**5. The 2000s crisis up to 2008: folly in financial services sector**

Corporate scandals were the focus on the early 2000s, and enforcements were designed to restrict firm behavior.

A survey of CFOs (40 countries, between 2000 and 2001) showed that the lack of adequate disclosure of information (risk taking, company's strategy and plans and financial goals) was an issue of most concern around the world [68]. It illustrates that spectacular scandals were not isolated cases.

Among the most outrageous scandals at this time were Enron, Worldcom, Tyco and Parmalat. The first to break out was Enron, in late 2001. They fabricated revenues, misreported cash flows and intensively used SPEs and offshores to hide off balance sheet liabilities and to enhance volume of sale transactions, among many others scams. It is worthy to highlight that along 2000 year Enron still figured as one of the biggest company in the USA and ranked seventh on the Fortune 500 list [9, 21, 69].

"In a age, when the average consumer has only the vaguest notion of the actual activities of a vast, complex corporation, the public image of the corporation substitutes for more specific or

In the image Era, celebrity is a short path to gain legitimacy from broader public and stakeholders. Celebrity promotes a positive emotional response leading to a favorable perception of a firm's quality and ability, even if its performance and historical data do not suggest this. Media play an important role as it controls the content to be divulgated and the instrument to do it. It dramatizes a story where companies are protagonists. These external narratives would help companies create an internal positive sense-making of what was going on and

In an environment that emphasizes a narcissistic culture, a message more than its content, with a media planting pseudo events, executives and companies also turned their attention to manage this impression about them. If reality was not so attractive and enforcements were being setting in order to restrict their behaviors, there was an intrinsic incentive to pseudo-actions and structures with placebo effects on people's impressions and definition of reality [51, 55–57]. Then, companies and their executives applied impression management on financial statements and communication [9, 21, 58, 59], on corporate governance [55] as on internal culture, control systems and negotiation [60, 61]. The *accounting for growth* and *accounting for profit* made history in this last decade [55, 62]. The spontaneous norm was: "Do whatever you can to show the profit rate is growing (…) whatever you can"

If in the 1980s, the misstatements were concentrated on earnings manipulation shenanigans [58, 63], in the 1990s with increasing concern regarding financial situation and excessive remuneration, two other groups of shenanigans were adopted: cash flow and key metric misrepresentation or fraud [9]. And it must be added to this list the external auditors role as helping companies in creative accounting and storytelling about numbers [64] and, ineffective

Finally, the reduction in regulatory oversight as in severity and probability of being convicted for fraudulent accounting practices, added to lack of specialized knowledge of board members, analysts and regulators agents, complemented the enforcement landscape of the 1990s

Corporate scandals were the focus on the early 2000s, and enforcements were designed to

A survey of CFOs (40 countries, between 2000 and 2001) showed that the lack of adequate disclosure of information (risk taking, company's strategy and plans and financial goals) was an issue of most concern around the world [68]. It illustrates that spectacular scandals were

**5. The 2000s crisis up to 2008: folly in financial services sector**

more circumstantial notions of what is actually going on". [52, p. 191]

34 Corporate Governance and Strategic Decision Making

weak internal control did not represent a red flag [28, 53, 54].

[62, p. 231].

audit committees [65].

and the early 2000s [66, 67].

restrict firm behavior.

not isolated cases.

Enron was an example of what had been practiced by many companies around the world. The problem was its size and power to broad contaminate the financial system. Its collapse showed up the limits of those malpractices that had been overlooked by regulatory agents, boards, auditing firms and other stakeholders. It was an emblematic case of corporate fraud [70]. Creative accounting can be used within the boundaries of regulation but fraud usually goes beyond, without being perceived or at least, stopped [9]. The image and globalized era turned this kind of fraud a threat to capitalism system.

Among varied practices used to perpetrate the fraud, Enron created a business non regulated, promised unreal gains, fragmented processes in order to control employees by rotinization and socialization and to diffuse culpabilities, granted exceptional compensation for deviant activities, created a complex structure of companies to simulate transactions, executed accounting frauds to cheat investors, auditing and regulation and got involvement of third parties (auditing, politicians, analysts, rating agencies and financial institutions) (see [29, 53, 68–72]). All of these were facilitated by the mega spectacle of image projecting accessing cognitively the ideology of power and competence, neutralizing any critical position. The power spectacle arouses obedience and the competence spectacle grant business legitimacy, even when this clashes with substantial evidences [70].

