Ch.3 Organizational Ethics and Corporate Governance

ACFE 2018 Report to the Nation: Occupational Fraud

Fraud can be defined as a deliberate misrepresentation to gain advantage over another party Typical business loses 5% of annual revenues to fraud The average loss from fraud was $2.75 million Frauds lasted a median of 16 months before detection Occupational fraud is use of one's position to misappropriate organization's resources or assets for personal gain •More likely to be detected by tip, using hotlines, than any other way Asset misappropriation schemes most common type of occupational fraud Proactive fraud prevention and detection controls are a vital part in managing the risk of fraud

Seven Signs of Ethical Collapse:

"Occurs when any organization has drifted from the basic principles of right and wrong" Marianne Jennings 1. Pressure to maintain numbers 2. Fear and silence 3. Young 'uns and bigger than life CEO 4. Weak board of directors 5. Conflict of interest overlooked or unaddressed 6. Innovations like no other company 7. Goodness in some areas atones for evil in others

Ethical and Legal Responsibilities of Officers and Directors

. Duty of Care . Duty of Loyalty . Duty of Good Faith . Business Judgement Rule

Best Practices of Governance

. Independent directors enhance governance accountability . Separation of the duties of CEO and board chair minimizes conflict of interest. . Separate meetings between the audit committee and external auditors strengthen control mechanisms.

Organizational Ethical Climate

. Moral atmosphere and level of ethics practiced within a company. . Determined by leaders . Shared values, beliefs, goals, and problem-solving . Focuses on issues of right and wrong

Why does Financial Statement Fraud Occur?

. Situational pressure . Perceived opportunity . Rationalization . A culture is created and tone at the top established that presents the image of a company willing to do whatever it takes to paint a rosy picture about financial results.

Trust in Business

. Trust means to be reliable and carry through words with deeds. . Trust becomes pervasive only if the organization's values are followed and supported by top management. . Trust can be lost, even if once gained in the eyes of the public, if an organization no longer follows the guiding principles that helped to create its reputation for trust. . Credo is an aspirational statement that encourages employees to internalize the values of the company

Establishing an Ethical Culture:

.Corporate culture .Tone at the top .Code of ethics

Framework for Understanding Ethical Decision Making in Business

.Ethical Issue Intensity .Individual Factors .Organizational Factors .Opportunity .Business Ethics Intentions, Behavior, and Evaluations

Key Markers of Highly Ethical Organization

.Humility .Zero tolerance for individual and collective destructive behaviors .Justice .Integrity .Trust .A focus on process .Structural reinforcement .Social responsibility .Values-driven organization that encourages openness, transparency, and provides supportive environment to voice values without fear of retribution or retaliation.

Ethical Leadership:

.Leaders of good character .Virtues .Role Models

Behavioral Indicators of Fraud

.Living Beyond Means .Financial Difficulties .Unusual Close Association with Vendor/ Client .Control Issues, Unwillingness to Share Duties .Wheeler-Dealer Attitudes .Divorce /Family Issues .Instability, Suspiciousness or Defensiveness .Addiction problems .Complained about inadequate Pay .Refusal to Take Vacations

Leaders of Good Character

.Possess integrity, courage, and compassion .Careful an prudent .Decisions and actions inspire employees to act in an enhancing way.

Business Stakeholders

.Stakeholder Orientation . Investors and shareholders, creditors, employees, customers, suppliers, government agencies, communities and others . Have a "stake" or a claim in some aspect of a company's products, operations, markets, industry and outcome.

Individual Factors

.Values of individuals .Organizational and social forces shape behavioral intentions and decision making.

Dodd-Frank Wall Street Reform and Consumer Protection Act

2010 passage of Dodd-Frank established benefits for whistleblowers who aid in recovery of $1M or more and they can receive 10-30% of the recovery Defines a whistleblower as any individual who voluntarily provides information to the SEC relating to a violation of federal securities laws, is ongoing or is about to occur Voluntarily means the whistleblower has not provided the information previously to the government, a self-regulatory organization, or the PCAOB Concern: Will whistleblowers go external rather than internal with the information in order to receive an award ("bounty hunter")? Employees have a loyalty obligation to their employers, but loyalty should not be used to mask one's ethical obligation to maintain integrity and protect the public interest Whistleblowing in conformity with Dodd-Frank rules sets aside confidentiality requirement

Ethics in the Workplace

A code of conduct goes beyond what is legal for an organization and provides normative guidelines for ethical conduct. Support for ethical behavior from top management is a critical component of fostering an ethical climate. Measures that should be taken to establish an ethical culture: •Clear policies on ethical conduct including a code of ethics •Ethics training program that instills a commitment to act ethically and explains the code provisions •A top level officer (Chief Ethics and Compliance Officer) to oversee ethics and compliance •Use internal auditors to investigate whether ethics policies are followed •Strong internal controls to prevent and detect unethical behaviors •Whistleblowing policies, including reporting outlets •Ethics hot line for anonymous tips •Ethics statement signed by employees •Enforce ethics policies fairly and take immediate action against violators Reward ethical behavior and include in performance evaluation system

Duty of Care

Act in good faith, exercise the care that an ordinarily prudent person would exercise in a similar situation.

