OPINION
2022 Feb/22
A Listed Firm’s Major Misappropriation Scandal and its Implications for the Internal Accounting Control System
Feb. 22, 2022
PDF
- Summary
- A large-scale misappropriation scandal involving a KOSDAQ-listed firm has sparked controversy over the effectiveness of the internal accounting control system. Against this backdrop, this study investigates how frequently misappropriation and breach of trust occurred in stock-listed corporations from 2016 to 2021. According to the investigation results, the audit of internal controls that has phased in from 2019 appears to have contributed to forestalling misappropriation and breach of trust incidents to some extent. However, it should be also pointed out that it would be difficult to prevent another major misappropriation from occurring without the tone at the top. This necessitates the establishment of additional regulations to supplement the current audit system. First, as for financial assets and debts in excess of material amount, whether account balance can be verified should be assessed strictly during the review process of interim financial statements. Second, the motive for committing accounting fraud should be thoroughly inhibited by delivering greater predictability of punishment for misappropriation and breach of trust. Third, it is worth considering providing incentives for the effective establishment and operation of internal controls. This requires a provision specifying that the management and the board of directors could be subject to alleviation of personnel-related and monetary penalties if they demonstrate a properly designed and functioning internal control system. Lastly, more incentives should be given to whistleblowers to avoid another accounting fraud and detect misconduct in advance.
For preparing and disclosing reliable accounting information, each company shall have the “internal accounting control system” which includes control procedures to prevent errors, forgery, and alteration of accounting information and matters concerning the segregation of duties and responsibilities of the relevant executives and employees.
- Article 8 of the Act on External Audit of Stock Companies (hereinafter referred to as the “External Audit Act”) -
Legal liabilities related to the internal accounting control system prescribed by the External Audit Act are not limited to designing of the formal framework. They also require the management to execute practical control and operation activities and make rigorous administration efforts to ensure reliability of accounting information. There are inherent limitations as external auditing alone is not sufficient to uncover all errors or illegalities and hardly can provide absolute assurance for information users. To overcome such shortcomings, the internal accounting control system is put into place and executives responsible for preparing financial statements are legally obligated to improve the completeness of accounting information in the overall financial reporting process. In an environment controlled by a properly designed and functioning system, it is possible to reasonably prevent any wrongdoing regardless of whether the act is the result of intention or negligence.
On January 3, 2022, the KOSDAQ-listed firm, Osstem Implant disclosed that an employee responsible for fund management was under the suspicion of embezzling KRW 188 billion from the firm. This incident could or should not have occurred if the internal accounting control system had been built, administered, and operated properly. After the initial announcement of the incident, an additional allegation has surfaced, resulting in the total misappropriation amount of KRW 221.5 billion. Although the extra embezzlement worth KRW 33.5 billion has already been returned to the firm and thus, not included in damages, nearly 91% of cash and cash equivalents that the parent company posted as of September 2021 have disappeared.1) It seems likely that the firm would retrieve a significant portion of the stolen funds as gold bars worth KRW 68.1 billion were brought back on January 25. However, given that internal controls that should have operated before the misappropriation occurred never performed their function, a thorough investigation is needed to find out whether there is gross negligence regarding the governance regime, the management and the internal auditor.
Founded in 1997, Osstem Implant has accumulated surplus steadily based on its superb brand reputation for a long period, and has achieved remarkable growth by aggressively utilizing borrowings. Sales of high-margin products targeting the Chinese market have been recently boosted, leading to significantly improved profitability and the 57.6% consolidated return on equity (ROE) for the third quarter of 2021.2) Except for Covid-19 testing kit manufacturers who are hardly expected to maintain earnings persistence after the pandemic is over, Osstem Implant has achieved outstanding performance in the healthcare sector. Moreover, it boasts of excellent earnings quality that is estimated based on discretionary accruals over the past five years (see Figure 1).3) Since its solid fundamentals have pushed up investor expectations, the recent large-scale misappropriation has dealt a huge blow to the market.
