Lessons of the HealthSouth Fraud: An Insider's View
2013; American Accounting Association; Volume: 28; Issue: 4 Linguagem: Inglês
10.2308/iace-50542
ISSN1558-7983
Autores Tópico(s)Securities Regulation and Market Practices
ResumoThe night was December 6, 2005. I could not go to sleep. As I tossed and turned, my entire life replayed in my mind. How did I get to where I was? I went all the way back to my childhood. I was raised in a middle-income home with an older brother and sister and two loving parents. We were far from rich, but had what we needed. I was a normal kid. I loved riding my bike and being with friends. I never got into any real trouble. My thoughts on December 6 moved forward to college. I made good grades and was extremely involved in extracurricular activities. Lying in bed, my thoughts drifted forward. When I graduated from college, I had a job waiting at Ernst & Young. I passed the CPA exam, and for the next five years served as an auditor and specialized in the healthcare industry. I was surrounded by a lot of smart, hardworking people. As is so common with staff within CPA firms, with five years' experience, my phone began ringing with various job offers. Then one day, a former colleague called and wanted to have lunch. An opportunity had opened at a small startup company named HealthSouth Rehabilitation Corporation. The next day, I interviewed with HealthSouth's CEO and Founder, Richard Scrushy. He was extremely engaging and had a strong vision for the growth of the company. He also talked a lot about making money. I believed it was a great opportunity and accepted the position. The years rolled by and the company became enormously successful. During those years, HealthSouth grew from a dozen locations to over two thousand, located in all 50 states and five countries. I had risen from a middle-management position to become the company's CFO. With a large salary, bonuses, and stock options, I had become financially successful. From the outside looking in, it was a dream come true.But why was I thinking about all of this on December 6? Let me tell you where I was. I was not at home in my comfortable bed that night. I was on the top rack of a bunk bed in a federal prison camp, looking at spending the next two years of my life there. All because I had become involved in a $3 billion accounting fraud at HealthSouth.Never in a million years would I have imagined being in prison. After all, I had always done all the "right things." How on earth had I become a convicted felon? Simple. I crossed the line. In business and in our personal lives, we are constantly faced with situations of crossing the line. I am not writing about $3 billion frauds, I am talking about everyday life—the small temptations to cross the line are always there. Therein lies the danger. Facing a new line will create trepidation, but may be answered with the simple rationalizations, "It's not that big of a deal," "Everyone does it," "It is just this one time," "I want to get along," "I want to be a team player." The rationalizations may not be clearly defined, but they are there.The biggest problem in crossing a line the first time is that it is so much easier to go back again, or a third, or fourth time. It is like a chalk line on a field. The first time someone crosses it, they are careful not to drag their foot. They go across and then carefully step back to safety. The second time, they may not be as careful and their toe may drag across the chalk. The third time, it may be worse. That is where I put myself. And over time, I wound up in right field, with no line in sight, wondering how or why I had ever taken that path to begin with.Let me be perfectly clear. I am guilty of being involved in a massive fraud. I make no excuses for my poor decisions and choices. I do not blame anyone else for what I did, or for the consequences of my actions. I am so sorry to the victims of this fraud, from people whose jobs were lost to investors, and to the families of those who were impacted. My actions were reckless and greedy. I can never right those wrongs, but hopefully I can make this debacle a learning experience for others.What are the critical lessons?How does a $3 billion accounting fraud occur? How does it start? Why does it start? I promise you that I did not just walk into the office one day and say "Hey, let's commit securities fraud; imagine the fun we will have lying to the SEC." I would argue that there are two key elements to most corporate frauds:At HealthSouth, the fraud began with small numbers and rationalizations. HealthSouth was a public company with Wall Street expectations. The first time that I can recall the company cooking the books was over a shortfall of only $40,000 from earnings per share (EPS) expectations (what I will refer to hereafter as "The Number"). For most public companies, this is nothing more than a rounding amount. Yet for us, at the time, it was the difference between satisfying or disappointing Wall Street. HealthSouth's CEO, Richard