Principles of corporate governance consolidated in the late 1990s, highlighted the need of controlling the executive remuneration, the quality of accounting information and independence of board members. Corporate frauds usually bypassed these recommendation and created a sense making that excessive remuneration was result of smart guys competence (the Masters of Universe staff); since Enron was the second largest client of Arthur Andersen and the largest of rating agencies, it got their involvement overlooking the red flags on business; and finally, the chairman and chief executive officer was the same person but he was a celebrity [15, 72].

In summary, it was created a smokescreen that did not allow accessing the non-compliance and even rationalized it. What Enron scandal brought to light was that lenient behavior toward governance recommendations would not promote an excellent performance in New Economy but instead, would facilitate and legitimate corporation frauds and add a great risk to financial system.

In the summer of 2002, WorldCom collapsed. It operated for years releasing reserves into income created by creative accounting on acquisitions. Financially struggled, they inflated cash flow, capitalizing what should be expensed. Despite being a fraud much simpler than Enron, it was huge in amount of money. It was also client of Arthur Andersen [9, 15, 21]. That was the same mechanism used by Tyco, the other scandal of 2002. By creating reserves in acquisition operations, they inflated income and when an event struggled his cash, operating cash flow was also inflated. It was client of PwC [9].

Vivendi, Ahold and Parmalat inaugurated the scandals time in Europe [73–75]. They were cases of report of non-existent asset, non-report of liabilities, cash-flow misrepresentation and frauds, off-balance sheet assets and other creative accounting to inflate revenues. They were also client of important auditing firms like Arthur Andersen, Grant Thornton, Deloitte & Touche. Ineffective corporate governance figured in the list of failures.

This sequence of scandals did not affect the confidence only on capital market but also on auditors, supposed to confer accounting information and procedures. Therefore, it is time to run some considerations about auditing firms. They faced a great crisis of confidence, as they were part of the problems that culminated into scandals. To Arthur Andersen, however, the punishment was drastic. It seemed that they went out of business not in function of audit failures since many other times they faced lawsuits of this kind, but they deliberated destroyed documents obstructing justice and characterizing a widespread criminal conduct. The verdict, however, was not based on destruction itself but on an email sent to Enron warning that earnings announcements for SEC in October should be altered in order to give them less information [15]. These conducts would be considered in further regulation.

The auditing activity was born in Great Britain with industrial revolution. Join stock companies supplied increased demand of huge sum of capital. The British Companies Act of 1845, with the purpose of protecting investor from incompetence or malfeasance of directors, required that companies must keep detailed accounting records and be annually audited by a committee of shareholders [15].

The accounting industry started to be competitive in late 1970s and in 1980s audit fees felt down drastically. From them on, this industry saw a concentration phenomenon into a Big 5 auditing firms that started also to offer consulting services to aggregate value. Besides the revenue concentration, they started to concentrate power as well, and they were protagonist on many lobbies to avoid regulation, as that of SFAS 23 in 1996 and then the auditor's independence requirement pos-2000 scandal [15, 29]. Increasing consulting services turned this proximity to managers to be promiscuous. This last regulation required the separation of consulting and auditing services and was a SEC's effort to avoid problems of noncompliance. It was motivated by a scandal involving PwC in January 2000, when it came to public that more than its 1.500 auditors were accused of violating professional standards. But it suffered an intense opposition by auditing firms. Forty-six members of Congress asked SEC to withdraw, amend or delay the proposal. After lobbying that could result in a retaliatory cut on SEC's budget, it allowed companies to continue to offer other services conditioning the separately disclosure of them in November 2000. When firms disclosed revenues from tax and consulting services in 2001, even SEC was astonished [15]. An Audit Committee to oversee the audit process became a necessity more than a desirable characteristic of corporate governance (e.g. [29]).