Furthermore, this incident has brought to light weaknesses in internal controls, although the revised External Audit Act has tightened audit-related regulations and the certification for the internal accounting control system has been strengthened from review to audit. Against this backdrop, it has sparked controversy over the effectiveness of the overall accounting reform.4) In 2020, Osstem Implant with a total asset worth more than KRW 500 billion was subject to the external audit for its internal accounting control system for the first time (see Figure 2). When the internal control system is designed, segregation of duties is the most fundamental aspect to consider, and the first step to the segregation is to divide and allocate responsibilities regarding records and approval of transactions and storage of relevant assets.5) Osstem Implant received the “unqualified” opinion in terms of the effectiveness in design and operation of its internal controls, implying that there was no material fault in its fund management. Nonetheless, the fact that the employee who allegedly committed accounting fraud took charge of both approving and recording fund transfers suggests that for whatever reasons, the control process might have not been executed according to the pre-determined segregation of duties. It is highly probable that a series of control activities and supervisory procedures—designed for reviewing the propriety of transactions and audit checks on book balance and actual balance—were also overridden.
In this regard, the market has expressed concerns on two fronts. First, the market casts doubt on whether the audit of internal controls could deliver reliable results. The effectiveness in auditing the internal accounting control system is being questioned. Additionally, concerns are raised about the possibility that the second major misappropriation could occur in Korea’s capital market. Second, the market wants to know whether an auditor could uncover misconduct such as another major misappropriation in early stages, especially during the “review” process of quarterly, semi-annual financial statements.
Notably, an auditor has no duty to confirm the existence of assets when reviewing quarterly, semi-annual financial statements. In a normal review process, verification of account balance through inspection, observation, inquiry, etc. is rarely required. Also, compared to auditing, such a review provides a lower level of assurance based on inquiries for the financial officer and analytic procedures.6) This means that the review process alone might not detect material misstatement.
It is noteworthy that the review of quarterly, semi-annual financial statements has been introduced to alleviate audit quality deterioration arising from overwhelming workload during the year-end audit and to decrease the occurrence of fraud by establishing a year-round, regular audit system (Jeong et al., 2018). Limitations in the review process could result in absence of an external audit of whether assets exist for about seven months from March when annual reports and audit reports are submitted until November when an interim audit is initiated (for firms with fiscal year ending in December). This necessitates strengthened regulations on the review of interim financial statements for firms that are expected to have internal control weaknesses or defects. In particular, a firm with no fund management system is susceptible to misappropriation arising from balance statement forgery. In terms of financial assets and debts in excess of material amount, whether account balance can be verified should be subject to a strict review.
Furthermore, a company-wide paradigm shift is needed for the internal accounting control system. In the analysis of 2,504 fraud cases from 125 countries, the Association of Certified Fraud Examiners (ACFE) found that firms lost no less than 5% of annual revenue to financial statement frauds and asset misappropriation (ACFE, 2020). This implies that fraud and misappropriation are not a one-time occurrence under special circumstances and should be systemically controlled on a regular basis. According to a study on the Hong Kong market, larger-scale misappropriation tends to occur more frequently in Asian countries that value trust in people. The study suggests that external audit can play a limited role in preventing accounting fraud while improved effectiveness of audit committee and internal audit, the tone at the top managerial level, and rigorous ethical guidelines would act as meaningful anti-fraud controls (Law, 2011).
In view of the foregoing, the lesson from the Osstem Implant scandal is clear: although strengthened certification of the internal accounting control system mandates the audit of the effectiveness in designing and operation of the system, internal controls are likely to end in an empty talk unless supported by the tone at the top. It may be possible to receive an unqualified opinion after demonstrating the effectiveness of internal controls through documented audit evidence. To this end, also necessary is financial supervision independent of the management and company-wide support based on the managerial-level willingness for practical operation of the system. Only then, resources spent on the establishment and certification of the internal accounting control system would be a successful investment in preventing relevant risks and promoting efficient system operation, rather than being just wasted away. In the aftermath of the misappropriation scandal, the Osstem Implant management has made voluntary efforts to enhance the effectiveness of its internal controls, which could be seen as a positive outcome of the scandal.7)
However, it is not desirable to generalize an abnormal case and raise controversy over the effectiveness of reform measures implemented by Korea’s capital market for the past three years to improve transparency in accounting. A close look at misappropriation and breach of trust cases by year from firms listed on the KOSPI and KOSDAQ markets, the frequency of occurrence of such cases has declined since the audit of the internal accounting control system was mandated in 2019 (see Figure 3). The number of fraud cases fell 15% to 79 in 2020 from 93 in 2019, and a total of 55 incidents occurred in 2021, representing a 30.4% decrease from 2020.
