CEOs and CFOs Beware: SOX Can Bite

On July 30, 2014, the SEC announced fraud charges against the CEO and former CFO of QSGI Inc. (“QSGI” or the “Company”), for misrepresenting to external auditors and the investing public the state of the Company’s internal controls over financial reporting. QSGI is a Florida-based computer equipment company that emerged from bankruptcy in 2011, and trades in the over-the-counter market. This case is particularly interesting because it does not involve a restatement of financial statements or allegations of accounting fraud but rather appears to expand the range of conduct for which the SEC has historically pursued fraud claims against corporate officers.

The SEC’s enforcement action was based on disclosure issues surrounding the Company’s internal controls over financial reporting and senior management’s purported involvement in a review of the internal controls. In this regard, the Sarbanes-Oxley Act of 2002 (“SOX”) requires management to report on an issuer’s internal controls over financial reporting and to include that report in the issuer’s periodic filings with the SEC. As part of that process, the CEO and CFO must sign certifications confirming that they have disclosed all significant deficiencies to the outside auditors and have reviewed the periodic report and attest to its accuracy. Unfortunately, these SOX certifications and their underlying duties can become viewed as routine and ministerial in nature, much to the detriment of the signing officers.

The Background

According to the SEC’s individual orders instituting cease and desist proceedings against them, the Company’s CEO and CFO were aware of deficiencies in and the circumvention of internal controls relating to the Company’s inventory and the resulting falsification of the Company’s books and records covering the relevant period. In the course of its investigation, the SEC found that the Company had experienced recurring inventory control problems, particularly with its Minnesota operations. As such, throughout 2008 and until the Company filed for bankruptcy in mid-2009: (1) certain inventory received into QSGI facilities was shipped out without being accounted for in QSGI's books and records; and (2) items were removed from physical inventory without being relieved from inventory on the books and records.

The SEC also found that the CEO had improperly accelerated the recognition on the Company’s books and records of accounts receivable and receipt of inventory in order to increase the borrowing base available to the Company under a revolving credit facility with its chief creditor. Moreover, the SEC determined that the CFO had participated in and was aware of the decision to improperly accelerate the recognition of accounts receivable and the receipt of product into inventory for purposes of recalculating the borrowing base, and had signed the borrowing base certificates reflecting the recalculated numbers.

The Bite

The SEC charged that the officers withheld the foregoing critical information from the Company’s external auditors in connection with their audit of the Company’s financial statements, and made affirmative material misrepresentations and statements that were materially misleading as a result of the omission from management representation letters to the auditors about the design, maintenance and operation of internal controls. Indeed, not only were multiple management representation letters silent as to the existence of significant deficiencies in the design or operation of the Company’s internal control over financial reporting, in connection with the auditors’ testing of internal controls during the audit of the 2008 financial statements, the CFO orally represented that key controls were in place and that there were no significant deficiencies to report.

As a result of their conduct, the SEC charged that the officers violated Section 13(b)(5) of the Securities Exchange Act of 1934 (“Exchange Act”), which prohibits any person from knowingly circumventing or knowingly failing to implement a system of internal accounting controls or knowingly falsifying any book, record or account required to be filed with the SEC, as well as Exchange Act Rule 13b2-1, which prohibits any person from, directly or indirectly, falsifying or causing to be falsified, any such book, record or account. The SEC also found that the officers had violated Section 10(b) and Rule 10b-5 of the Exchange Act by making materially false and misleading statements in their SOX certifications, which were attached to the relevant Forms 10-K and 10-Q filings, to the effect that the officers had: (1) evaluated the Company’s internal controls over financial reporting; and (2) disclosed to the external auditors all significant deficiencies reasonably likely to have an adverse effect on the Company’s ability to record, process, summarize and report financial information.

According to the SEC, had the officers disclosed the deficiencies and the circumvention of inventory controls, as well as the improper acceleration of accounts receivable and inventory recognition, the auditors would have changed the nature, timing and extent of their procedures in conducting the audit of QSGI’s financial statements. Not only did the management reports included in the Company’s filings falsely represent that management, with the participation of the CEO, had evaluated the Company’s internal controls over financial reporting using the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission, the CEO had not in fact participated in any such evaluation, nor was he even familiar with the referenced framework.

The Result

Without admitting or denying the SEC’s findings, the former CFO consented to a cease and desist order finding that he willfully violated the Exchange Act and caused QSGI to violate the Exchange Act at the same time. He agreed to pay a $23,000 penalty, be barred from serving as an officer and director of a publicly traded company for five years and be suspended for at least five years from practicing as an accountant on behalf of any publicly traded company or other entity regulated by the SEC.

The CEO has not settled this matter and has determined to fight the SEC charges by appearing at an evidentiary hearing before an Administrative Law Judge in the near future. We will issue a follow-up to this Alert upon the release of a decision by the Administrative Law Judge.

The Recommendation

In its press release announcing the charges, Scott Friestad, an Associate Director in the SEC's Division of Enforcement stated, “[c]orporate executives have an obligation to take the Sarbanes-Oxley disclosure and certification requirements very seriously. [These two officers] flouted these regulatory requirements and misled investors and external auditors in the process.” 

The SEC’s message is pretty clear: management needs to be open and candid with its external auditors about internal controls issues. Otherwise, officers of public companies who treat the SOX certifications as boilerplate and their underlying duties as ministerial may be surprised one day by a call from Mr. Friestad or his staff investigators.

For more information about these SEC administrative actions or SOX responsibility and compliance, please contact the author of this alert, Robert B. Murphy (202-906-8721 or rmurphy@dykema.com) or D. Richard McDonald, who leads Dykema’s public company practice group (248-203-0859 or drmcdonald@dykema.com), or any of the attorneys listed to the left.