A Letter from Prison

A letter from prison

A. Proffitt

I believe safeguarding financial reporting first and foremost needs to come from the reporting companies. The reporting companies are obligated to ensure the financial reports that they are putting forth are accurate and correct. As with this case and others we have read, CA got away with reporting wrongful information for at least a year and a half and nor did the auditors or regulators catch it. As we have learned many auditors let things slip and distort numbers due to their unconscious bias. Even the most detailed and honest auditors can potentially mask a company's true financial status from investors, regulators and sometimes management. Auditors are also more likely to mask such numbers when they have incentives that create a self-serving bias. Regulators on the other hand, set up the rules, guidelines, etc., but it is up to the reporting companies to follow such provisions. It seems, at least in the cases we have read, the regulators don't step into investigate until a red flag is waived and significant damage has already been done. WorldCom withheld and omitted information, altered documents, produced inaccurate financial reports, etc. and it wasn't until Cooper brought it to the attention of the SEC years later, that they then got involved. In my opinion the reporting companies have to be the safegaurder of financial reporting because as we seen in WorldCom and in this case where they found 23 boxes of missing documents, companies can hide, distort, falsify, etc. substantial and important information and documents to make it seem as if the company is doing ok and everything is on the up and up to keep auditors and the regulators happy and from nosing around. In this case, the SEC didn't get involved until the New York Times published an article about CA and their aggressive accounting practices. The SEC obviously thought Richards and many others were guilty and pressed criminal charges, although Richards still thought what they did was a timing issue of deals being recognized 2 to 3 days earlier rather than 2 to 3 days later and that there was a radical difference between this scandal and the others that were heavily publicized at the time. CA deliberate backdating of contracts caused inflated revenue for every quarter in 2000 and in the 1st and 2nd quarter of 2001, with the 2nd quarter being inflated over 50% (definitely above the 5% threshold for materiality) in 2000. Stock prices were also heavily inflated for these quarters as well. Even though Richards seen this as a" timing issues", it had an effect on millions of dollars, stock prices, bonuses, trust with the auditors, investors, regulators, legal fees, etc. Because reporting companies are the first line of defense against safeguarding information, it's important to have internal controls set up within a company to help insure reliable financial reporting, the reputation of the company, adhering to laws and regulations, hitting targeted goals and preventing loss of resources. A company must embrace an internal control environment for it to be effective. This must start from the top down within the organization for it to be effective. If employees at the bottom know they are working in such an environment and see top employees practicing such behaviors and actions, they are likely to follow suit. CA obviously didn't have an effective internal control environment as their top employees were partaking in the criminal activities. A company must also asses it's risk, the major risk I see that needs to be assessed at CA are obviously the contracts that are being counted 2 to 3 days earlier than they should have been. One solution the company could take or should have taken in following with their internal control activities is to heavily review contracts two weeks prior to the end of the reporting period. They should also have someone to double verify these contracts and rotate management on this specific task. If they had partaken in these activities, even if one manager recorded a false contract date, the other would have caught it. If CA would have had clear information and communication to employees about their goals, responsibilities, and the consequences for breeching such internal controls, I feel the staff would have been less apprehensive to record such false information. CA should have been continuously monitoring their internal controls to make sure no breech had occurred. This could have been done by the double checking of contracts, rotating staff, checking top management's emails, a "good internal audit committee" etc. The Sarbanes Oxley act which was enacted in 2002(after this case), clearly states that company's management assumes the responsibility for establishing and maintaining financial reporting internal control processes. It also states the company must provide a management assessment of the effectiveness of the internal control processes. The Sarbanes Oxley act also provides powerful incentives for management to maintain proper internal control processes. The act requires public companies to disclose on timely basis material changes in their financial conditions or operations. It also states the chief financial officer and the chief