In Korea, an audit of the internal accounting control system phased in for firms with an asset value of more than KRW 2 trillion in 2019. Given this, the fact that KOSPI-listed firms, many of which have assets worth KRW 2 trillion or more, initially saw a drop in the number of misappropriation and breach of trust cases has significant implications for the effectiveness of audit of internal controls. In terms of the total number of misappropriation and breach of trust cases, the proportion of firms with assets of more than KRW 2 trillion has shrunk by 47% since 2019 (based on a comparison of the data compiled for three years before and following 2019). On the other hand, firms with less than KRW 500 billion in assets that were not subject to an audit of internal controls until 2021 show the opposite trend. This suggests that strengthened certification of the internal control system might have made internal controls sophisticated, thereby contributing to forestalling potential fraudulent conduct. It is also meaningful that with stricter audit measures in place, such as the increase in reasons for auditor designation by authority and the periodic auditor designation, the possibility of uncovering misappropriation and breach of trust has increased markedly.
In this respect, it is reasonable to assume that the audit of internal controls is effective in preventing any potential misconduct, although firms would bear the burden of implementation costs. In addition, considering the repercussions of the Osstem Implant scandal, it is worth considering the introduction of complementary measures to avoid another major misappropriation.
First, a motive for committing fraud should be thoroughly inhibited by delivering greater predictability of sentence for misappropriation and breach of trust. Korea’s recommended penalties for misappropriation and breach of trust have still been determined based on the 2009 enforcement proposal. Although a crime with its proceeds exceeding KRW 30 billion falls under the most severe punishment category of the type-5 recommended sentencing, the basic sentencing criteria for such a crime range from five to eight years. If the crime is committed with severe methods and causes serious damages, the offender could be subject to aggravated punishment. But even in this case, the recommended sentencing is only seven to eleven years.9) If the amount of criminal proceeds is KRW 5 billion or more, the offender would be subject to imprisonment with labor for an indefinite term or not less than five years and a fine equivalent to the proceeds amount may be imposed concurrently under the Act on the Aggravated Punishment of Specific Economic Crimes. But a listed firm’s misappropriation and breach of trust could make its stock price stumble and inflict serious damages on shareholders by undercutting the firm’s credibility. Thus, the reasonable punishment to be imposed on such misconduct needs to be reexamined (Kim & Ki, 2015).
Second, it is worth considering providing incentives for the effective establishment and operation of internal controls. This requires stipulating a provision that the management and the board of directors could be subject to alleviation of personnel-related and monetary penalties if they demonstrate a properly designed and functioning internal control system. A good example to follow is the discussion about how to improve the incentive-compatible internal control system for financial firms (Lee et al., 2022). At the same time, in the case where internal controls are incapacitated, a heavier duty should be imposed on the person responsible for the administration and operation of such controls. With this approach, incentives should be provided to encourage the supervisor to perform his or her duty based on strong willingness. If ordinary procedures required by internal accounting control regulations specified in the External Audit Act or audit standards are not carried out or implemented perfunctorily, the relevant executive or employee and auditor (audit committee member) should be liable for gross negligence.10)
Third, more monetary incentives should be provided for whistleblowing activities. Korea has increased the monetary reward limit for reporting accounting fraud to KRW 1 billion from KRW 100 million in November 2017. It has recently been decided that those who report irregularities regarding quarterly, semi-annual financial statements would be entitled to monetary reward. Against this backdrop, the number of reward payments and the average reward amount have been on the rise since 2019 (see Figure 4). However, the maximum limit of KRW 1 billion serves as an obstacle to maximizing incentives for whistleblowing activities involving a large sum of funds, which requires additional measures to supplement the current system. Since accounting fraud-related fines imposed on a firm are proportionate to the noncompliance amount in relation to accounting standards,11) monetary reward resulting from whistleblowing could be paid in proportion to the amount of fines. In the US, if fines worth $1 million or more are imposed after accounting fraud is reported, the whistleblower receives a reward equivalent to 10% to 30% of the fines. Since the introduction of reward payment, the possibility of the occurrence of accounting irregularities has been reduced by 12% to 22% (Berger & Lee, 2022).