Scrushy, had no tolerance whatsoever for disappointing the Street. His comments were "We are a startup company. We cannot let the Street down. They believe in us. We will catch it up next quarter." So the rationalizations began. I did not even work in the accounting department at the time, but worked in a financial area where the work product was heavily relied upon in the preparation of the financial statements. I let the rationalizations affect my work. Adjustments were made to accounts receivable reserves to make up the shortfall. Was this fraudulent in itself? Maybe, maybe not. Reserves are not black and white. Just like various judgment areas inherent to financial statements of any company in the world, these numbers were estimates. However, whether these entries would be considered fraudulent or not, they set in motion a very dangerous precedent. The company began to "manage" its earnings to meet Wall Street expectations. Yet, even more dangerous for me was the fact that I had rationalized why it was okay to begin playing this game. This was the first step over the chalk line.The early rationalizations were "it is temporary" and "we will catch it up next quarter." Yet, we did not catch it up. The company grew and, accordingly, The Number grew. The variance between The Number and our actual earnings grew, as well. Worse yet, my own rationalizations grew. Over the years, we acquired dozens of other companies that ranged in size from less than $1 million to over $1 billion. As part of the acquisition work, we conducted due diligence on these companies. The number of companies who were cooking their own books was staggering. Since we were playing with our own numbers, we were somewhat capable of finding others' games. In internal discussions on the deals, we would frequently discuss "what their game" was. Despite whatever we found, 95 percent of the time we would make the acquisition. Scrushy said many times, "I do not care what you find. If we do not do the deal, someone else will, and then we will have to compete against them." More than once, we were pulled off of due diligence, despite adverse findings, because Scrushy wanted to hurry up and close the deal. As far as our own fraud was concerned, the darker rationalization I developed through acquisitions was that "everyone does it." Indeed, it did seem that "everyone did it," and by my estimate, over 75 percent of the companies that we acquired had accounting games of their own. With only one exception, the scale of the other companies' tricks was not as material to their statements as ours, but in hindsight, it was a disturbing testament to the way business was being run. Some of these companies were engaging in "aggressive" accounting versus fraudulent accounting. But is there really a difference? Our fraud began as aggressive accounting. Businesses can operate aggressively, yet ethically. But is it the job of the accounting department to operate aggressively? Is not it our profession to be the gatekeeper? Whether one calls it aggressive accounting, bad accounting, or fraud, the differences are too fine a line for us to encroach. And the effects can be equally damaging.In my 16 years with HealthSouth, we only walked away from one large acquisition due to their accounting improprieties. It was a national company whose revenue was drawn from membership revenue. To cover up their revenue shortfalls, they consumed their deferred revenue into member revenue like a drunken sailor. In later years, the ruse was uncovered by the Securities and Exchange Commission (SEC), resulting in multi-million dollar penalties (but no criminal convictions).What were the other rationalizations? We frequently talk about the selfishness and greed of fraudsters. Yes, I was selfish and greedy. I understood, from a financial point of view, the rewards that would come along from being part of a "successful" company. I understood very well the relationship between meeting The Number and bonuses and the value of stock options. I kept an Excel spreadsheet with the details of my stock options, and I knew at the close of every day what my paper worth was. Had greed become a motivating factor in my life? Yes. However, another rationalization developed that we do not read about very often. It is called the fear of getting caught. Over the years, the fraud grew from a $40,000 shortfall to tens of millions of dollars every quarter. The greed and rationalizations were all there, as the variance grew between The Number and our actual earnings. Quarter after quarter, we continued to cook the books, thinking and working toward bridging the earnings gap. For over ten years, Richard Scrushy proudly proclaimed the number of quarters that we had met or exceeded Wall Street expectations. It is easy to say that we put a lot of time into the fraud, but many times more hours were spent trying to figure out how to get out of the hole that we had dug ourselves into—how to fix the operations of the company. But what would happen if we