Can Ethics be Legislated in Accounting? The role of SOX, the SEC and the ERM Framework

Post-hoc Editorial Comment: We are delighted to welcome the following contribution by Steven Mintz, the Ethics Sage. His photo, professional affiliation, and contact information are provided at the conclusion of his essay (below).

Government regulations, whistleblower protections, GAAP reporting standards, and internal control requirements are meaningless and not worth the paper they are written on if what has been promised is not done. A healthy financial reporting system depends on the enforcement of laws and the existence of an ethical culture in organizations that support accurate and reliable financial reporting.

These issues are relevant to the case of Tony Menendez, former Director of Technical Accounting Research at Halliburton, who blew the whistle on improper accounting for revenue. Menendez was hired by Mark McCullum, the chief accounting officer at Halliburton, who reportedly told him to serve as his “Smokey the Bear,” helping the company prevent accounting fires from flaring. That is what Menendez tried to do.

Back in 2005, Menendez identified improper accounting for bill-and-hold transactions where the company booked revenue before product was sent to customers, all the while holding it in its warehouse for future delivery. Menendez worked hard to convince his superiors of the errors in accounting. He sought out the help of KPMG, Halliburton’s auditors, to no avail. He informed the SEC, which seemed disinterested and chose not to get involved. The company retaliated against him once it found out about his reporting to the SEC. Menendez finally lodged a complaint with the Department of Labor under the whistleblower protections of the Sarbanes-Oxley Act. He then endured a nine-year battle to clear his name.

Two questions from Menendez’s experiences are: (1) Did SOX work as intended and protect Menendez as a whistle-blower under Section 806? (2) Did the SEC fulfill its oversight role of financial reporting and audits of financial statements? The answers are no and no. However, it’s not due to the ineffectiveness of SOX. Instead, Halliburton’s management had established a culture that this is the way things are done around here and Menendez should be a team player.

Absent an ethical culture, no law is likely to be effective in enforcing financial reporting standards and ensuring internal controls operate as intended. A good example is Halliburton’s own ethical requirement that purported to protect confidential complaints, which was ignored when the company outed Menendez after he informed the SEC.

The SEC failed in its responsibilities in the Menendez case. Overworked, underfunded, and, quite frankly, lacking in a commitment to ensure ethical behavior and GAAP-conforming financial reports, the Commission gave in to pressures from Halliburton and hastened the day of retaliation against Menendez.

The SEC has failed time and again to do something constructive by acting on detected fraud. We all remember that the Commission failed to follow up on years of complaints from Harry Markopolos, a Boston investigator, about Bernie Madoff’s financial activities. The SEC chose instead to treat him as a crank.

Now comes COSO’s recently updated ERM Framework, Enterprise Risk Management – Integrating with Strategy and Performance. Will it help to promote an ethical organization culture, the weak link in the internal controls of many companies that committed fraud in the early 2000s (i.e. Enron and WorldCom), Halliburton, and many financial institutions during the great recession?

The September 2017 revisions to the ERM Framework highlight the importance of enterprise risk management in strategic planning. According to COSO’s Chair, Robert B. Hirth Jr., COSO’s “overall goal is to encourage a risk-conscious culture.” PwC developed the framework and, according to Miles Everson, PwC’s Global Advisory Leader and Engagement Leader: “The Framework addresses the evolution of ERM, the benefits that can be achieved, and the need for organizations to improve their approach to managing risk.”

Drilling down on the Framework with respect to corporate culture, ERM suggests that each entity should link its culture – shared behaviors, emotions and mindsets in the organization – to its strategy and risk appetite. The problem here is the ERM framework does not place sufficient emphasis on the ethical dimension of making strategic decisions, opting, instead, for a focus on the entity’s “hunger” for risk in terms of its strategic objectives. This tail wagging the dog approach to developing an ethical culture allows management to create a culture in each situation after first determining its willingness to accept risk in developing strategic activities. This is ethical relativism at its worst.

The moral of the story is ethical behavior can’t be legislated. COSO can issue as many white papers as it wants, it still won’t guarantee an ethical outcome. Internal controls have limited value if management routinely overrides them. GAAP requirements are ignored when management’s goal is to tell its side of the story, rather than report the financial results in an accurate and reliable manner.

So, what’s the answer to the ongoing dilemma of getting management and the board of directors to establish a strong corporate governance system? There are no easy answers because ethical governance depends on an ethical culture and a tone set from the top that deviations from ethical standards will not be tolerated. This is the most effective way to embed ethics into the culture.

What about the accounting profession, in particular the auditors? Well, 2017 hasn’t been a good year for the profession. From Wells Fargo’s fake accounts to the ten-year investigation into accounting fraud at AIG, accountants and auditors were asleep at the wheel once again.

When will the profession live up to its responsibilities to put the public interest above all else, including the interests of one’s employer, the audit firm, and self-interest? This is an ongoing problem that hasn’t gotten better since the passage of SOX.

I fear we may be waiting for the other shoe to drop on the disclosure of another round of financial wrongdoing and failed audits. Why? Because at the end of the day, greed wins out over ethical decision-making by management, and soliciting, retaining, and building on client relationships has become the Holy Grail for the accounting profession.

Steve Mintz is a Professor Emeritus from Cal Poly San Luis Obispo. Steve blogs on ethics issues at ethicssage.com. Visit his website at stevenmintzethics.com.