Recently, the US has implemented a reform towards easing non-accelerated filers’ duty to conduct an audit on internal controls.12) The US authorities concluded that compliance costs for an audit of internal controls outweigh benefits since non-accelerated filers are less susceptible to misstatement due to smaller transaction volumes and their simple business structure makes it more likely to detect errors and irregularities through the external audit. In practice, many of them fail to meet formality requirements for the internal accounting control system on grounds of personnel-related issues such as lack of professional accountants and insufficient segregation of duties.
In this respect, more attention should be paid to factors behind the reform in the US. Arguing the need for such a reform, non-accelerated filers, most of which are growth companies in the biotech and technology industries, have demonstrated that they have appropriately supplemented controls regardless of formality requirements and are less likely to revise financial statements than listed firms in other sectors (Lewis & White 2019). With Osstem Implant’s major misappropriation scandal as a momentum, the importance of internal controls should be recognized while the compliance burden on firms needs to be eased to the levels not undermining accounting transparency. In addition, firms should take the initiative in establishing effective internal controls to explore long-term improvement plans.
1) As of the end of September 2021, the cash equivalents value held by Osstem Implant is estimated at KRW 206.2 billion including cash, cash equivalents, and money market instruments, which is exclusive of the FVPL-based stocks and beneficiary certificates worth KRW 86.7 billion.
2) Out of 2,176 firms excluding financial firms, only 19 posted an ROE of more than 50% over the same period.
3) A discretionary accrual is a measure of abnormal divergence between operating cash flow and net income. A smaller discretionary accrual indicates higher earnings quality. Lower levels of discretionary accruals in Osstem Implant are attributable to its business structure where it enters into a long-term supply agreement with dental clinics and receives the aggregate contract price from financial firms in advance. Upon the conclusion of the agreement, it can acquire operating cash flow early during the overall agreement term while sales on books are recognized after products are supplied and the relevant risks and rewards are transferred to clients. This structure causes Osstem Implant to achieve higher earnings quality compared to other players in the healthcare sector. As an opposite case, Celltrion Healthcare posted discretionary accruals representing the top 10% in the sector in 2020, indicating that the firm took a more aggressive approach to accounting than other healthcare firms.
4) Financial News, January 9, 2022, Unprecedented misappropriation of Osstem Implant could highlight the uselessness of the revised Act on External Audit of Stock Companies
5) See paragraph A57 in the concept of the designing and operation of the internal accounting control system.
6) See paragraph 22 of the rules for review of quarterly, semi-annual financial statements.
7) Joseilbo, January 14, 2022, “Are our internal controls functioning well?” In the wake of the Osstem Implant scandal, growing attention is being paid to the audit system
Maeil Business Newspaper, January 16, 2022, Companies shocked by the Osstem Implant scandal rush to seek accounting firms’ advice
8) Based only on initial allegations of fraud, the number of fraud cases and the proportion by firm are shown in the figure below.
9) See the Sentencing Commission’s sentencing guidelines for embezzlement and breach of trust (https://www.scourt.go.kr/sc/krsc/criterion/criterion_05/embezzlement_01.jsp).
10) See the criteria for determining measures regarding inspection and regulatory review results under the enforcement rules of the regulation on external audit and accounting, etc. (Ⅲ.2.A.2)).
11) The maximum fines could be determined as up to 20% of the noncompliance amount in relation to accounting standards, depending on materiality of illegal acts (see the criteria for imposing fines under the regulation on external audit and accounting, etc.).