walked into the office one day and decided that we would report actual earnings? We would go to jail. Simply put, we began operating out of fear. The fear of getting caught. Ending the fraud would expose the very fraud that we were hiding. All types of rationalizations were used to create the fraud, but the fear of getting caught would keep it going for several more years. Can I put a timeline on when I went from rationalization to fear? No. My mistake was getting on the slippery slope to begin with.Recently, I was on The Crash Davis Show on KLAB in Omaha, Nebraska. I walked Mr. Davis from the beginning of the fraud through the years, with the line between The Number and actual earnings resembling a ski jump. A ski jump off of a cliff. He finally said, "Weston, when the number got so big … is that when the real greed started?" I had never been asked that question before. No. The greed began at $40,000, not $40 million or $400 million. The greed began when the numbers were small, and it was our own idiotic rationalizations that led us to believe that it was okay to cross the line. The latter years were absolute fear and reckless living. Living a lie can shatter a life, and that is exactly where I had let this debacle lead me.What exactly was the HealthSouth fraud? When did it begin? How was detection by the auditors avoided? Contrary to government and media reports, the fraud did not begin in 1996. That date was only used because of the application of the statute of limitations in the subsequent criminal trial of Richard Scrushy. I saw the early stages of fraud within weeks of my employment in 1987. Was I personally making entries? No. But I was one of the guys; my fingerprints were not on anything; after all, it was temporary—right? I wanted the company, and Weston Smith, to be successful; I was going to be a team player.I describe the accounting fraud at HealthSouth in four stages:It is important to note that the first three stages above stem from proper accounting principles. The use of accounts receivable reserves, capitalizations, accounting for acquisitions, mergers, and their accompanying charges are all normal business activities with their own sets of rules. Rabbits being pulled out of hats should stay at the circus. The takeaway is that legitimate accounting policies were abused to perpetuate the fraud.Companies frequently disclose "one-time charges." These are intended to be non-recurring in nature and be separate from normal ongoing business operations. HealthSouth had frequent one-time charges, and the basis for these was typically valid. For example, with any merger, there are costs of the deal itself, frequent costs of terminating duplicative services, or lease termination costs for the scuttling of unneeded locations. These are all legitimate "one-time charges." Typically, analysts and investors look at the EPS of the company before these charges, as it is a fairer presentation of results from ongoing operations. In the HealthSouth fraud, the balance sheet—the recipient of fictitious debits—became grossly overstated. The "one-time charges" were used as a way to clean up the balance sheet. Otherwise legitimate one-time charges were used as cover to write off the accumulated fraudulent entries residing on the balance sheet. For example, bogus fixed assets could be written off via impairment charges of other legitimate activities.Many of the mechanics of the fraud involved an explosion of entries from Excel to the PeopleSoft accounting system. At the end of each quarter, we would run a consolidated income statement, from which we saw the earnings shortfall, referred to as "The Hole." We would then make decisions of which operating divisions, and which lines on the income statement, to which fraudulent earnings would be posted. Fraudulent entries were referred to as "Dirt." Much is made in auditing classes of analytical reviews. Auditors are taught to look for trends or unusual changes. We knew that, so as a result, we would run all types of analytical reviews on ourselves to determine where we could "safely" book bogus earnings. We would then isolate about two dozen numbers—the major categories on the income statement to which fraudulent entries would be made, and by operating division. These two dozen numbers were then put into an Excel spreadsheet, and then exploded out into tens of thousands of journal entries to over 1,500 facilities' general ledgers. The entries themselves were kept below $5,000 to avoid detection by the auditors. The debits would be posted into a Suspense account. As strange as it sounds, that is when the majority of the work began—figuring out where to reclassify the Suspense account throughout the balance sheet. This was not a simple exercise committed by just a few folks. It required the involvement of many people, both inside and outside of the accounting department. Although many people did not have their fingerprints on journal entries, they were responsible for determining what they could or could not get