Material Weaknesses, Stock Price, and Technology

You've likely heard the idiom "shouting 'fire' in a crowded theater."

First coined by Supreme Court Justice Oliver Wendell Holmes, Jr. in his decision in the early 20th-century case of Schenck v. United States, the saying roughly translates to causing panic by words or actions.

For financial professionals, there's no greater panic than a material weakness. The mere whiff of the possibility of a material weakness in a public company's reports—the "fire in a theater"—is enough to cause panic inside the company.

And, that's not to mention the powerful reaction it stirs up in shareholders. It's not often pretty, as recent cases indicate.

“The mere announcement of a material weakness, independent of the auditor opinion, appears to solicit a negative reaction from investors,” finds a study from Glass, Lewis, and Co. (More on that study later in this article.) 

The correlation between material weaknesses and stock price decline isn't just anecdotal, either. Here are three studies that show a link between the two, along with some actionable next steps for companies who have experienced (or fear) a misstatement or weakness.

Study One: Deficiencies, disclosures, and material weaknesses in 2019

We did a little number crunching ourselves. Using Audit Analytics, Workiva looked at the performance of all the companies on the New York Stock Exchange (NYSE) and Nasdaq Stock Market, and then contrasted that performance against any material weaknesses, deficiencies, or disclosures incurred that year.

The results were pretty stark:

Companies that reported a material weakness in 2019 experienced:

• A 90-day average drop of 6% in stock value
• A 6-month average drop of 11% in stock value
• A 12-month average drop of 19% in stock value

Study Two: Glass, Lewis & Co.

In their report, Glass Lewis, an American proxy advisory services company, examined companies with a market capitalization in excess of $75 million. About 11 percent of these companies disclosed a control deficiency between Jan. 1, 2004, and May 2, 2005.

The number of companies that disclosed a material weakness—the most severe control problem—totaled 586 for the first four months of 2005, compared with 313 for all of 2004, according to the report.

According to the report, on average:

• Share price dropped .67 percent one day after a material weakness
• Share price dropped .90 percent 7 days after a material weakness
• Share price dropped 1.96 percent 30 days after a material weakness
• Share price dropped 4.06 percent 60 days after a material weakness

(Note: this report was published 15 years ago—before the recession—which explains the dissimilarity from the previous report. Today, there's even greater sensitivity to financial risk than there was in 2005, explaining the more drastic numbers.)

Study Three: KPMG material weakness study

In a 2019 study, KPMG analyzed annual filings released by SEC-registered public companies between November 2014 and May 2019.

Three key takeaways from their report:

• Of the 731 companies that filed a report between 2014 and 2018, 213 companies (almost a third) disclosed MWs in multiple years
• Common reasons why material weaknesses occurred were IT, software, security, and access issues; and inadequate control design; and segregation of duties, among others
• From 2017 to 2018, the study noted a 12% increase (from 28% to 40%) of material weaknesses with information technology, software, security and access issues at their root

How to protect yourself (or recover) from a material weakness

If you're a part of a team that can see the writing on the wall, the waiting period before your material weakness goes live can be nerve-wracking. And, after the fact, the tone of your office and work may not be the same after the news goes public. Neither are fun situations to be in.

Whether you're expecting a material weakness to come down or have recently gone through one, putting a focus on the people, processes, and technology at the heart of your reporting and compliance function can help. (These three tenets are also the core of what makes thriving, connected, and mature organizations.)

Focus on your people

After a difficult incident, sometimes teams need to be abandoned and others built in their place. Rotate team members to expose members to different aspects of reporting and compliance.

Host a risk workshop. Invite different stakeholders to collaborate in the risk assessment process. Or, consider meeting with each of your key control owners or process owners—the face time will be invaluable to the rest of your process throughout the year.

Align expectations. Build rapport between members of the C-suite and the board to ensure there's smooth communication. With your executives and board members, talk about your biggest risk areas, and get a better understanding of what they are. Have in-depth discussions on why they are risks and what controls are and are not in place.

Centralize communication. A flurry of ad hoc emails, texts, and IMs might not be the best approach to get sign-offs on critical management reports. Have regular communication with functions, and centralize that dialogue on a single platform.

Focus on your processes

According to an article by CFGI, many of the common root causes of material weaknesses, including inadequate segregation of duties and ineffective management review procedures, are related to processes. Accordingly, a realignment of processes is mandatory in the wake of a material weakness.

Investigate agile. Simply put, agile is a methodology based around iterative development across cross-functional teams. Whether that means rotating teams or work in time-bound sprints, it can accelerate product development, accommodate change, and drive productivity.

Run assessments more frequently. Risk assessments aren't exclusively a thing that should be conducted once or twice a year. Hone your processes to permit the work to be executed on an ongoing basis.

Put focus on policy management. Policy management is a crucial component of a larger corporate governance, risk management, and compliance (GRC) program. Are the right ones in place? Do any need to be added?

Focus on your technology

The technology your team uses has a direct impact on the quality of submitted reports and on the sanity of the team who creates them.

De-fog the report process. Invest in technology that permits line of sight into the whole spectrum of your work, and see the status of issues and remediation right when you need it.

Break down barriers to access. Don't leave executives in the lurch with their requests for data. Hone in on the data, and unearth the up-to-the-second information that powers your company.

Weak technology is an existential threat for organizations

As discussed in KPMG's report, the technology teams use—or don't use—frequently plays a part in their material weakness. More pressing yet, the role software, security, and access plays with these shortcomings is on the uptick.

Time and again, companies use disconnected technology like Microsoft Office^® to manage delicate, nuanced financial reporting and compliance processes.

In this case, taking a step back in the immediate sense is taking a step forward for the future. When you infuse stronger technology into your entire controls process, you enable your entire team to work more efficiently, and teams get unparalleled visibility into the entire process and the data within. Clarity means control, and control means eliminating unwanted surprises.

Each of these reports further prove that investors see material weaknesses as a "fire in a theater." For the firefighters in your organization, the best extinguisher in your arsenal is technology.

For more detail on how to expand the technology your function uses and protect against material weaknesses, check out our new guide, "Your Map to a Thriving Integrated Risk Program: A Maturity Model for Connectivity, Communication, and Trust."

Microsoft Office is a registered trademark of Microsoft Corporation in the United States and/or other countries.