12) Companies with less than $75 million public float were formerly defined as non-accelerated filers and were exempted from the duty of an audit over the internal accounting control system. But the standards for non-accelerated filers have been relaxed, thereby extending the exemption from compliance to companies with less than $250 million public float. Companies with less than $100 million in annual revenue and a public float of less than $700 million are also entitled to the exemption.
References
ACFE, 2020 Report to the Nations,
https://acfepublic.s3-us-west-2.amazonaws.com/2020-Report-to-the-Nations.pdf
Berger, P. G., & Lee, H., 2022, Did the Dodd-Frank Whistleblower Provision Deter Accounting Fraud? Journal of Accounting Research, forthcoming
Dechow, P., Ge, W., & Schrand, C., 2010, Understanding earnings quality: A review of the proxies, their determinants and their consequences. Journal of Accounting and Economics 50(2–3), 344–401.
Kothari, S. P., Leone, A. J., & Wasley, C. E., 2005, Performance matched discretionary accrual measures. Journal of Accounting and Economics 39(1), 163–197.
Law, P., 2011, Corporate governance and no fraud occurrence in organizations: Hong Kong evidence. Managerial Auditing Journal 26(6), 501–518.
Lewis, C., & White, J. T., 2019, Science or Compliance: Will Section 404(b) Compliance Impede Innovation by Emerging Growth Companies in the Biotech Industry?
SEC, 2021 Annual Report to Congress, Whistleblower Program, https://www.sec.gov/files/owb-2021-annual-report.pdf
(Korean)
Financial Services Commission, February 8, 2021, “The FSC is encouraging the use of the monetary reward payment system for accounting fraud reporting that makes a great contribution to the detection of accounting irregularities.”
Financial Services Commission, July 12, 2021, “The FSC has devised the ‘roadmap for regulatory review on the internal accounting control system’ to establish the audit and regulatory review on the internal accounting control system.”
Kim, H.J. & Ki, G.D., 2015, Compliance with sentencing guidelines for misappropriation and breach of trust and relevant improvement measures, Korean Criminological Review 26(1), 55-84.
Lee, H.S., Lee, S.H. and Ahn, S.H., 2022, Status of the internal control system adopted by major countries and directions for improving Korea’s internal control system, KCMI Research Paper 20-01.
Jeong J.Y., Ki. E.S. and Shim, J.Y., 2018, Have the review of quarterly and semi-annual financial statements contributed to the establishment of the regular audit system?, Study on Accounting, Taxation & Auditing 60(1), 1-27.
- Article 8 of the Act on External Audit of Stock Companies (hereinafter referred to as the “External Audit Act”) -
Legal liabilities related to the internal accounting control system prescribed by the External Audit Act are not limited to designing of the formal framework. They also require the management to execute practical control and operation activities and make rigorous administration efforts to ensure reliability of accounting information. There are inherent limitations as external auditing alone is not sufficient to uncover all errors or illegalities and hardly can provide absolute assurance for information users. To overcome such shortcomings, the internal accounting control system is put into place and executives responsible for preparing financial statements are legally obligated to improve the completeness of accounting information in the overall financial reporting process. In an environment controlled by a properly designed and functioning system, it is possible to reasonably prevent any wrongdoing regardless of whether the act is the result of intention or negligence.
On January 3, 2022, the KOSDAQ-listed firm, Osstem Implant disclosed that an employee responsible for fund management was under the suspicion of embezzling KRW 188 billion from the firm. This incident could or should not have occurred if the internal accounting control system had been built, administered, and operated properly. After the initial announcement of the incident, an additional allegation has surfaced, resulting in the total misappropriation amount of KRW 221.5 billion. Although the extra embezzlement worth KRW 33.5 billion has already been returned to the firm and thus, not included in damages, nearly 91% of cash and cash equivalents that the parent company posted as of September 2021 have disappeared.1) It seems likely that the firm would retrieve a significant portion of the stolen funds as gold bars worth KRW 68.1 billion were brought back on January 25. However, given that internal controls that should have operated before the misappropriation occurred never performed their function, a thorough investigation is needed to find out whether there is gross negligence regarding the governance regime, the management and the internal auditor.
