Archive for May 10th, 2008
Dave Welch, Banking Whistleblower’s Neverending Story
The Whistleblower’s Unending Story
By Adam Geller
The Associated Press
Saturday 26 April 2008
Columbus, Ohio – The guest lecturer steps to the front of classroom 322 with a lesson plan, but not from any textbook.
Instead, Dave Welch comes with a story to tell, edgy and very personal. The names have been changed, he says, “to protect the guilty.”
He directs students to the corporate financial forms projected on to a screen. Years ago, working at a small-town bank in the Virginia mountains, Welch combed through these figures and saw things that made him suspicious.
When he confronted the bank’s president with his doubts, it cost him his job.
The story might have ended there. But this time – months after titanic scandals capsized Enron and WorldCom – things would be different.
There ought to be a law, Congress decided, protecting workers who expose what might be the next Enron. Who could’ve imagined the fight between the little bank and the fired accountant would become the new measure’s most unlikely – and most strenuous – test?
More than 1,000 self-professed whistleblowers have come forward since.
The great majority have seen their cases rejected; about 160 settled before an initial ruling. Only six workers have won before a Labor Department judge – and the review board that hears appeals has not ruled in favor of a single whistleblower.
Now, Welch is ready to bring his story to a close. It’s not easy, though, to conclude something that winds on without an ending.
”This is the message the courts are sending to whistleblowers,” Welch says, the Tennessee in his voice taking on a chill. A new image beams on to the classroom screen – a pack of hunting dogs. In their midst is the prey, a nervous fox, head down low.
”When you’re in deep trouble, keep your mouth shut and your eyes straight ahead.”
Six years ago, Americans embraced whistleblowers as a new kind of hero.
If only Sherron Watkins’ warning had been heeded, Enron might have survived, some said. Then an auditor, Cynthia Cooper, exposed massive bookkeeping fraud at WorldCom.
The “year of the whistleblower,” one magazine crowed.
In July 2002, President Bush signed a new law, known as Sarbanes-Oxley, requiring top executives to stand behind financial statements and work to prevent fraud and abuse.
But the law also spoke to corporate foot soldiers, offering whistleblower protection – albeit with loopholes.
From the start, though, that protection came into question. Hours after Bush signed, a spokeswoman said the administration believed it applied only to whistleblowers who talked to a Congressional committee pursuing an investigation.
”I don’t see any room for interpretation here,” responded one of the measure’s authors, Sen. Chuck Grassley, R-Iowa. “Our intent was plain, to protect corporate whistleblowers, period.”
Months later, tensions flared inside Cardinal Bankshares Corp., a holding company for the local bank in one-stoplight Floyd, Va., population 432.
Welch, the chief financial officer, refused to sign financial statements, saying they overstated profits. He told bank president Leon Moore he suspected him of insider trading. Moore was furious when Welch compared his 53-employee bank to Enron. The bank’s board fired Welch.
He turned to the federal Occupational Safety and Health Administration, which enforces whistleblower protection. An investigator determined the bank was not at fault.
But a federal administrative law judge saw it differently. The new law “was expressly enacted by Congress to foster the disclosure of corporate wrongdoing and to protect” the workers responsible, the judge wrote in early 2004, ruling the bank should reinstate Welch.
The decision made Welch the first worker protected by the new law. Now came the acid test: What was that protection worth?
There’s not much call for accountants in the small towns of the Blue Ridge, much less for one battling his former employer.
But Welch, attached to a 22-acre farm bought from his wife’s grandparents, was determined to stay. He spent six months sending out resumes and going to job interviews.
Afterward, though, employers seemed to vanish “into a black hole not to be heard from again,” he says.
With unemployment checks running out, Welch listened when a friend recommended a finance job at a hospital 3 1/2 hours away. He rented an apartment there, driving home on weekends.
The job was eliminated in cost-cutting a little more than a year later. But shortly before, the Labor Department judge ruled in Welch’s favor. The couple, who stumbled on the decision while checking e-mail during a vacation, embraced in the hotel lobby.
But the bank – denying Welch’s accusations and accusing him of insubordination and incompetence – would not give in.
”We determined through a thorough and fair investigation that there was no merit to Mr. Welch’s complaints,” the board wrote in the weekly Floyd Press. “We believe our decision was right then and we believe even more firmly now that our decision was correct.”
The bank appealed, investing in a case it saw as setting a crucial precedent.