Academic studies continued to be conducted over companies from 1990s to the first years of 2000s. The results were not so different from prior ones. There were some inconsistencies depending on analytical method or sample but most of them highlighted the preferences to outside directors not overcommitted (when they serve on many boards, they have less time to do a good job), to separation of chairman from CEO roles, to audit committees that meet more frequently and have more financial expert members (e.g. [36, 76, 77]). All of these were considered in further regulation and codes.

acquisition operations, they inflated income and when an event struggled his cash, operating

Vivendi, Ahold and Parmalat inaugurated the scandals time in Europe [73–75]. They were cases of report of non-existent asset, non-report of liabilities, cash-flow misrepresentation and frauds, off-balance sheet assets and other creative accounting to inflate revenues. They were also client of important auditing firms like Arthur Andersen, Grant Thornton, Deloitte

This sequence of scandals did not affect the confidence only on capital market but also on auditors, supposed to confer accounting information and procedures. Therefore, it is time to run some considerations about auditing firms. They faced a great crisis of confidence, as they were part of the problems that culminated into scandals. To Arthur Andersen, however, the punishment was drastic. It seemed that they went out of business not in function of audit failures since many other times they faced lawsuits of this kind, but they deliberated destroyed documents obstructing justice and characterizing a widespread criminal conduct. The verdict, however, was not based on destruction itself but on an email sent to Enron warning that earnings announcements for SEC in October should be altered in order to give them less

The auditing activity was born in Great Britain with industrial revolution. Join stock companies supplied increased demand of huge sum of capital. The British Companies Act of 1845, with the purpose of protecting investor from incompetence or malfeasance of directors, required that companies must keep detailed accounting records and be annually audited by

The accounting industry started to be competitive in late 1970s and in 1980s audit fees felt down drastically. From them on, this industry saw a concentration phenomenon into a Big 5 auditing firms that started also to offer consulting services to aggregate value. Besides the revenue concentration, they started to concentrate power as well, and they were protagonist on many lobbies to avoid regulation, as that of SFAS 23 in 1996 and then the auditor's independence requirement pos-2000 scandal [15, 29]. Increasing consulting services turned this proximity to managers to be promiscuous. This last regulation required the separation of consulting and auditing services and was a SEC's effort to avoid problems of noncompliance. It was motivated by a scandal involving PwC in January 2000, when it came to public that more than its 1.500 auditors were accused of violating professional standards. But it suffered an intense opposition by auditing firms. Forty-six members of Congress asked SEC to withdraw, amend or delay the proposal. After lobbying that could result in a retaliatory cut on SEC's budget, it allowed companies to continue to offer other services conditioning the separately disclosure of them in November 2000. When firms disclosed revenues from tax and consulting services in 2001, even SEC was astonished [15]. An Audit Committee to oversee the audit process became a necessity more than a desirable characteristic of corporate governance (e.g. [29]). Academic studies continued to be conducted over companies from 1990s to the first years of 2000s. The results were not so different from prior ones. There were some inconsistencies

& Touche. Ineffective corporate governance figured in the list of failures.

information [15]. These conducts would be considered in further regulation.

cash flow was also inflated. It was client of PwC [9].

36 Corporate Governance and Strategic Decision Making

a committee of shareholders [15].

The environmental conditions that surrounded these scandals yet included impression management. Besides companies that effectively had weak corporate governance, some others adopted board independence, for instance, just to demonstrate governance compliance to financial stakeholders, without actual improvements on it. It is part of verbal impression management by CEO in communications to analysts [55].

After Enron collapse news broke in November 2001, followed by revelations about Arthur Andersen and other companies involved, improvements on governance could not be postponed anymore.

More than 30 Bills were drafted along the first semester of 2002. Two of them were approved. The first was the Republican Oxley's Bill approved in April 2002 by the House of Congress. It created the special Board to regulate auditor activities and restricted consulting services provided by them. But it was softer than expected by part of Democrats. The second one, the Sarbanes's Bill, was running on Senate but in slow motion. Approved on a special Commission in June 2002, it seemed that it would not be scheduled for final approval as senators were mobilizing around the election of November. What changed the course of this history was the break out of WorldCom scandal. American society was not recovered from Enrons's scandal to face another one with that proportion. The Sarbanes's Bill was approved in July 15 by a vote of 97 to 0 [15].