Founded in 1997, Osstem Implant has accumulated surplus steadily based on its superb brand reputation for a long period, and has achieved remarkable growth by aggressively utilizing borrowings. Sales of high-margin products targeting the Chinese market have been recently boosted, leading to significantly improved profitability and the 57.6% consolidated return on equity (ROE) for the third quarter of 2021.2) Except for Covid-19 testing kit manufacturers who are hardly expected to maintain earnings persistence after the pandemic is over, Osstem Implant has achieved outstanding performance in the healthcare sector. Moreover, it boasts of excellent earnings quality that is estimated based on discretionary accruals over the past five years (see Figure 1).3) Since its solid fundamentals have pushed up investor expectations, the recent large-scale misappropriation has dealt a huge blow to the market.
Notably, an auditor has no duty to confirm the existence of assets when reviewing quarterly, semi-annual financial statements. In a normal review process, verification of account balance through inspection, observation, inquiry, etc. is rarely required. Also, compared to auditing, such a review provides a lower level of assurance based on inquiries for the financial officer and analytic procedures.6) This means that the review process alone might not detect material misstatement.
It is noteworthy that the review of quarterly, semi-annual financial statements has been introduced to alleviate audit quality deterioration arising from overwhelming workload during the year-end audit and to decrease the occurrence of fraud by establishing a year-round, regular audit system (Jeong et al., 2018). Limitations in the review process could result in absence of an external audit of whether assets exist for about seven months from March when annual reports and audit reports are submitted until November when an interim audit is initiated (for firms with fiscal year ending in December). This necessitates strengthened regulations on the review of interim financial statements for firms that are expected to have internal control weaknesses or defects. In particular, a firm with no fund management system is susceptible to misappropriation arising from balance statement forgery. In terms of financial assets and debts in excess of material amount, whether account balance can be verified should be subject to a strict review.
Furthermore, a company-wide paradigm shift is needed for the internal accounting control system. In the analysis of 2,504 fraud cases from 125 countries, the Association of Certified Fraud Examiners (ACFE) found that firms lost no less than 5% of annual revenue to financial statement frauds and asset misappropriation (ACFE, 2020). This implies that fraud and misappropriation are not a one-time occurrence under special circumstances and should be systemically controlled on a regular basis. According to a study on the Hong Kong market, larger-scale misappropriation tends to occur more frequently in Asian countries that value trust in people. The study suggests that external audit can play a limited role in preventing accounting fraud while improved effectiveness of audit committee and internal audit, the tone at the top managerial level, and rigorous ethical guidelines would act as meaningful anti-fraud controls (Law, 2011).
In view of the foregoing, the lesson from the Osstem Implant scandal is clear: although strengthened certification of the internal accounting control system mandates the audit of the effectiveness in designing and operation of the system, internal controls are likely to end in an empty talk unless supported by the tone at the top. It may be possible to receive an unqualified opinion after demonstrating the effectiveness of internal controls through documented audit evidence. To this end, also necessary is financial supervision independent of the management and company-wide support based on the managerial-level willingness for practical operation of the system. Only then, resources spent on the establishment and certification of the internal accounting control system would be a successful investment in preventing relevant risks and promoting efficient system operation, rather than being just wasted away. In the aftermath of the misappropriation scandal, the Osstem Implant management has made voluntary efforts to enhance the effectiveness of its internal controls, which could be seen as a positive outcome of the scandal.7)
However, it is not desirable to generalize an abnormal case and raise controversy over the effectiveness of reform measures implemented by Korea’s capital market for the past three years to improve transparency in accounting. A close look at misappropriation and breach of trust cases by year from firms listed on the KOSPI and KOSDAQ markets, the frequency of occurrence of such cases has declined since the audit of the internal accounting control system was mandated in 2019 (see Figure 3). The number of fraud cases fell 15% to 79 in 2020 from 93 in 2019, and a total of 55 incidents occurred in 2021, representing a 30.4% decrease from 2020.
In this respect, it is reasonable to assume that the audit of internal controls is effective in preventing any potential misconduct, although firms would bear the burden of implementation costs. In addition, considering the repercussions of the Osstem Implant scandal, it is worth considering the introduction of complementary measures to avoid another major misappropriation.
First, a motive for committing fraud should be thoroughly inhibited by delivering greater predictability of sentence for misappropriation and breach of trust. Korea’s recommended penalties for misappropriation and breach of trust have still been determined based on the 2009 enforcement proposal. Although a crime with its proceeds exceeding KRW 30 billion falls under the most severe punishment category of the type-5 recommended sentencing, the basic sentencing criteria for such a crime range from five to eight years. If the crime is committed with severe methods and causes serious damages, the offender could be subject to aggravated punishment. But even in this case, the recommended sentencing is only seven to eleven years.9) If the amount of criminal proceeds is KRW 5 billion or more, the offender would be subject to imprisonment with labor for an indefinite term or not less than five years and a fine equivalent to the proceeds amount may be imposed concurrently under the Act on the Aggravated Punishment of Specific Economic Crimes. But a listed firm’s misappropriation and breach of trust could make its stock price stumble and inflict serious damages on shareholders by undercutting the firm’s credibility. Thus, the reasonable punishment to be imposed on such misconduct needs to be reexamined (Kim & Ki, 2015).
Second, it is worth considering providing incentives for the effective establishment and operation of internal controls. This requires stipulating a provision that the management and the board of directors could be subject to alleviation of personnel-related and monetary penalties if they demonstrate a properly designed and functioning internal control system. A good example to follow is the discussion about how to improve the incentive-compatible internal control system for financial firms (Lee et al., 2022). At the same time, in the case where internal controls are incapacitated, a heavier duty should be imposed on the person responsible for the administration and operation of such controls. With this approach, incentives should be provided to encourage the supervisor to perform his or her duty based on strong willingness. If ordinary procedures required by internal accounting control regulations specified in the External Audit Act or audit standards are not carried out or implemented perfunctorily, the relevant executive or employee and auditor (audit committee member) should be liable for gross negligence.10)
Third, more monetary incentives should be provided for whistleblowing activities. Korea has increased the monetary reward limit for reporting accounting fraud to KRW 1 billion from KRW 100 million in November 2017. It has recently been decided that those who report irregularities regarding quarterly, semi-annual financial statements would be entitled to monetary reward. Against this backdrop, the number of reward payments and the average reward amount have been on the rise since 2019 (see Figure 4). However, the maximum limit of KRW 1 billion serves as an obstacle to maximizing incentives for whistleblowing activities involving a large sum of funds, which requires additional measures to supplement the current system. Since accounting fraud-related fines imposed on a firm are proportionate to the noncompliance amount in relation to accounting standards,11) monetary reward resulting from whistleblowing could be paid in proportion to the amount of fines. In the US, if fines worth $1 million or more are imposed after accounting fraud is reported, the whistleblower receives a reward equivalent to 10% to 30% of the fines. Since the introduction of reward payment, the possibility of the occurrence of accounting irregularities has been reduced by 12% to 22% (Berger & Lee, 2022).
In this respect, more attention should be paid to factors behind the reform in the US. Arguing the need for such a reform, non-accelerated filers, most of which are growth companies in the biotech and technology industries, have demonstrated that they have appropriately supplemented controls regardless of formality requirements and are less likely to revise financial statements than listed firms in other sectors (Lewis & White 2019). With Osstem Implant’s major misappropriation scandal as a momentum, the importance of internal controls should be recognized while the compliance burden on firms needs to be eased to the levels not undermining accounting transparency. In addition, firms should take the initiative in establishing effective internal controls to explore long-term improvement plans.
1) As of the end of September 2021, the cash equivalents value held by Osstem Implant is estimated at KRW 206.2 billion including cash, cash equivalents, and money market instruments, which is exclusive of the FVPL-based stocks and beneficiary certificates worth KRW 86.7 billion.
2) Out of 2,176 firms excluding financial firms, only 19 posted an ROE of more than 50% over the same period.
