accounting and auditing enforcement releases. The Accounting Review 73 (4): Carcello, J. and A. Nagy Audit firm tenure and fraudulent financial reporting. Auditing: A Journal of Practice & Theory 23 (September): Carcello, J., D. Hermanson, and K. Raghunandan Factors Associated with U.S. Public Companie s Investment in Internal Auditing. Accounting Horizons 19 (2): Carcello J., and T. Neal Audit committee composition and auditor report. The Accounting Review 75 (4): Dalton, D. and I. Kesner On the dynamics of corporate size and illegal activity: An empirical assessment. Journal of Business Ethics 7 (11): Dechow, P., R. Sloan, and A. Sweeney Causes and consequences of earnings manipulation: An analysis of firms subject to enforcement actions by the SEC. Contemporary Accounting Research (Spring): Deloitte & Touche LLP, Ernst & Young LLP, KPMG LLP, and PricewaterhouseCoopers LLP Internal Control over Financial Reporting-An Investor Resource. Available at Eilifsen, A., and W. Messier The incidence and detection of misstatements: A review and integration of archival research. Journal of Accounting Literature 19: