Over the past two years, the SEC has increased its focus on enforcement actions against companies for lack of internal controls in proceedings that have spanned a range of industries and have implicated several distinct accounting issues. The cases demonstrate that the SEC is not aiming to second-guess good-faith decisions, but that it nevertheless will take decisive action when it believes management turns a blind eye to red flags. These actions serve as a potent illustration of the importance of implementing, maintaining, and verifying internal controls at various levels, and of ensuring that directors stay informed and active in their oversight of financial reporting. In addition, these cases provide companies with insight into specific steps that they can take to lessen the prospect of becoming a target for an enforcement action.
Stein Mart, Inc.
The SEC instituted cease-and-desist proceedings in September 2015 against Florida‑based retailer Stein Mart that stemmed from Stein Mart’s alleged improper valuation of inventory subject to certain price discounts. Stein Mart used three different types of markdowns: temporary or point-of-sale (POS) markdowns, permanent markdowns, and “Perm POS” markdowns.
The SEC’s investigation focused on Stein Mart’s practices related to Perm POS markdowns. Although Perm POS markdowns, which resulted in price reductions from 30% to 75%, were permanent, they were treated like temporary markdowns in that “Stein Mart reduced the value of inventory subject to these markdowns at the time when the item was sold rather than immediately at the time the markdown was applied.” According to the SEC, “As a result, Stein Mart materially misstated its pre-tax income in certain quarterly filings with the SEC, including an overstatement of almost 30 percent in the first quarter of 2012.” Because Stein Mart did not write down the inventory value immediately when the markdown was taken, its markdown practice did not comport with Generally Accepted Accounting Principles (GAAP). Stein Mart’s improper valuation policy caused it to overstate its pre-tax income during the first quarter of 2012 by nearly 30%.
The SEC identified a number of instances in which the company lacked sufficient internal controls. For example, the SEC found Stein Mart’s merchandising department made the decision to categorize markdowns without knowing the impact of the markdowns on the inventory valuation accounting. To the same end, the SEC found the company’s accounting department had no way of knowing how the markdowns were categorized and whether the merchandise associated with Perm POS markdowns was accounted for properly. According to the SEC, when Stein Mart’s CFO first learned about the Perm POS markdowns, he consulted with internal personnel and the audit committee, which believed that the valuation of Perm POS merchandise was proper. More than a year later, the company consulted with its external auditor, which concluded that the policy was improper and that Stein Mart should write down the inventory for Perm POS markdowns at the time that markdowns were taken, instead of when the product was sold. As a result of the various books and records violations, Stein Mart agreed, without admitting or denying the SEC’s findings, to pay a civil penalty of $800,000.
JDA Software Group, Inc.
The SEC instituted case-and-desist proceedings in September 2014 against JDA after an investigation that focused on JDA’s treatment of a critical component of revenue recognition known as vendor-specific objective evidence of fair value, or VSOE. JDA sells software licenses and related services, including managed or cloud services, consulting services, post-contract customer support, and education and training. JDA sells its services in several ways, including “multiple element arrangements,” which were the focus of the SEC’s investigation. In these multiple element arrangements, JDA would bundle a software license and some or all of the related services and sell them as a single contract.
Specific software revenue recognition rules govern such arrangements. Generally, a company cannot recognize the entire amount of revenue that is due under the contract (even when the amount is paid up front) when the agreement provides for delivery of services over a period of time that is longer than the reporting period. Rather, the company must recognize revenue over the term of the agreement. To avoid this rule, the company must establish VSOE.
According to the SEC, JDA had inadequate internal controls with respect to VSOE. Instead of conducting studies of prior transactions to determine whether it could establish VSOE, JDA relied on management authority. But to do so, JDA was required to demonstrate that the prices charged for services in multiple element arrangements actually conform to prices set by management. JDA did not have sufficient policies to make this determination. When JDA did undertake to establish VSOE by studying past transactions, it did not adequately characterize the transactions so that they could be used for this testing. In particular, two of the five transactions that JDA studied were not stand-alone transactions, such that they could help to establish VSOE; instead, they were linked to other software license agreements.
As a result of the lack of internal controls, the SEC alleged that JDA had materially misstated its revenue from 2008 through the third quarter of 2011. The SEC ordered JDA to pay a civil penalty of $750,000.
Suggestions and Guidance
Based on the foregoing enforcement actions, there are several concrete steps that companies can take to prevent or mitigate their exposure to liability as a result of internal controls breakdowns.
- Increase communication and the level of information shared between the finance department and other departments. For example, the accounting department should have access to information regarding the mechanics of business processes and decisions that affect financial reporting, as was the case in the Stein Mart action.
- Directors are the key gatekeepers for ensuring that financial statements are accurate. They must take affirmative steps to uncover all the facts when an issue arises and should not hesitate to consult with external auditors. In some instances, companies may consider engaging an independent compliance consultant to conduct a program assessment of internal accounting controls and financial reporting.
- Retailers should ensure that inventory valuations are conducted in compliance with GAAP and should pay particular attention to inventory that is subject to markdowns.
- Software companies that derive revenue from term agreements should work to establish VSOE so that they can properly record and report revenue from software license sales. In doing so, they need to conduct specific VSOE studies and cannot rely solely on management authority. The need for rigorous analysis to determine the value of products and services sold in connection with booking revenue will become more important across many industries when new revenue recognition rules come into effect for most public companies in 2018.
These cases demonstrate the SEC’s recent willingness to bring financial reporting and disclosures actions that do not also involve fraud charges. Ensuring that companies employ robust internal controls, such as those discussed above, is a key aspect in avoiding enforcement actions. Taking these steps decreases the possibility of misconduct or misstatements that catch the attention of the SEC and lead to greater scrutiny, as these companies have learned firsthand.