3) A discretionary accrual is a measure of abnormal divergence between operating cash flow and net income. A smaller discretionary accrual indicates higher earnings quality. Lower levels of discretionary accruals in Osstem Implant are attributable to its business structure where it enters into a long-term supply agreement with dental clinics and receives the aggregate contract price from financial firms in advance. Upon the conclusion of the agreement, it can acquire operating cash flow early during the overall agreement term while sales on books are recognized after products are supplied and the relevant risks and rewards are transferred to clients. This structure causes Osstem Implant to achieve higher earnings quality compared to other players in the healthcare sector. As an opposite case, Celltrion Healthcare posted discretionary accruals representing the top 10% in the sector in 2020, indicating that the firm took a more aggressive approach to accounting than other healthcare firms.
4) Financial News, January 9, 2022, Unprecedented misappropriation of Osstem Implant could highlight the uselessness of the revised Act on External Audit of Stock Companies
5) See paragraph A57 in the concept of the designing and operation of the internal accounting control system.
6) See paragraph 22 of the rules for review of quarterly, semi-annual financial statements.
7) Joseilbo, January 14, 2022, “Are our internal controls functioning well?” In the wake of the Osstem Implant scandal, growing attention is being paid to the audit system
Maeil Business Newspaper, January 16, 2022, Companies shocked by the Osstem Implant scandal rush to seek accounting firms’ advice
8) Based only on initial allegations of fraud, the number of fraud cases and the proportion by firm are shown in the figure below.
10) See the criteria for determining measures regarding inspection and regulatory review results under the enforcement rules of the regulation on external audit and accounting, etc. (Ⅲ.2.A.2)).
11) The maximum fines could be determined as up to 20% of the noncompliance amount in relation to accounting standards, depending on materiality of illegal acts (see the criteria for imposing fines under the regulation on external audit and accounting, etc.).
12) Companies with less than $75 million public float were formerly defined as non-accelerated filers and were exempted from the duty of an audit over the internal accounting control system. But the standards for non-accelerated filers have been relaxed, thereby extending the exemption from compliance to companies with less than $250 million public float. Companies with less than $100 million in annual revenue and a public float of less than $700 million are also entitled to the exemption.
References
ACFE, 2020 Report to the Nations,
https://acfepublic.s3-us-west-2.amazonaws.com/2020-Report-to-the-Nations.pdf
Berger, P. G., & Lee, H., 2022, Did the Dodd-Frank Whistleblower Provision Deter Accounting Fraud? Journal of Accounting Research, forthcoming
Dechow, P., Ge, W., & Schrand, C., 2010, Understanding earnings quality: A review of the proxies, their determinants and their consequences. Journal of Accounting and Economics 50(2–3), 344–401.
Kothari, S. P., Leone, A. J., & Wasley, C. E., 2005, Performance matched discretionary accrual measures. Journal of Accounting and Economics 39(1), 163–197.
Law, P., 2011, Corporate governance and no fraud occurrence in organizations: Hong Kong evidence. Managerial Auditing Journal 26(6), 501–518.
Lewis, C., & White, J. T., 2019, Science or Compliance: Will Section 404(b) Compliance Impede Innovation by Emerging Growth Companies in the Biotech Industry?
SEC, 2021 Annual Report to Congress, Whistleblower Program, https://www.sec.gov/files/owb-2021-annual-report.pdf
(Korean)
Financial Services Commission, February 8, 2021, “The FSC is encouraging the use of the monetary reward payment system for accounting fraud reporting that makes a great contribution to the detection of accounting irregularities.”
Financial Services Commission, July 12, 2021, “The FSC has devised the ‘roadmap for regulatory review on the internal accounting control system’ to establish the audit and regulatory review on the internal accounting control system.”
Kim, H.J. & Ki, G.D., 2015, Compliance with sentencing guidelines for misappropriation and breach of trust and relevant improvement measures, Korean Criminological Review 26(1), 55-84.
Lee, H.S., Lee, S.H. and Ahn, S.H., 2022, Status of the internal control system adopted by major countries and directions for improving Korea’s internal control system, KCMI Research Paper 20-01.
Jeong J.Y., Ki. E.S. and Shim, J.Y., 2018, Have the review of quarterly and semi-annual financial statements contributed to the establishment of the regular audit system?, Study on Accounting, Taxation & Auditing 60(1), 1-27.