past the auditors and then skating their areas of responsibility past them. Similar to the income statement analytical review, these procedures were then used on the balance sheet to avoid audit red flags. At the end of this repeated exercise, over 126,000 fraudulent journal entries were posted quarterly, via the Excel-to-PeopleSoft interface. Since we were always looking for debits on the balance sheet, we also began resorting to leaving things on the balance sheet that should have been removed—they represented dirt. Imagine this: we sold a $30 million Gulfstream jet in a sale-leaseback transaction. It was properly accounted for as a capitalized lease. However, the original fixed asset was not removed from the books. We had two jets for the price of one. Too bad we did not have a frequent-flier program; we could have offered double miles.A fraud of this magnitude does not operate in a vacuum. Over the years, dozens of people were actively involved in the fraud, provided support at various levels, or simply looked the other way. How could so many people become involved? In my opinion, the "tone at the top" led to such a corrupt corporate culture that many participants in the fraud became involved because they were aware of the correlation between cooperation and promotion. At HealthSouth, participating in the fraud meant being financially rewarded. Others simply wanted to be "team players," and what may have seemed like small transgressions during the beginning of their involvement grew exponentially over time. For others, their involvement was restricted to meeting Wall Street expectations by "helping out" in their own areas of financial responsibility. They did not make journal entries or have direct responsibility for financial statement preparation, yet their work product was deliberately designed for the company to meet its illegal financial objectives. Although these participants were not even in the accounting department of the company, nor preparing financial statements, they were co-conspirators in the financial statement fraud. More than once, these folks asked for assurance that Scrushy knew of their involvement in the fraud. Scrushy was the man who would set their salary, bonuses, and stock option grants. Others, further removed from the fraud, who did not have active or passive involvement in the fraud, but knew enough to look the other way, enjoyed the benefits of the fraud. Many of these folks enjoyed year-end bonuses because their facilities "met or exceeded" their budgets. If managers' bonuses were based on meeting their budget targets, then the bonuses would be paid, whether the budget was met via realistic or fraudulent methods. I remember a budget meeting in which managers described how it would be difficult to make the next year's projections unless their facilities received the financial statement "gifts" that they had enjoyed in the current year. Everyone in the room knew what the word "gift" meant. It was a nice word for fraud.Of course, not everyone who became aware of the fraud became involved or looked the other way. A very strong, bright accountant took her concerns to the corporate compliance department. She was met with silence and no substantive follow-up. At the time, the corporate compliance department reported directly to Scrushy. Her outspokenness resulted in her being transferred to a dead-end job outside of the accounting department. There were others who quietly left the company. Why did they not expose the fraud? I do not know. I think in most situations, they were satisfied to get away from the fraud, and did not want to go against a powerful former CEO.The years rolled by and the lies and pretentious living took its toll. The CEO, Richard Scrushy, clearly set the tone for the company. In the office, he was a bully, resorting to whatever tactic it took to get his way, while pouring millions of HealthSouth dollars into attempts at polishing a fine personal image. He is the only person I have ever encountered whose eyes would turn black when angry. Publicly, he relished being referred to as a "Rock'n'Roll CEO." In the early days, he started a little band made up of HealthSouth employees named Proxy. They played at all of the company events, as well as at bars and other gatherings, from Wal-Mart parking lots to Scrushy's own nightclub. He simply loved being in the spotlight at all times. In later years, he formed a country band called Dallas County Line. They traveled in style on one of the company's jets, and went so far as to tour in Australia following a ribbon-cutting at a new HealthSouth hospital.Scrushy also began pouring millions of HealthSouth dollars into putting his name on buildings, campuses, sports fields—even a road named Richard M. Scrushy Parkway. His need to be ostentatious was enough to make Donald Trump blush.The entrance to the CFO's office became a revolving door, and in 2001, I became the company's fourth CFO. Please do not ask if I was that smart or that stupid to become CFO. I might not