In April 2011 we posted an article about Verizon’s $93.5 million settlement with the Department of Justice that resolved False Claims allegations for invoices submitted by an entity it had acquired in 2006. Allegedly, those invoices contained taxes and surcharges prohibited by its contracts with the General Services Administration (GSA). That situation led us to write something that we’ve repeated many times on this site, namely: “government contractor compliance failures tend to be on the very expensive side, such that investments in compliance mechanisms and internal controls tend to pay for themselves.”

The cost/benefit analysis seems frighteningly clear to those who work in this industry. It’s essentially a no-brainer. The probability of being accused of submitting false claims (or making false statements) to the Federal government may be low, but the consequences tend to be huge. The risk analysis always shows that it’s cheaper to invest in an effective compliance program than it is to defend against allegations of wrongdoing.

The problem is that contractors too infrequently perform such a risk analysis. So in times of budgetary pressure—such as that in which we are currently working—it seems like picking low-hanging fruit to cut back on internal controls and compliance programs. Such a decision ameliorates today’s budget problems at the expense of creating potential problems for tomorrow’s leadership—as in when Verizon paid nearly $100 million for the decisions made by MCI/WorldCom nearly five years earlier.

The other problem is that contractors too frequently screw up the risk analysis. This is especially true when commercial companies dabble in government contracting. When the government contract revenue is a small percentage of total corporate sales, then management has a tendency to treat its Federal customers just like any other sales channel. Sure, they know (vaguely) that there are some special regulations involved in that government contracting stuff, and maybe they’ve hired a couple of people to “scrub the books” to make sure that those arcane regulations are complied with. But there is a definite tendency—especially at the most successful commercial companies—to think that those additional hires plus some good ol’ common sense will be sufficient to militate against the risk of noncompliance.

They screw up the risk analysis because they do not understand the risks.

They screw up the risk analysis because they do not understand the true cost of merely being accused of submitting a false claim to the Federal government. The cost of hiring attorneys and other outside experts. The cost of diverting personnel to litigation support instead of what they were hired to do. The cost of litigation-related reserves. The cost of filing SEC disclosures and of preparing special litigation notes to the financial statements. The cost of answering probing questions—not just by the Assistant U.S. District Attorney, but also by investment analysts during investor conference calls. The cost of seeing the stock price fall because of DOJ press releases. The reputational “brand” impact in the marketplace.

The leadership at defense contractors largely (but not universally) understands the cost/benefit analysis. They’ve been in the cross-hairs since the seventies, and they’ve largely adapted to the environment in which they work. But commercial companies who are new to government contracting, and whose government sales are a very low percentage of total sales, don’t get it. They haven’t been burned yet, so they don’t understand the risks of playing with matches. And so they skimp on internal controls and multiple reviews, and on the hiring of subject matter experts in areas such as contract administration, cost accounting, pricing, and billing.

The W.W. Grainger Corporation of Lake Forest, Illinois, presents us with a sterling example of the blown risk analysis.

Now, before we dig into this illustrative example of a commercial company who dabbled in government contracting, to the eventual chagrin of its leadership and shareholders, we have to let you know that we don’t have any inside information about the situation. All we have is what the Internet provides. Accordingly, we may be getting some of the details wrong. But we don’t think so. We think we understand W.W. Grainger, Inc. all too well.

W.W. Grainger, Inc. is a distributor of maintenance, repair, and operating (MRO) supplies, as well as other related products and services used by businesses. Although the majority of its sales take place in North America, it also has a global presence. The company serves about two million customers through its network of branches, distribution centers, websites, and export services. Grainger has centralized business support functions that provide coordination and guidance in the areas of accounting and finance, business development, communications and investor relations, compensation and benefits, information systems, health and safety, global supply chain functions, human resources, risk management, internal audit, legal, real estate, security, tax and treasury. These services are provided in varying degrees to all business units.

(We hope Grainger invested in providing some extra “centralized business support functions” to its business units selling goods and services to the Federal government. But our experience with such centralized service functions leads us to suspect that they skimped in that area. See our comments above about perceptions of low-hanging fruit ripe for cutting in times of budgetary pressure.)

W.W. Grainger had $8 billion in sales in its FY 2011. (FY 2012 numbers have not yet been released.) During its FY 2011, the company made about 105,000 individual transactions each day, selling to “small and medium-sized businesses to large corporations, government entities and other institutions.” No customer—not even the mega-buyer that is the United States Federal government—accounted for more than two percent of corporate sales. Grainger reported two segments, but those segments were differentiated by geography and not by customer. Tellingly, Grainger did not report a separate segment for its Federal sales.