Then the Act that promoted a great reform became known as Sarbanes-Oxley Act of 2002. The purpose was once again to restore investor confidence on financial market. Among many objectives, there were the enhancement of corporate responsibility and financial disclosure as so the avoidance of corporate and accounting fraud. It was a temptation to broad responsibilities and applies more severe punishments to companies and their executives [2, 9, 15, 61].

In order to operationalize this enforcement, SOX created the Public Company Accounting Oversight Board—PCAOB, to oversee the activities of the auditing profession. PCAOB was under SEC direction and was funding by auditing firms and clients. The banning of consulting activities was not required but it was explicitly prohibited nine specific services deemed incompatible with auditing: bookkeeping, financial information system design and implementation, actuarial services, internal audit outsourcing, investment banking services, legal advice, appraisal services and executive recruiting [15]. The main responsibilities of the Board contemplate registering public accounting firms and conducting periodic inspections to ensure that they comply with expected standards. They can investigate and impose sanctions to audit failures. It is not a surprise that once again a strong congressional lobby took place to prevent the indication of a president for PCAOB that would execute SOX's requirements effectively.

SOX, along its eleven chapters [3]:


SOX required that SEC regularly revised companies disclosures and statements considering some red flags: if they restated financial information many times, if stock price suffered a huge volatility in comparison to other companies, emerging companies with disparate proportion between profit and prices and companies that significantly affect economy. These aspects of its revision all addressed to signals presented on corporate fraud companies showing that things were not going that good but were overlooked.

SEC had proposed management reporting on internal control effectiveness a couple of times before, as in 1979 and 1988, but only with SOX, there was a final rule about it. The SOX's section 404 relates to it. It requires that an internal control report be produced annually. This report attests the responsibility of directors in structuring and keeping an internal control system proper to accountability.

Although Section 404 did not mention COSO, it was then the main available instrumental to execute its requirements. COSO revised and reissued the Internal Control Guidance and continued to improve it until the recent version of 2013, yet addressing to Section 404 of SOX. Context of 20 years back did not include internet, email, outsourcing activities, and the role of boards and audit committee was pretty different, which required some updated. All of these changes had affected internal control management. This revision also emphasized principles and its attributes (not so explicit in 1992 version) and broadened the objectives. SOX focused on financial reporting but framework focused also on compliance and operation as well [40, 78].

SOX, along its eleven chapters [3]:

38 Corporate Governance and Strategic Decision Making

• Prohibited loans to officers and directors.

• Required more disclosure of off-balance sheet financing.

ing that things were not going that good but were overlooked.

• Limited benefits plans to employees.

system proper to accountability.

previous years.

managers.

• Required that audit firms rotate the lead engagement partner every 5 years.

• Prohibited auditing services to firms where CEO, CFO, CAO or controller was previously employed at the accounting firms and has participated in the audit of that company in

• Emphasized the auditor's responsibilities to board of directors, investing public and

• Required Audit Committee members to be independent and responsible for appointing, compensation and overseeing the company's independent auditors. They should receive and investigate complaints about accounting and auditing matters. One of their members should be financial expertise and all should be also members of Board of Directors. • Required corporate executives to certify in writing that financial statements comply with standards, free of misrepresentation. If there was a problem with that, this certification would allow them to be subject to civil and criminal penalties (20 years in prison). Those internal controls that were fragmented to dilute and diffuse culpabilities now lose efficacy.