Duty of Loyalty

Act in the best interest of corporation; loyalty can be defined as faithfulness to one's obligations and duties.

Potential Agency Problems- Clawbacks

Allows a recovery of compensation from CEOs and CFOs of public companies.

External Auditors

An obligation to the public interest that underlies their corporate governance responsibilities Protect the interests of shareholders Conduct audits independent of any influence of management or the company Communicate effectively with the audit committee: accounting policies and procedures, estimates by management; quality of financial reporting; potential violations of laws Ensures accountability for financial reporting process

External Mechanisms

Are intended to monitor the company's activities, affairs, and performance to ensure that the interests of insiders (management, directors, and officers) are aligned with the interests of outsiders (shareholders and other stakeholders). . Examples: the financial markets, state and federal statutes, court decisions, and shareholder proposals.

Business Judgement Rule

Expected to exercise due care and to use their best judgment in guiding corporate management, but they are not insurers of the business success; honest mistakes and poor business decisions do not make them liable to the corporation for resulting damages.

Ethical Culture

Explicit statement of values, beliefs and customs from top management.

Potential Agency Problems- Executive Compensation

Compensation packages are tied to firm performance and stock option plans creating an incentive to manipulate earnings.

Opportunity

Conditions that limit or permit ethical or unethical behavior.

Corporate Governance Structures and Relationships

Corporate governance is shaped by internal and external mechanisms.

Virtures

Courage, temperance, wisdom, justice, optimism, integrity, humility, reverence and compassion.

Accountants' Obligations for Whistleblowing

Dodd-Frank contains provisions to encourage accountants and auditors to report corporate wrongdoing, and Section 10A of the SEC 1934 Act requires reporting of fraud Whistleblowing in accounting is a duty when it is motivated by a desire to protect the public, confidentiality obligation not withstanding Process in deciding to report fraud •Whether the violations have a material effect on the financial statements •Has management or BOD taken remedial action? •If not, auditor must report to BOD. The board has one business to inform the SEC and provide copy to external auditor If auditing firm does not receive a copy within one business day •Provide a copy of its own report to the SEC within one business day, or •Resign from the engagement and provide copy of report to the SEC within one business day of resigning The process must be handled through the client's internal compliance system before external auditors turn to whistleblowing

COSO Internal Control - Integrated Framework

Emphasizes roles of BOD, management, internal auditors, and personnel Designed to provide reasonable assurance •Effectiveness and efficiency of operations •Reliability of financial reporting •Compliance with laws and regulations Framework •Control environment: ethics of the organization •Risk assessment •Control activities •Monitoring •Information and communication

Whistleblowing

Employees (former or current) who report suspected violations to persons or organizations that may be able to effect action •Illegal •Immoral •Illegitimate Four elements: •The whistleblower •The whistleblowing act or complaint •The party to whom the complaint is made •The organization involved with the complaint "Organizational Dissidence" - similar to civil disobedience Whistleblower laws protects employees who provide information on a fraud against retaliation

Pressure to Maintain Numbers and Fear of Reprisals

Ethical collapse occurs when there is an unreasonable and unrealistic obsession with meeting quantitative goals ."financial results at all costs" Employees are reluctant to raise issues of ethical concern because they may be ignored, treated badly, transferred or worse. ."kill the messenger syndrome"

Financial Statement Fraud

Fraud schemes occur because an employee - usually top management - causes a misstatement or omission of material information in the organizations' financial reports. Methods include: Revenue Overstatement •Recording gross, rather than net, revenue •Recording of revenues of other companies, acting as a 'middleman' •Recording sales that never took place •Recording future sales in the current period •Recording sales of products that are out on consignment Expense Understatement •Recording cost of sales as a non-operating expense •Capitalizing operating costs •Not recording some expense at all Improper Asset Valuations •Manipulating reserves •Changing the useful lives of assets •Failing to take a write-down when needed •Manipulating estimates of fair market value

ACFE 2018 Report to the nation: Occupational Fraud

Frequency of Anti-Fraud Control •External audit of financial statements - 80% •Code of conduct - 80% •Internal audit department - 73% •Management certification of financial statements - 72% •External audit of internal controls - 67% •Management review - 66% •Hotlines - 63% •Independent audit committee - 61%

Organizational Ethics

Generally accepted principles and standards that guide behavior in organizational contexts.