”We just said, look, we’re not going to set back on this,” Moore says. “We’re going to fight it.”
Moore says people came up at the bank’s annual meeting and urged the company not to give in. He took his viewpoint on the road, speaking about the case to banking industry groups.
Meanwhile, Welch decided that to find work, the couple would have to move. He became convinced of his status as an exile when he ran into a former co-worker at the counter of the Floyd Pharmacy.
”She looked around to see if anybody was watching her,” Welch recalls, “and she said, ‘Excuse me, I can’t talk to you,’ and she walked away.”
Congress sent a straightforward message to would-be whistleblowers.
A worker didn’t have to be right. If the worker “reasonably believes” their company has broken securities law or harmed investors, and showed they’d been retaliated against for speaking up, that was enough.
But when the Labor judge ruled for Welch, the promise of resolution dissolved in a protracted tug-of-war.
The bank argued the ruling was not a “final” order. Taking Welch back was impossible. He’d already been replaced and reinstating him would severely disrupt life inside a small company where he was clearly not wanted.
Nearly 2 1/2 years after Welch was fired, the judge again ordered reinstatement and back pay. The company refused. The question of what to do bounced between Labor officials, federal court and the Administrative Review Board that has the Labor Department’s final word.
Federal lawyers argued the bank had to take Welch back, even if temporarily.
In spring 2006, the ARB, too, ordered Cardinal to take Welch back on a temporary basis. The bank again refused.
In October 2006, four years after Welch’s firing, a U.S. District Court judge in Roanoke, Va. declined to enforce reinstatement, while expressing concern.
”The delay in the administrative process has been inordinate,” Judge Glen Conrad wrote.
By then, the accountant had long given up finding another job locally. Down to one paycheck, the Welches say they burned through $115,000 in investments. In late 2004, they sold the farm where they’d hoped to retire.
Meanwhile, debate grew over Congress’ effort to protect whistleblowers.
Lawyers for companies say many corporate whistleblower cases failed because they are frivolous, brought by angry workers looking to settle a score.
In the few cases like Welch’s that moved forward, the government has investigated carefully, determining that much of what workers allege is beyond the law’s scope, said Michael Delikat, a New York attorney who represents employers in such cases.
Critics disagree. The Labor Department has been “defining more and more whistleblowers out of protection,” said Richard Moberly, a University of Nebraska law professor who analyzed the outcomes of such cases.
Labor Department officials say they are administering the law as it was written.
”We’re trying to apply things and understand them,” said Nilgun Tolek, director of OSHA’s whistleblower protection office.
The law, she says, applies to workers who report suspected wire fraud, bank fraud and other specific misconduct: “While some people may see that as reading the statute too narrowly, that is what the statute says.”
The Labor Department’s effectiveness is reflected, at least partly, in its brokering of settlements between workers and employers, officials say.
But critics note how few decisions favor workers. Through February, the government had ruled in 1,091 Sarbanes-Oxley cases, coming down on the side of workers just 17 times in initial rulings.
”The carefully targeted legislation that you’ve described is legislation that has failed to protect people,” Rep. Tim Bishop, D-N.Y., said at a House hearing last year .
The promise to protect whistleblowers is falling well short of expectations, Moberly says.
The prime example, he says, is the odyssey of Dave Welch.
Without work, Welch went back to school. When Franklin University in Columbus, Ohio called about a job early last year, he said a prayer.
At the end of his interview, Welch was shown in to the office of Paul Otte, the school’s president at the time.
Otte is a blunt-spoken long-ago Marine who sits on two corporate boards. He’d heard about Welch.
”Let me ask you,” Otte said. “Did you refuse to certify (the bank’s financial statements) or did you sign them and then blow the whistle?”
”I refused to sign,” Welch said, unsure which was the right answer.
It was good enough for Otte, who’d just written an article preaching this message: “The greatest failures resulting from unchallenged authority have occurred when people reporting directly to the CEO lacked the courage to challenge their boss.”
Last July – nearly five years after Cardinal fired Welch – the Labor Department’s review board ruled in favor of the bank. As a trained accountant, Welch could not have “reasonably believed” that the financial reports he objected to were problematic, the board said.
The ruling came weeks before Welch started his new job, supervising introductory accounting classes.
He makes the rounds of classes, offering his experience as a window into the real-world choices students will be expected to make.
But he and the bank have continued battling.
