Monday, April 4, 2005
One of the requirements imposed by the Sarbanes-Oxley Act is that companies must certify that their internal accounting controls are sufficient to identify and prevent improper recording of revenue, expenses, etc. Section 404 of the Act requires the company to provide an assessment of the effectiveness of its internal controls, and the CEO/CFO certification requirement for the company's financials puts senior executives on the line. Veritas Software Corp., a large Silicon Valley storage software company, announced last week that it would have to delay the filing of its annual report and Form 10-K because of problems with its internal controls. A press release (here) issued by Veritas states (get ready for accounting-ese):
The company has now determined that the aggregation of its control deficiencies, which include two significant deficiencies, constitute a material weakness (as defined in Public Company Accounting Oversight Board Auditing Standard No. 2). One of the significant deficiencies relates to the company's controls over its order entry processes, while the other relates to its review of multiple element software license transactions.
The company's management has determined that the identified control deficiencies amount to a material weakness because they believe that these deficiencies, in combination, could result in a more than remote likelihood that a material misstatement of the annual or interim financial statements would not be prevented or detected. Notwithstanding the deficiencies, the company does not expect that the material weakness will result in any such misstatements or in any adjustments to its previously announced financial results for the fourth quarter and fiscal year ended December 31, 2004, or for any prior period.
To put it in English, the company has potential problems with how it has booked revenue from the sales of its software, and in this industry it is likely a problem with the timing of income from the sale and licensing of software.
How serious is problem? Well, language along the lines that it is a "more than remote likelihood that a material misstatement" could occur does not really say much, but it is at least bad enough to have gotten the attention of senior management and the company's auditors. The problem for Veritas is that the company is scheduled to be acquired by Symantec Corp., a deal announced in December 2004. Internal controls problems are usually a sign of potentially significant financial disclosure problems, and no company wants to buy a ticking time bomb (just ask Cendant about its merger of HFC and CUC that nearly destroyed the company once the accounting problems at CUC came to light). When the Symantec-Veritas deal was announced, the companies said they hoped to close the acquisition by the end of the second quarter -- June 2005 -- but that may not be possible as long as there are outstanding accounting issues to be resolved.(ph)