Internal Mechanisms

Help manage, direct, and monitor corporate activities to create sustainable stakeholder value. .Examples: Independent board of directors, the audit committee, management, internal controls and the internal audit function.

Ethical Issue Intensity

Importance of the issue to the individual, work group and /or organization (intensity) based on values, beliefs and norms involved and pressures in the workplace.

Audit Committee

Independent directors with one having financial expertise. Oversight of financial reporting •Internal audit function •External auditors •CEO and CFO financial statement certification process Review formal announcements of earnings, significant financial reporting judgments, internal controls and risk management procedures, whistleblower and compliance program, external auditor's independence and objectivity and effectiveness of audit process. Seen as the one body that should be able to prevent identified fraudulent financial reporting Committee should meet separately with the senior executives, the internal auditors, and the external auditors

Ethical Dissonance Model

Interaction between the individual and the organization, based upon person-organization ethical fit at various stages of the contractual relationship in each potential ethical fit scenario Four potential fit options: 1. High-High 2.Low-Low 3.High-Low 4.Low-High

Internal Accountant's Eligibility

Internal accountants, including compliance and internal auditors, are excluded from receiving whistleblower awards under Dodd-Frank because pre-existing legal duty and job responsibilities to report suspicion of illegal acts and fraud to management. Under the following circumstances, internal accountants are eligible to become Dodd-Frank whistleblowers: •Disclosure to the SEC is needed to prevent "substantial injury" to the financial interest of an entity or its investors •The whistleblower "reasonably believes" the entity is impeding investigation of the misconduct (e.g., destroying evidence or improperly influencing witnesses) •The whistleblower has first reported the violation internally and at least 120 days have passed with no action.

Internal Control Weaknesses

Internal control includes all of the processes and procedures that management puts in place to help make sure that its assets are protected and that company activities are conducted in accordance with the organization's policies and procedures. An effective system of internal controls is critical to establish an ethical corporate culture that should be supported by the tone at the top. An internal control system, no matter how well conceived and operated, can provide only reasonable - not absolute - assurance to management and the board of directors regarding achievement of an entity's objectives. Management override of internal controls may be a problem

Stakeholder Orientation

Is the degree to which an organization understands and addresses stakeholder demands. Consists of: . Generation of data about stakeholder groups and assessment of the firm's effects on these groups . Distribution of this information throughout the firms . The responsiveness of the organization as a whole to this information.

Integrity Considerations

It is the integrity standard that establishes the basis for moral action of auditors and avoids subordinating judgment Reporting procedures for accountants and auditors under the AICPA Code (Exhibit 3.11) The CPA should seek legal advice when difference of opinion exists on how best to handle disagreements with the client and the firm refuses to make the required adjustments. The auditor should consider whether the relationship with the organization should be terminated including possibly resigning one's position Resignation from the audit firm does not negate the auditor's disclosure responsibilities to the SEC

Johnson & Johnson: A Case of Dr. Jekyll and Mr. Hyde?

J&J credo emphasizes primary obligation to those who use and rely on the safety of its products Tylenol Poisoning- J&J put customer safety first J&J has been withdrawing from its "trust" bank in recent years . Illegally promoted the antipsychotic Risperdal Misleading statements about the recall of Motrin . Included methylene chloride, which is banned by the FD, in their baby shampoo . DePuy Orthopaedics sold metal-on-metal hip implants that were found to shed minute particles into a patient's bloodstream over time. . Ethicon vaginal mesh did not meet reasonable safety standards. Takes a long time to build a reputation of trust, but not very long at all to tear it down.

The Jones-Hiltebeitel Model

Looks at the role of one's personal code of conduct in ethical behavior within an organization. . Moral intensity When one's personal code is insufficient to make the necessary moral decision, the individual will look at professional and organizational influences to resolve the conflict.

Menendez v Halliburton, Inc.

