The Securities and Exchange Commission slapped software giant VMWare with accounting fraud charges Monday, accusing it of slow-rolling the delivery of software to customers so the company could prop up its order backlog and delay revenue recognition into future quarters.
VMWare will pay $8 million to settle the charges, a paltry sum for a $10 billion dollar software business. Still, the case does offer some interesting morsels for all you internal accounting control enthusiasts out there. Let’s take a look.
As described in the settlement order, VMWare’s typical operations in the late 2010s included a backlog of software orders not yet delivered. Those pending sales were sometimes subject to “holds” where the company delayed the delivery of license keys to the customers. Since VMWare only recorded revenue upon delivery of those keys, the holds exerted considerable influence over when sales were completed and revenue recorded on VMWare’s books.
Some of those holds were mandatory, such as orders held back for export compliance reasons. Starting in VMWare’s fiscal 2019, however, and lasting through fiscal 2020, the company began using discretionary holds much more often — essentially, controlling the pace of revenue recognition to meet Wall Street’s earnings expectations.
An order might be noted in VMWare’s sytems, the SEC said, but placed on hold until just after the quarter’s end. Then the hold would be released, the license keys delivered to the customer, and the revenue recorded on the next quarter’s books. The practical effect was to smooth VMWare’s revenue streams, and hide the reality that VMWare’s revenue growth was actually stalling out over time.
At the end of fiscal 2019, VMWare reported $449 million in backlogged sales, and more than 90 percent of that number ($409 million) consisted of discretionary holds. As sales then slowed in fiscal 2020, VMWare burned through almost all that discretionary backlog, until the amount stood at only $4 million by the end of the year.
For its part, VMWare published an anodyne press release about the matter, stressing that the company neither confirms nor denies the SEC’s findings and that the SEC won’t be bringing charges against any VMWare executives relating to the issue.
Having a backlog of sales is nothing special in the corporate world, of course. The real issue here, the SEC said, was how VMWare described its backlog to investors in quarterly filings.
Beginning with its 2019 quarterly filings, VMWare told investors, “The amount and composition of [VMware’s] backlog will fluctuate period to period, and backlog is managed based upon multiple considerations, including product and geography” — but that description didn’t specify what other considerations might be involved, such as any regarding earnings expectations.
Meanwhile, VMWare executives developed a formal, written policy for the discretionary holds. Senior finance, sales, and accounting personnel held regularly scheduled meetings around Week 9 of each 13-week quarter, where they made decisions about discretionary holds. The policy said holds could be “value-based, product-based, geography-based or any combination,” and that holds would be placed on or after Week 9.
So according to the SEC, the offense here wasn’t so much that VMWare was managing its backlog to meet earnings expectations, but rather that VMWare wasn’t disclosing that fact clearly enough. As the SEC put it:
In making public statements regarding its backlog, VMware omitted material information regarding the extent to which the company controlled its quarter-end total and license backlog numbers through its use of discretionary holds, and the extent to which it used backlog to control the timing of revenue recognition generally. The managed backlog disclosure did not convey to investors the material information that backlog was used by VMware to manage the timing of revenue recognition based upon factors such as the company’s financial guidance and analysts’ estimates.
One wonders how the SEC might have responded if VMWare simply had told investors, “Yep, we manage our backlog to meet earnings expectations.”
Internal Control Lessons
A recurring theme in this enforcement action is management’s subjective judgment gone wrong.
For example, the company did have a written policy about how to use discretionary holds; but that policy was so broadly worded — “backlog is managed based upon multiple considerations, including product and geography” — that executives could twist the policy to fit whatever aims they wanted. Like, say, manipulating the sales backlog to meet earnings expectations and hide weakness in revenue growth.
In theory, one could say that management should have had more disciplined documentation requirements, forcing executives to justify their discretionary holds according to more objective criteria. I’ve mentioned that concept before, in other posts about poor management judgment that gets the company into trouble. Your internal controls should require enough documentation that poor decisions stick out like a sore thumb, so that auditors or the board’s audit committee can see those bad choices from a mile away.
Then again, there’s a broader lapse in management judgment here, too. The SEC rapped VMWare on the knuckles for failing to disclose that it used discretionary holds to manage earnings; but even if the company had disclosed that, does anyone believe that would be a good idea?
I simply wonder what VMWare was thinking. When the company implemented its new disclosure in 2019, talking about how the backlog “is managed based upon multiple considerations” — that language was, according to the SEC, drafted by senior finance and accounting personnel, with review and input from senior management, the audit committee, and the external audit firm (PwC, if you’re curious). Nobody saw the potential for mischief here?
More precisely, those reviewers should have foreseen the potential for earnings management, and implemented a stricter policy requiring more documentation, as we mentioned above.