In other words, W.W. Grainger dabbled in government contracting.

Item 1A of its FY 2011 10-K (Annual Report) filing with the Securities and Exchange Commission lists “significant risk factors relevant to Grainger’s business that could adversely affect its financial position or results of operations.” There are thirteen (13) significant risk factors listed. The thirteenth is an admission that the company “is subject to various government regulations.” The paragraph following that statement contains additional details, including:

As a government contractor selling to federal, state and local government entities, Grainger is subject to a variety of laws and regulations, including without limitation import and export requirements, the Foreign Corrupt Practices Act, tax laws (including U.S. taxes on foreign subsidiaries), foreign exchange controls and cash repatriation restrictions, data privacy requirements, labor laws and anti-competition regulations, and is also subject to audits and inquiries in the ordinary course of business. … Grainger has implemented policies and procedures designed to facilitate compliance with these laws and regulations, but there can be no assurance that employees, contractors or agents will not violate such laws and regulations or Grainger's policies. Any such violations could individually or in the aggregate materially adversely affect Grainger's financial condition or operating results.

Note 19 to the company’s 2011 financial statements contained the following statements—

Grainger is a party to a contract with the United States General Services Administration (the GSA) first entered into in 1999 and subsequently extended in 2004. The GSA contract had been the subject of an audit performed by the GSA's Office of the Inspector General. In December 2007, the Company received a letter from the Commercial Litigation Branch of the Civil Division of the Department of Justice (the DOJ) regarding the GSA contract. The letter suggested that the Company had not complied with its disclosure obligations and the contract's pricing provisions, and had potentially overcharged government customers under the contract.

Discussions relating to the Company's compliance with its disclosure obligations and the contract's pricing provisions are ongoing. The timing and outcome of these discussions are uncertain and could include settlement or civil litigation by the DOJ to recover, among other amounts, treble damages and penalties under the False Claims Act. Due to the uncertainties surrounding this matter, an estimate of possible loss cannot be determined. While this matter is not expected to have a material adverse effect on the Company's financial position, an unfavorable resolution could result in significant payments by the Company. The Company continues to believe that it has complied with the GSA contract in all material respects.

Grainger is a party to a contract with the United States Postal Service (the USPS) entered into in 2003 covering the sale of certain Maintenance Repair and Operating Supplies (the MRO Contract). The Company received a subpoena dated August 29, 2008, from the USPS Office of Inspector General seeking information about the Company's pricing compliance under the MRO Contract. The Company has provided responsive information to the USPS and to the DOJ.

Grainger is also a party to a contract with the USPS entered into in 2001 covering the sale of certain janitorial and custodial items (the Custodial Contract). The Company received a subpoena dated June 30, 2009, from the USPS Office of Inspector General seeking information about the Company's pricing practices and compliance under the Custodial Contract. The Company has provided responsive information to the USPS and to the DOJ.

Discussions with the USPS and DOJ relating to the Company's pricing practices and compliance with the pricing provisions of the MRO Contract and the Custodial Contract are ongoing. The timing and outcome of the USPS and DOJ investigations of the MRO Contract and the Custodial Contract are uncertain and could include settlement or civil litigation by the USPS and DOJ to recover, among other amounts, treble damages and penalties under the False Claims Act. Due to the uncertainties surrounding these matters, an estimate of possible loss cannot be determined. While these matters are not expected to have a material adverse effect on the Company's financial position, an unfavorable resolution could result in significant payments by the Company. The Company continues to believe that it has complied with each of the MRO Contract and the Custodial Contract in all material respects.

Similar statements were provided in Grainger’s Q1 and Q2 10-Q reports to the SEC. The Q3 10-Q report added the following details—

Following this mediation with representatives of the DOJ, the Company reached a settlement in principle with the DOJ relating to the Company's disclosure obligations and pricing provisions of the GSA and USPS contracts. Under the terms of the proposed settlement, the Company agreed to pay $70.0 million to resolve the parties' dispute (other than with respect to certain alleged claims regarding tax, freight and billing errors that the Company does not believe will require it to make any material additional payments and for which the Company estimates its liability to be approximately $6.0 million). Accordingly, the Company recorded a $76.0 million liability which is included in Accrued expenses at September 30, 2012. The proposed settlement, which does not contain any admission of wrongdoing by the Company, remains subject to approval by authorized officials of the DOJ and the negotiation of a definitive settlement agreement.