• Increased the maximum prison sentences for securities fraud executed by mail and wire (20 years) and for documents destruction during a federal investigation or bankruptcy (20 years). SOX required that SEC regularly revised companies disclosures and statements considering some red flags: if they restated financial information many times, if stock price suffered a huge volatility in comparison to other companies, emerging companies with disparate proportion between profit and prices and companies that significantly affect economy. These aspects of its revision all addressed to signals presented on corporate fraud companies show-

SEC had proposed management reporting on internal control effectiveness a couple of times before, as in 1979 and 1988, but only with SOX, there was a final rule about it. The SOX's section 404 relates to it. It requires that an internal control report be produced annually. This report attests the responsibility of directors in structuring and keeping an internal control

Although Section 404 did not mention COSO, it was then the main available instrumental to execute its requirements. COSO revised and reissued the Internal Control Guidance and continued to improve it until the recent version of 2013, yet addressing to Section 404 of SOX. Context of 20 years back did not include internet, email, outsourcing activities, and the role of boards and audit committee was pretty different, which required some updated. All of these changes had affected internal control management. This revision also emphasized principles The COSO is a framework organized in Cubes. The COSO 2013 combines three categories of objectives: operations, reporting and compliance. These objectives are reached with good internal controls in five integrated components: environment, risk assessment, activities, information and communication and monitoring activities. All these controls are spread into different levels of company structure: entity as a whole, divisional, operating unit and functional level. Although SOX does not require IT audit in this frame, COBIT was seen as a complementary framework to COSO internal control. COBIT focuses on IT processes and their relationship with internal control, based on COSO definition [40, 41].

SOX still requires that be provided information about risk taken by company and mainly material weaknesses. There are many forms to manage risks but the framework issued by COSO, The Enterprise Risk Management (ERM)—Integrated Framework, known as COSO 2, also became popular worldwide. The distinction of the frameworks developed by them was that it started with objectives and not with risks. There are risks in achieving those objectives and controls to mitigate them. It is important to company explicit that some strategies require risks to be taken and other risks are taken by choice.

Since SOX, other requirements about risk oversight processes were issued. Audit Committees were required to oversee these processes by New York Stock Exchange in 2004 and SEC required broad information about board's role in risk oversight in 2009 [79]. This movement turned more intense after 2008 crunch, to be commented in the next section.

One of the main issues highlighted in 1990s, which figured as part of problem in some corporate scandals of early 2000s, was the stock option not expensed—a risk neither measured nor disclosure. Despite feverous academic discussion about that (e.g. [25, 80]), FASB proposed the SFAS 123R in December 2004, requiring that employee stock options be valued on the date they were awarded and expensed the vesting period of them. It was an intermediary solution. This discussion leads to the controversy regarding the adoption of IFRS in USA.

After 2000 scandals, an increased number of countries started to adopt the International Financial Reporting Standards (IFRS) set by International Accounting Standard Board (IASB). Now, there are 149 jurisdictions that had already converted to it. Its mission is to bring transparency, accountability and efficiency to financial markets around the world, contributing to financial stability. The specific IFRS no 2—Accounting for Share-Based Payments started to be discussed on 2000 and was issued in 2004 [81]. Differences between IFRS 2 and SFAS 123R would impact earnings report, effective tax rate and cash flow [82]. A bigger challenge lies on the fundamental difference between European and American standards. While American rules privilege *form over essence* and are more rules-based model, Europeans privilege *essence over form* and are more principle-based model. There are other economic implications to U.S. companies and political ones to FASB, which does not want to lose its supremacy [83, 84].

An important signal that companies were misrepresenting and enforcements were putting increased pressure on them was the restatements level. In 1997, 116 listed companies in the USA restated their financial reports, between 1997 and 1989 there were 292, but the number increased to 330 companies only in 2002. After SOX, in 2004 and 2005, there were 1.818 earning restatements [15, 62]. A study conducted over 919 restatements between 1997 and 2002 found that the most of them were driven by deceptive accounting practices [85]. Approximately 10% of all listed companies restated their financial information at least once during this period of time [15].

Corporate accounting scandals led to important reactions that created laws, rules and code of conducts. Over the time, all these regulations become cumulative and environment more complex. Increased penalties, punishments, stricter regulations seemed not to avoid creative accounting and malpractices [67, 86, 87]. Instead of being effective against misconducting, all these effort turn environment yet more complex and vulnerable [9].

Notwithstanding, it is worthy to point out that SOX did not reverse the deregulation of financial market. There was an amendment to SOX approved in 2003—The Securities Fraud Deterrence and Investor Restitution Act that actually limited states activities to uncover frauds. Therefore, mutual fund was protected from over regulation. FASB and SEC continued to be politically influenced by lobbies [29].