Menendez was the Director of Technical Accounting Research and Training Only months before that Halliburton had settled with the SEC after a two-year accounting probe Menendez realized the company was violating very basic accounting revenue recognition rules •Accountants were counting the full value of the equipment right away as revenue, even before it had assembled the equipment, customer could walk away until delivery, and Halliburton was liable for loss on damaged equipment Menendez tried to get Halliburton to change accounting method, but no action was taken He then spoke to the SEC and was told to go to the audit committee •Halliburton's general counsel circulated Menendez's complaints to the CFO, KPMG, other top executives and accounting department He was stripped of his responsibilities and became a pariah at the firm Appeals court panel ruled that Menendez had been retaliated against for blowing the whistle

Morality of Whistleblowing

Michael Davis considers whistleblowing to be morally required when it is required at all; a moral obligation to prevent serious harm to others if it can be done with little cost to the individual Application of a rule utilitarian perspective could lead to the conclusion that a categorical imperative exists to do whatever it takes to stop fraudulent behavior regardless of whether the action might bring more harm than good to the stakeholders DeGeorge thinks "corporations have a moral obligation not to harm." His criteria for when whistleblowing is morally permitted includes •Firm's actions will do serious and considerable harm to others •Whistleblowing is justifiable once the employee reports it to her supervisor and makes her moral concerns known •Absent any action by the supervisor, the employee should take the matter all the way up to the board •Documented evidence must exist that would convince a reasonable and impartial observer that one's view of the situation is correct and that serious harm may occur •The employee must reasonably believe that going public will create the necessary change to protect the public and is worth the risk to oneself

Internal Auditors

Monitor corporate governance activities and compliance with organization policies. Review effectiveness of the organization's code of ethics and whistle-blower provisions. "Eyes and ears" of audit committee. Assess audit committee effectiveness and compliance with regulations. Oversee internal controls and risk management processes: •Assurance on how effectively the organization assesses and manages its risk •Assurance on data security and privacy controls

Compliance Funciton

Organization's ethics officer •Ensures that the organization is in compliance with the laws and regulations, including SEC securities laws, SOX, and Dodd Frank •May report to the audit committee, CEO, or general counsel •Official member of the c-suite •Addresses existing requirements and anticipates regulatory changes and their likely impact Ethics and Compliance Officer Association (ECOA) Ethics officer plays a critical role in helping create a positive ethical tone in organizations

Business Ethics Intensions, Behavior, and Evaluations

Organizational ethical culture is shaped by effective leadership.

Morality of Whistleblowing

Organizational policies should be designed to encourage moral autonomy, individual responsibility, and organizational support for whistleblowers Moral agency is important for the determination of moral behavior Autonomy means to act according to reasons and motives that are taken as one's own and not the product of policies, laws, etc. If pressure exists in an organization not to report wrongdoing, a rational, moral person will withstand such pressure, even with perceived retaliation, because it is a moral requirement to do so

KPMG's Integrity Survey 2013

People of integrity are self-driven to do the right thing. KPMG's Integrity Survey 2013 surveyed more than 3,500 U.S. workers •Nearly 75% of employees observed misconduct within past 12 months •More than 50% of employees reported what they observed could cause a significant loss of public trust if discovered •Causes: Pressure to do "whatever it takes" to meet targets, not taking code of conduct seriously, fear of losing one's job for not meeting targets, rewarding employees for results and not the means used to achieve them When employees were asked what they would do on observing a violation of code of conduct, •78% would notify their supervisor or another manager •54% would try resolving the matter directly •53% would call the ethics or compliance hotline •26% would notify someone outside the organization •23% would look the other way or do nothing

Internal Controls

Prevent and detect errors and fraud •Asset misappropriations •Materially false and misleading financial reports •Inadequate disclosures Ensure management policies are followed Ethical systems built into corporate governance Can be overridden by top management •Do what CEO says, not what he does •Creates cynical attitude •Managers need to "walk the talk" of ethics

"Say on Pay"

Provide shareholders a vote regarding the compensation of CEO and CFOs.

Duty of Good Faith

Requires an honesty of purpose that leads to caring for the well-being of the constituents of the fiduciary.

Liability for False Certifications

SEC's increased focus on identifying and penalizing misstatements in public company financials Analyzing patterns of internal control problems even absent a restatement of the financials Quality Services Group Inc. (QSGI) CEO and CFO held responsible for alleged misrepresentations in public disclosures about the company's internal controls environment •Signed Form 10-Ks with management reports on internal controls that falsely omitted issues •Signed certifications in which they falsely represented that they had evaluated the management report on internal controls and disclosed all significant deficiencies to auditors Transparency with the company's audit committee and with external auditors regarding evaluations of the company's internal controls and whether it protects the company, its investors, and its officers

Has SOX Accomplished its Intended Goal?