like the answer. Who else could become CFO other than an insider? If we had brought in a talented CFO from the outside, he or she would have discovered the fraud within 30 seconds. I was a "team player." Scrushy's sales pitch to me was that we would "fix this thing," and eventually we could start reporting accurate numbers. Despite the knowledge of the underlying fraud, I bought into the sales pitch, and believed that the gap between Wall Street expectations and our actual performance could be bridged. Of course, I was also selfish. Scrushy's promises of rewards for repairing the company were enormous.In early 2002, the Sarbanes-Oxley Act (SOX) was passed. It came out as a response to the wave of corporate accounting frauds that had come to light, including Enron and WorldCom. The new law required public companies' CEOs and CFOs to sign a statement ensuring the veracity of their company's financial statements (Sections 302 and 404 certification requirements). This was a new chalk line, and I did not want to cross it. I remember President Bush pointing into a camera lens and telling us it was a new day in the fight against corporate fraud. I felt like any second, he was going to reach through the television and grab my head.When SOX was passed, there was criticism of its certification requirements, which may be summarized as, "Certification provided by honest managers is unnecessary, and dishonest managers will not hesitate to certify false statements any more than they hesitate to issue false financial statements in the first place." My views would seem contrary to that opinion. To me, the certification requirements meant that the regulatory environment was making real, substantive changes. Up to that point, my own greed and poor rationalizations led to my involvement in a fraud, but SOX represented a sea change in enforcement of the very laws that I had routinely broken time and again. Did it change my risk assessment of the consequences of fraud? Absolutely. The threats of 20 years in prison, asset forfeiture, and the very activities that I was entangled in being the topic of front page news were very sobering. Within HealthSouth, in the months leading up to the signing date of SOX, I strongly resisted signing. In fact, on August 1, two weeks before SOX was due, I resigned and walked out of the office. I was talked into coming back to the office the next day for a one-on-one with Scrushy. The meeting was a blend of all of Scrushy's personalities—the salesman and conciliator, yet, also, the bully and tough guy—all wrapped up in one. We both understood the gravity of the situation, and that if I did not sign SOX, the house of cards would collapse. I no longer cared and was ready to accept the consequences of my poor decisions. Scrushy, on the other hand, was not, and beyond personal threats told me to think about the other people who would be harmed. "Think about Angela … she just had a baby … who's going to raise that child when her mother goes to jail?" My head was spinning like a top. After much discussion, he made me an offer. The surgery center division was the one clean division of the company. Since the facilities of the division had partnerships, it was not possible to place any of the fraud on their books. Scrushy's offer was simply this: Sign SOX. We would then spin off the surgery center division into a new company where I would be reassigned as CFO. At the remaining company, we would find "some excuse" to drive down The Number, and we would begin reporting reality. Further, I would no longer have to lie to the auditors or sign anything that was not accurate. I caved. Once again, I caved.Two weeks after SOX was signed, we issued a bogus press release that announced the split of the company. It also revealed an earnings downturn due to a new Medicare rule. I had previously calculated the effect of the rule to decrease earnings by $25 million. The press release claimed a $175 million effect. It was a bold-faced lie, this time intended to bridge the gap between The Number and reality.Our investors and analysts were outraged by the news, and many were skeptical of the Medicare rule. Investors lost billions. Of particular interest was the fact that Scrushy had unloaded nearly $100 million in stock options in the months leading up to the earnings release. Did he know about the Medicare rule before selling his stock? Of course he did. I had told him.More months dragged by. We were named in dozens of lawsuits. Questions persisted over insider trading by Scrushy. Our names were mud, and deservedly so. Richard could no longer tolerate the low stock price or, more so, the stain on his reputation. The split of the company was aborted. And then Richard began to distance HealthSouth from the Medicare rule, saying that perhaps it did not apply at all. Translation? The fraud was to start back anew. Internally, he once again turned up the heat to publish numbers that were not real. I simply had enough. I was not going to sit back and watch the fraud