WWW.COMPUTERWORLD.COM
The Macys accounting disaster: CIOs, this could happen to you.
TheMacys accounting nightmareis only getting worse, with the $24 billion retailer telling the SEC on Wednesday that both its annual report from last year and its auditor report should no longer be relied on.Although the amount hidden was only $151 million at the high end of Macys original estimate of $132 million to $154 million the retailer said it exposed a massive weakness in its checks and balances procedures.Macys did not get specific about the nature of the flaws, but the problem seems to be that the software charged with monitoring financial transactions was never designed to catch accountants doing what they do best: categorizing numbers in ways designed to make the companys performance look better than it is.Such software is typically designed to catch true fraud, such as an employee exfiltrating money out of an enterprise into bank accounts they control, or payments to fraudulent contractors or even simple math errors. Apparently, the Macys system had weak safeguards that were easily sidestepped. Accounting officials say these same technology deficits likely exist in every enterprise.Macys management identified a material weakness in its internal control over financial reporting related to the design of existing internal control activities involving manual journal entries over delivery expenses and certain other non-merchandise expenses, and the reconciliation of the related accrued liabilities, the SEC filing said. The Company identified that a single employee, who is no longer with the Company, intentionally made erroneous accounting entries and falsified underlying documentation, to understate delivery expenses from the fourth quarter of 2021 through the third quarter of 2024.When Macys first reported the incident, it used the word hidden and made no reference to falsified underlying documentation. Those are big clues about what likely happened.The material weakness was the result of deficiencies in the design of controls over delivery expense and certain other non-merchandise expenses, and the related accrued liabilities, whereby the design of the controls did not consider the potential for employee circumvention of these controls, the company said in its filing, adding there were failures to obtain, or generate and use, relevant, quality information to support the functioning of these controls, including validation of the reliability of the information.Heres the key youve got to be kidding point: The design of the controls did not consider the potential for employee circumvention of these controls.Really? The designers for an accounting system managing $24 billion in cash flow never considered that somebody might try to circumvent controls? Like perhaps someone engaged in naughtiness?The filing also showed some seeming contradictions. It stressed, for example, that this problem was done by just one employee as though thats a good thing. Imagine a Pentagon official explaining how 40 nuclear warheads were stolen and said, I know this sounds bad, but this wasnt done by a squadron on enemy fighters. This theft was just done by one guy, so all is fine.Macys also tried to say that this was not that big a deal. The Company evaluated the errors and determined that the related impact was not material to results of operations or financial position for any historical annual or interim period.But by the end of the filing, Macys attorneys used a lot of words to essentially say this actually was a big deal.As a result of the material weakness in the Companys internal control over financial reporting described above, on December 10, 2024 the Audit Committee of the Board of the Company determined, based on the recommendation of management following its consultation with the Companys independent registered public accounting firm KPMG LLP, that managements report on internal control over financial reporting as of February 3, 2024should no longer be relied upon. Additionally, KPMG LLPs opinion as to the effectiveness of the Companys internal control over financial reporting as of February 3, 2024 included within the Report of Independent Registered Public Accounting Firm in the Companys Annual Report on Form 10-K for the fiscal year ended February 3, 2024,should no longer be relied upon.In accounting speak, declaring that their financials are not to be trusted is admitting that this is a big deal. Why? Given the lack of meaningful controls and strong safeguards in this one business unit, there is every reason to believe that the same lack of safeguards exist elsewhere in the company andaccording to accountants, in just about every enterprise.Stefan van Duyvendijk, an industry principal with accounting software vendor FloQast, reviewed Macys filing and said that the retailer is trying to distract people by implying that the small package delivery unit is the only place where Macys has this weakness.This happened because that small package area was likely deemed low-risk, van Duyvendijk said, but Macys reviews over journal entries are the same across the company.That means Macys likely knows that other similar issues could easily crop up andthatis what is tainting all of their reported financials and audits.The lone employee apparently reported that the small package unit owed less than it really did. ERP is incapable of catching something like this, van Duyvendijk said.For other enterprises, this glaring hole in controls could be worse. The Macys problem appears so far to be one employee manipulating numbers to make the department look better.It wasnt outright fraud or theft. But thats merely because the employee didnt try to steal. But the same lax safeguards that allowed expense dollars to be underreported could have just as easily allowed actual theft.What will happen when someone actually has motivation to commit fraud? They could have just as easily kept the $150 million, van Duyvendijk said. They easily could have committed mass fraud without this company knowing. (Macys) people are not reviewing manual journals very carefully.Another accounting specialist,JR Kunkle, an auditor andGRCspecialist who runs his own consulting firm, Kunkle Consulting, agreed that the ERP and accounting systems used today cant prevent accounting fraud in the way they should.If an individual is hellbent, he can change codes in the software. (Management) is going to rely on the accountant to setup the accruals, Kunkle said. Any kind of accounting entry requires judgment. And todays business software systems are incapable of reviewing and managing human judgment.Once you get inside (the accounting decision process) and there is a judgment factor, ERP can give you data about it, saying that its a shipping expense, but I dont think systems in general can figure out what an accountant should enter, Kunkle said. I dont know that you can automate that.Another financial specialist, Emburse CFO Adriana Carpenter, said that the software problem exists, but thereareaccounting tactics that can minimize exposure.Its true that most ERPs are not designed to catch erroneous accounting, she said. However, there are software tools that allow CFOs and CAOs to create more robust controls around accounting processes and to ensure the expenses get booked to the correct P&L designation. Initiating, approving, recording transactions, and reconciling balances are each steps that should be handled by a separate member of the team. There are software tools that can assist with this process, such as those that enable use of AI analytics to assess actual spend and compare that spend to your reported expenses. Some such tools use AI to look for overriding journal entries that reverse expense items and move those expenses to a balance sheet account.The specific problem Macys is struggling with could be minimized for others, she said. For example, someone bypassing safeguards can eventually be detected.In the event of management overriding accounting controls, leveraging the spend data on an end-to-end spend management platform and using AI analytics can identify this type of override by automatically comparing total spend to your P&L and identifying discrepancies, Carpenter said. In the case of this Macys accounting error, AI analytics would have identified differences in total payments versus the expense that was being reported.The ultimate problem here involves enterprise CIOs and their teams who trust software controls too much. Trusting software to religiously do what it is supposed to do is asking for trouble. Trusting that software to do what it was never designed to do? That is justdemandingtrouble.
0 Commentarii
0 Distribuiri
44 Views