The Securities and Exchange Commission has charged a Texas leather goods company with failing to maintain an effective inventory accounting system, which ultimately led the firm to restate two years’ worth of financial results and send its CEO packing. It’s a cautionary tale for the rest of us about how a poor control environment can lead to poor control activities, and the mess that inevitably follows.
The company in question is Dallas-based Tandy Leather Factory, founded in 1919 to sell specialty leather goods and leatherwork products. These days Tandy operates 105 stores across most of North America (plus one in Spain), and has about $75 million in revenue.
What happened? According to a settlement announced Wednesday by the SEC, Tandy and long-time senior executive Shannon Greene knowingly relied on a faulty accounting system for years, which led to inaccurate reporting of inventory, net income, gross profit, and other line items. That eventually forced the company to restate financial results for all of 2017 and 2018, plus part of 2019.
Tandy and Greene both agreed to cease-and-desist orders against future violations, although (as usual) they neither admitted nor denied the SEC’s accusations. Tandy also agreed to pay a civil penalty of $200,000, Greene a penalty of $25,000.
The details of the case are a good example of how bad management can lead to systemic problems with disclosure controls and financial reporting. Most SEC enforcement actions are either one or the other; we rarely see one case that connects both. So let’s take a look.
First, Poor Control Environment
The main character in the SEC’s settlement order is Greene, who was Tandy’s CFO from 2000 to 2016. In that role, she fulfilled crucial duties such as drafting the company’s enterprise risk assessment and its control narratives for important line items such as inventory.
When drafting those documents, the SEC said, Greene emphasized the stability predictability of Tandy’s operations — and the importance of Tandy’s senior management (that is, including Greene herself) to maintaining low risk and a strong control environment. For example, consider this excerpt from Tandy’s enterprise risk assessment:
…the structure of operations and the overall industry lends itself to a certain degree of predictability in the company’s financial performance. Management’s experience (length of time in the industry in particular) creates an ability to pinpoint unusual transactions, trends, fluctuations, etc. Finally, the company’s financial statements and reporting structure lack complexity which contributes to the probability of more accurate, complete and timely financial statements.
Oh dear. One immediate red flag is Tandy’s reliance on specific people, rather than on structure and process. Even if Greene were a superb financial officer (which she wasn’t, but more on that later), what if she were suddenly hit by a bus or abducted by aliens? Management’s length of time in the industry won’t help you then.
A business should never rely on specific people as assurance for its control environment. Rather, rely on specific roles that are structured in specific ways. For example, “Our controller designs the ICFR, subject to review and approval by the CFO” or “The CFO reviews the risk assessment with the audit committee quarterly,” or something like that.
Then hire the best people possible, and (ideally) give them the resources they need to fulfill the roles that were already determined.
Second, Poor Control Activities
Back to Greene and Tandy. The company’s inventory tracking system, which dated back to 2000, generated a stock keeping unit (SKU) for each item; and each SKU contained information such as cost and price. When the company purchased fresh inventory, Tandy personnel updated the pricing amounts for the SKUs.
Except, that inventory system could only hold one cost per SKU at a time, and didn’t retain any historical information. So when Tandy personnel recorded a new cost after an inventory purchase, the updated cost applied retroactively to all pre-existing products associated with that SKU.
Those of you in the retail world are probably already wincing. For the rest: this means Tandy couldn’t value its inventory correctly, because it didn’t track the historical data of costs for previously purchased supplies. The inventory tracking system over-valued Tandy’s inventory — which consequently led to incorrect numbers for net income and gross profit, as well. Figure 1, below, shows how bad the numbers were.
In theory a company could add a manual process to correct the flaws of this automated process, and Tandy did design such a process where employees would then re-value the inventory correctly. But, as the SEC put it, “Greene and others did not take steps to properly ensure implementation of this manual process.”
Which is why relying on specific individuals is such a big risk for your control environment. Those people can let effective ICFR wither, promise to make up the difference via manual processes, and then let those manual efforts wither too.
Indeed, another dimension of Tandy’s predicament was a lack of qualified personnel to design financial processes and controls. For example, the SEC said, Tandy relied on a group of non-accountant employees to handle data entry critical to Tandy’s financial reporting process. That led to mistakes such as expenditures not properly classified and inventory levels not properly calculated.
Hiring inadequate staff is a flaw of the control environment: senior executives are allowing such poor standards to exist. The consequence of that is poor control activities: employees who don’t know what they’re doing make a hash of your financial reporting.
That’s how the control environment connects to control activities, and why commitment to good governance is so crucial to corporate success. Which was not the case here.
We could also fault Tandy’s audit committee (and its outside audit firm, Weaver and Tidwell, which merrily issued favorable audit reports for years) for allowing such a flawed approach to internal control for so long.
Only after new management replaced Greene in October 2018 did the audit committee take a fresh look at the company’s corporate accounting morass. Then the Tandy did take steps to rectify the situation, such as implementing an effective accounting system, hiring competent financial reporting staff, and tapping ICFR experts to help create a new risk control matrix with a complete list of key and mitigating controls.
Sigh. If companies would only do that in the first place.