Section 302 requires CEO and CFO to certify financial statements contain no material misstatements •Helps protect the public against fraudulent financial statements Very few defendants have been charged with false certification, and fewer still have been convicted Richard Scrushy, former HealthSouth Corporation CEO •Indicted but found not guilty on false certification •Weston L. Smith, CFO, pleaded guilty in scandal, sentenced to 27 months in prison •CFO of DVI pleaded guilty to mail fraud and false certification, sentenced to 30 months in prison SEC increasingly is pursuing claims against CFOs by alleging that the CFOs subordinates violated securities laws and the CFO either certified the resulting reports or failed to implement adequate internal safeguards

A code of ethics

Serves as a guide to support ethical decision making. It clarifies an organization's mission, values, and principles, linking them with standards of professional conduct.

Whistleblowing Experiences

Since its inception in 2011, SEC's whistleblower program has paid more than $175 million to whistleblowers In August 2016, a whistleblower award of more than 22 million was paid to a former financial executive at Monsanto Whistleblowing program is the right thing to do to protect the public interest, but concerns are •A self-interested and opportunistic person may be induced to reveal company information to the SEC, with inadequate safeguards as to the quality of information provided •Permitting compliance officers to become whistleblowers solely on the passage of time rather than case-specific considerations can erode corporate culture and trust in compliance officials who may subvert the objectives of preventing, detecting, and remediating corporate misconduct on an enterprise-wide basis

Tone at the top

The ethical environment that is created in the workplace by the organization's leadership.

Corporate Social Responsibility Example: The Ford Pinto Case

Subcompact car Unsafe gas tanks could burst into flames Initial ethical legalism defense Risk/cost benefit analysis Too costly to replace the fuel tanks Compliance with law versus ethical behavior - met all safety requirements Utilitarian reasoning •Focusing on costs and benefits •Ignores rights of various stakeholders •Ignored cost of potential lawsuits

Organizational Influence on Ethical Decision Making

The Jones-Hiltebeitel model

Corporate Culture

The shared beliefs of top managers in a company about how they should manage themselves and other employees, and how they should conduct business. Corporate culture starts with an explicit statement of values, beliefs, and customs from top management.

Miniscribe Fraud

Top management committed the fraud and overrode internal controls Company lacked independent members on its Board of Directors Salaries and bonuses often depended on Miniscribe "making the numbers" Inventory hole initially worth $2 to 4 million, then $15 million Miniscribe bought bricks to disguise as hard drives and conceal as inventory worth $4 million Repeatedly signed management letter stating financial reports were accurate and truthful

2013 National Business Ethics Survey

Views of Employees from 2011 to 2013: •Observed misconduct have declined between 2011 and 2013. •Pressure to compromise ethical standards declined but retaliation against whistleblowers increased; increase in ethics training programs and the use of ethical conduct in employees evaluations. Six most observed types of misconduct: (1) stealing or theft, (2) falsifying time reports, (3) falsifying expense reports, (4) falsifying and manipulating financial reporting information, (5) falsifying invoices, books, and records, and (6) accepting gifts or kickbacks. Concern that while misconduct is down overall, a relatively high percentage of misconduct is committed by managers

External Auditor Eligibility

Whistleblower rules allow the auditor or an employee associated with the auditor to make a whistleblower submission alleging that the firm failed to assess, investigate or report wrongdoing in accordance with Section 10A, or that the firm failed to follow other professional standards. Concerns about permitting CPAs to obtain monetary rewards for blowing the whistle on their own firms' performance of services for clients create significant problems including •Undermining the ethical obligations of CPAs not to divulge confidential client information •Harming the quality of external audits because client management might restrict access to client information for fear the financial incentive for whistleblowing could lead to report client-specific information to the SEC •Overriding the firms' internal reporting mechanisms for audit-related disagreements •Incentivizing an individual to bypass existing programs to report disagreements including hotlines

Rights and Duties

Whistleblowers hope and believe their speaking out will achieve correction of what they perceive as the organizational wrongdoing "Retaliatory climate" in the organization is the primary barrier to blowing the whistle on corporate wrongdoing When organizations establish an ethical culture and anonymous channels to report wrongdoing, it creates an environment that supports whistleblowing and whistle-blowers while controlling for possible retaliation

loyalty to the Boss and Weak Board of Directors

Young people selected by the CEO for their position based on inexperience, possible conflicts of interest, and unlikelihood to question the boss's decisions Weak board of directors characterizes virtually all of the companies with major accounting frauds in the early part of the 2000s Culture of Conflicts