repeat itself.In probably the first right thing that I had done in years, I decided to come forward and reveal the fraud. With consideration for my personal welfare, the FBI insisted that we have our first meeting in a hotel room attached to the Galleria Mall in Birmingham, Alabama. I was told to make a "serpentine" route through the mall, to ensure that I was not being followed by any of Scrushy's gun-toting goons. After reaching room 405 of the Wynfrey Hotel, as instructed, I knocked on the door and asked for the former Atlanta Braves pitcher Tom Glavine. Over the next three hours, I laid out the fraud. I did not have a deal for immunity. I knew I was in trouble. This was to be the first prosecution of SOX. I left the hotel late that night, very afraid of what the future held. But at the same time, I had a greater feeling. The feeling of finally doing the right thing. The feeling of finally ending the lies. Scrushy set the tone and expectations for what took place at HealthSouth, but I do not blame him. I made my own bad choices and bad decisions.So what have I learned? Has my view on the importance of ethics changed, and how has it changed based on my own experiences? What should students know to prepare themselves for ethical issues they will face? What are educators' roles in preparing students for the types of experiences I went through?In the past few years, I have spoken across the country to thousands of students. I have also spoken to thousands of business professionals. In all that time, I have not had a single student come up to me and say, "My career plan is to graduate with honors, get my CPA license, become a corporate executive, and commit a massive fraud." I am doing a lot of listening, but I do not think I have heard that yet. What I have heard, from professional groups, over coffee or lunch, is this: "Let me tell you about this situation…" When are we going to get it? When are we going to develop a business culture that says "No!"?Naturally, my view on the importance of ethics in the profession has changed. Many people get it and do not have to learn the hard way of the consequences of unethical, perhaps illegal, behavior. But why did it take a life-changing event for me? I knew the difference between right and wrong, yet I did not stand by those principles when it meant the most. This may sound self-serving, but smart people do make stupid decisions. We need to teach that fraud is not just something that the conniving, predisposed Bernie Madoffs of the world commit. The Fraud Triangle—Incentive, Rationalization, and Opportunity—is learned by students as something that the other guy, the fraudster, would break. Incentive is taught as someone who has a financial need; rationalization is taught as someone who convinces him- or herself why it's okay to cheat or steal. These are positive reinforcements, which students may simply look at and say, "I would never do that." But what about the negative reinforcements that cause people to break the fraud triangle? The incentive of peer pressure, or "If I do not go along, they will find someone who will." It is simple to teach and understand the frequent rationalization of "I deserve this" or "I am not paid what I am worth." But how many students understand the rationalization that they may feel the need to be unethical to be competitive? These are not positive reinforcements understood under the Fraud Triangle. They are negative realities that students must be prepared for.Can ethics be taught? Absolutely. There will always be the Bernie Madoffs and Richard Scrushys of the world, whose personal belief systems will always elevate them, in their own minds, beyond the laws and rules of a functional, working society. But what about everyone else? Can we not create a culture in which unethical, illegal behavior is scorned, where the possibility of improper behavior is the outlier, and can be easily outweighed by the group who wants to do right? Of course we can! One of my greatest regrets of HealthSouth is that we permitted a fraud to begin. If I had stood up alone, I would have simply been fired. An African proverb states, "One twig alone is easy to break. Many twigs bound together cannot be easily broken." What if our culture was that of we will not cross the line? The fraud would not have started, would not have grown, and the company would have been perfectly successful without it.I am frequently asked if I believe that the whistleblower protection provisions in Sarbanes-Oxley (SOX) and Dodd-Frank may prompt employees to come forward sooner in the future. Yes and no. SOX required that all public companies establish an anonymous whistleblower policy. Dodd-Frank added a tremendous incentive for whistleblowers through a bounty system. A person providing "original information" leading to a settlement with the SEC of over $1,000,000 would be eligible to receive a bounty reward of 10–30 percent of the resulting settlement. For the point of clarity, the HealthSouth fraud was revealed
Referência(s)