We were struck by the statements in the 2011 annual report and the 2012 Q1 and Q2 quarterly reports that the possible litigation liability could not be estimated and thus no provision had been recorded. Despite the fact that the liability could not be estimated, the company told investors that it did not expect the resolution to have a “material adverse effect on the Company’s financial position.”

Yeah, right. The liability could not be estimated, because the company’s executive management team didn’t want to estimate it. They didn’t want to estimate it, because the potential liability was so freaking large. That farce continued for nine months, until the company finally got around to recording the liability in its Q3 (unaudited) financial statements. And the company auditors, Ernst & Young, LLC, accepted that delay, thus leading to earnings that were significantly overstated for a period of nine months—since the $76 million accrual represented roughly ten percent of annual earnings.

One wonders whether the auditors of Ernst & Young, LLC, had the experience and knowledge of Federal contracting matters to properly evaluate whether Grainger should have recorded its litigation liability in 2011, rather than waiting for nine months to do so. Since the Apogee Consulting, Inc. Principal Consultant used to work for EY, we think we know the answer. The answer is that EY very likely treated Grainger like a commercial business instead of as a Government contractor, and they very likely assigned an audit team to Grainger who had little (if any) expertise in Government contracting matters. Thus, we strongly suspect the auditors had no ability to evaluate the potential liability that Grainger was facing.

Like Grainger’s executive management team, the company’s auditors very likely had no clue about the special risks associated with selling to the Federal government. And no clue about whether or not the company was deploying sufficient internal controls and compliance procedures to mitigate those risks.

In fairness, there is nothing that absolutely requires the auditors to be able to assess government contracting risks. Their Sarbanes-Oxley (SOX) work focuses on financial reporting and disclosure risks, and not on the more esoteric risks associated with regulatory compliance. On the other hand, the big audit firms have experts to evaluate income tax provisions; one wonders why they don’t have similar experts to evaluate legal and litigation provisions. One wonders why they don’t use their government contract cost accounting experts to assist their audit clients in performing robust risk analyses.

Had Grainger and/or its auditors performed a robust risk analysis, we think it would have been readily apparent that the company’s contracts with the GSA and USPS were extremely risky.

What do we mean? Let’s look at this statement from Grainger’s FY 2011 10-K filing:

The business has a sales force of almost 2,700 professionals who help businesses and institutions select the right products to find immediate solutions to maintenance problems and to reduce operating expenses and improve cash flows. The sales force increased over the prior year with the majority of the new sales representatives focused on acquiring additional business from existing medium-sized customers as well as acquiring new business across the United States.

We already told you that Grainger processed roughly 105,000 transactions each day for nearly 2 million customers each year. It had a sales force of 2,700 individuals, processing transactions through multiple channels. How in the world was it going to ever accurately disclose its commercial pricing practices, as required by its Federal contracts? How in the world was Grainger ever going to provide assurance that it was complying with the contracts’ price reductions clauses?

The fact of the matter is that Grainger should never, ever, have entered into those contracts. It was virtually impossible for it to comply with contractual requirements. We don’t have to know much about the company—and its centralized business support functions—to reach that conclusion.

And nobody had to be a subject matter expert to predict that the combination of commercial mind-set with the multiple sales channels and gigantic sales workforce was going to lead to a problem in contract compliance. Thus: the inevitable DOJ press release. It said (in part)—

Today’s settlement resolves issues discovered during a GSA post-award audit of Grainger’s MAS contract. The GSA Office of Inspector General learned that Grainger failed to meet its contractual obligations to provide the GSA with current, accurate and complete information about its commercial sales practices, including discounts afforded to other customers. As a result, government customers purchasing items under the Grainger MAS contract paid higher prices than they should have.

In addition, today’s settlement resolves allegations that Grainger failed to meet its contractual obligations to provide “most-favored customer” pricing under two USPS contracts for sanitation and maintenance supplies. The USPS contracts required Grainger to treat USPS as Grainger’s ‘most-favored customer’ by ensuring that USPS received the best overall discount that Grainger offered to any of its commercial customers. Agents and auditors from the USPS Office of Inspector General (OIG) investigated Grainger’s pricing practices and discovered that Grainger did not consistently adhere to this requirement, causing USPS to pay more than it should have for purchases made under the two contracts.

Yeah, big surprise, that.

Where was the corporate risk analysis? Where were the mitigation controls and procedures? And where were the auditors? Indeed, this is a great example of a blown risk analysis by a commercial dabbler in government contracting.