Normally, when we discuss fraud and/or internal controls designed to detect (if not also prevent) corrupt activities, we point out that establishing effective internal controls is the responsibility of the executive leadership function. Two notable examples of our viewpoint on this matter come to mind. In the first example, we discussed how a Vice President of Finance was able to embezzle more than $30 million from headphone-maker Koss. We noted that the SEC had much to say (in its complaint and proposed settlement agreement) regarding the lack of diligence found at the top of that corporation. In the second example, we discussed how the Treasurer and Comptroller of the city of Dixon, Illinois (a town with an annual budget of roughly $8 million), was able to embezzle more than $30 million over six years. In that case, a long-time trusted city employee was not well monitored by her superiors at the City Council, and the annual audit failed to detect the sizable illegitimate transactions.

Where are we going with this? Well, we’re thinking that an organization devoted to integrity and ethical behavior needs to hold its top leadership accountable for any transgressions by its employees. Leadership needs to be held accountable – especially when root cause analysis indicates that a significant causal factor in the fraud was a lack of oversight or other form of gross negligence.

It’s not enough to simply blame the employee and point a finger at the auditor. Those at the top of the pyramid need to be held accountable for any poor decision-making and for any lack of diligence in performing their duties.

We assert it is management’s duty and obligation to establish an effective set of internal controls designed to detect and prevent employee corruption. We assert is it the responsibility of the leadership team to exercise diligence in ensuring an appropriate segregation of duties. We assert the executives are responsible for investigating allegations of wrong-doing and for ensuring that documents they sign (such as SOX 302 Certifications) are accurate in all respects.

We assert that when the executive leadership team fails to invest in an effective internal control system, they are negligent and should be held accountable for that negligence. We assert that when the senior leaders of an organization delegate their oversight responsibilities to subordinates, they are negligent. We assert that that when upper management rubber-stamps documents and certifications, or when they white-wash allegations of internal corruption, or when they hire the lowest-price external auditor and refuse to permit that auditor an adequate budget to conduct a rigorous audit, then they should be held accountable for those poor decisions.

We are saying, basically, that not only does “tone at the top” matter – but that the top must be held accountable for their actions (or inactions) in addition to the tone they set. Not only the words, but the actions. An organization that does not hold its leadership accountable is living on borrowed time.

But what happens when it is the senior leadership team who is the source of corruption?

We were inspired to think about these things by a recent Department of Justice press release, announcing that –

The former chief executive officer (CEO) of ArthroCare Corporation was sentenced to serve 20 years in prison, and the former chief financial officer (CFO) was sentenced to serve 10 years in prison today for their leading roles in a $750 million securities fraud scheme. Two other former senior vice presidents of ArthroCare were also sentenced to prison terms for their roles in the scheme.

What happened? According to the press release –

At sentencing, the court found that investors lost approximately $756 million as a result of the defendants’ scheme to artificially inflate the share price of ArthroCare stock through sham transactions. According to court documents, between 2005 and 2009, Baker, Gluk, Raffle and Applegate executed a scheme to artificially inflate sales and revenue through a series of end-of-quarter transactions involving several of ArthroCare’s distributors. Products were shipped to distributors at quarter end based on ArthroCare’s need to meet Wall Street analyst forecasts, rather than distributors’ actual orders. ArthroCare then fraudulently reported these shipments as sales in its quarterly and annual filings at the time of the shipment, enabling the company to appear to meet or exceed internal and external earnings forecasts. ArthroCare’s distributors agreed to accept these shipments of millions of dollars of excess inventory in exchange for lucrative concessions from ArthroCare, such as upfront cash commissions, extended payment terms, and the ability to return products. In some cases, like that of ArthroCare’s largest distributor, DiscoCare, the defendants agreed ArthroCare would acquire the distributor and the inventory so that the distributor would not have to pay ArthroCare for the products at all. … On July 21, 2008, after ArthroCare announced publicly that it would be restating its previously reported financial results to reflect the results of an internal investigation and account for the defendants’ fraud, the price of ArthroCare shares dropped from $40.03 to $23.21 per share. On Dec.19, 2008, ArthroCare again announced publicly that it had identified more accounting errors and possible irregularities related to the defendants’ fraud. That day, the price of ArthroCare shares dropped from approximately $16.23 to approximately $5.92 per share.

More details regarding the fraud can be found here.

What happened to ArthroCare’s external auditor (PricewaterhouseCoopers LLP)?

Although shareholders sued PwC, seeking to hold the audit firm accountable for not detecting the fraud, in 2010, that suit was tossed. According to one report, “The court further held that Pricewaterhouse-Coopers did not intend to mislead investors and was itself misled by ArthroCare's executives about the company's questionable accounting practices.” But that was not the end of the story. In July, 2014, the Public Company Accounting Oversight Board (PCAOB) announced that the PwC audit partner (Mr. Randall Stone) was being held accountable for the botched audit. The press release stated –

The Board found that Stone ignored or failed to properly evaluate numerous indicators that should have alerted him to the possibility that ArthroCare was improperly recognizing revenue on its 2007 sales of medical devices to DiscoCare, Inc. Such indicators included unusual pricing and payment terms, quarter-end sales spikes, and evidence that ArthroCare may have funded DiscoCare's purchases through monthly service fee payments. Sales to DiscoCare helped ArthroCare meet its revenue forecasts for 2007. …

Stone failed to exercise due professional care and skepticism when, among other things, he agreed with the company's proposed accounting for the acquisition without adequately assessing whether such accounting treatment complied with generally accepted accounting principles.

In addition, the Board found that Stone violated PCAOB rules and standards in authorizing PwC's consent to incorporate its previously issued 2007 audit report in ArthroCare's June 2008 Form S-8 registration statement without first completing a reasonable subsequent events investigation. The Board found that when Stone authorized PwC's consent, he was aware of new allegations of impropriety concerning ArthroCare's relationship with DiscoCare in 2007, and he knew that ArthroCare and PwC were continuing to assess those allegations.

Mr. Stone, a CPA who is now an ex-partner at PwC, was assessed a $50,000 civil penalty and barred from associating with a registered public accounting firm for a minimum of three years. It is doubtful if he will be able to perform significant audits for any large accounting firm ever again. So he was certainly held accountable.

When fraud and employee corruption occur, we need to perform a rigorous root cause analysis to understand what and why – and most especially how. Should we determine there was negligence at the upper levels of management, we need to hold those leaders accountable

Conversely, when you find an entity where senior leadership is not being held accountable for its actions (or inactions) then you can be fairly certain you are going to find corruption and fraud somewhere lower in the organization.