Soon after the review board ruled, Welch appealed. The case is set to be heard by a federal appeals court in Richmond, Va. in mid-May.
Both the accountant and the bank say they deserve to win. Both say that, whatever the court decides, the case may well continue.
Moore, the bank president, acknowledges Cardinal has spent heavily, but says it never considered settling. The stakes are too high to compromise.
”If you don’t stand up for what you think’s right, then you don’t really need to be in this business,” Moore says.
At least on that, the two men can agree.
Add comment May 10, 2008
Pentagon IG’s Troubling Handling of Tenebaum Case
FOR IMMEDIATE RELEASE
Contact: Beverley Lumpkin, 202-347-1122
Pentagon IG’s Handling of Tenebaum Raises Troubling Questions
Serious Conflicts of Interest Deserve Review
Washington , DC . – The Project on Government Oversight has obtained a cache of documents from inside the Pentagon’s Inspector General’s Office that raises a variety of questions, troubling and even bizarre:
http://pogoarchives.org/m/go/ig/attachment-a.pdf http://pogoarchives.org/m/go/ig/attachment-b.pdf http://pogoarchives.org/m/go/ig/attachment-c.pdf
http://pogoarchives.org/m/go/ig/attachment-d.pdf
An ongoing major review of the Inspector General system undertaken by the Project On Government Oversight last fall strongly supports the absolute necessity for all IGs to have access to independent legal advice, free and clear of their agencies’ general counsels. (http://www.pogo.org/p/government/go-080228-ig.html) At present the only one of the 30 Presidentially-appointed IGs who lacks such unencumbered legal counsel is the DOD Inspector General. Legislation to amend and improve the IG law (S.2324), as well as the Senate Armed Services authorization bill, both address this situation and would require the DOD IG to retain his own counsel answerable only to him.
The case of Army engineer Dr. David Tenenbaum vividly illustrates why it is intolerable for the DOD IG not to have his own counsel. In a recent letter to key members of Congress, POGO brought the Tenenbaum case to their attention. (http://pogoarchives.org/m/go/ig/levin-letter-20080501.pdf)
In that letter, POGO Executive Director Danielle Brian said: “We believe there will always be a basic conflict of interest between the agency general counsel, whose job is to protect and defend the interests of the agency, and that of the inspector general, who must expose waste, fraud, abuse and other misconduct committed within that agency.”
Among the several questions which need to be raised:
· Did anti-Semitism in an Army engineering office prevent the development of armor that could have protected the U.S. military in the field?
· Has an internal Defense Department Inspector General investigation been hijacked and its conclusions altered because of internal conflicts of interest?
· Does the general counsel to the Inspector General at DOD actually consider the IG his client, or is he instead beholden to the General Counsel of the Department, who has the best interests of the Secretary and the Department in mind?
Tenenbaum is a civilian mechanical engineer with the U.S. Army Tank Automotive and Armaments Command (TACOM) in Warren , Michigan , where he created a program designed to upgrade the armor on the Army’s light armor vehicles, including Humvees. In the early 1990s, some of his colleagues and supervisors suspected that he was a spy for Israel . Tenenbaum was suspended[], his security clearance revoked, and the FBI launched an investigation of him. But the U.S. Attorney’s Office closed the case without bringing any charges. Tenenbaum returned to TACOM, but not to his previous position. In fact, the Army not only restored Tenenbaum’s security clearance but it upgraded his clearance from secret to top secret. He then filed a religious discrimination lawsuit but the case was dismissed on the basis of “state secrets privilege”; the Army attorney who recommended the assertion of that privilege was Uldric L. Fiore, Jr.
In 2006, at the request of Sen. Carl Levin (D-Michigan), the Deputy IG for Investigations was asked to examine whether Tenenbaum had been treated unfairly and been discriminated against because of his religion. After an investigation, the finding reached was: “Mr. Tenenbaum experienced religious discrimination when his Judaism was weighed as a significant factor …”
The questionable conflicts of interest arose when the investigators’ findings had to be okayed by the IG’s general counsel. But lo and behold: the IG’s general counsel was one Uldric L. Fiore, Jr., who did not initially disclose his former involvement in the case. When it was discovered, he initially refused to recuse himself. Once he was recused, the legal “scrub” was assigned to his staff members, one of whom is Charles Beardall who had preceded Uldric Fiore as the Chief of the Army’s Litigation Division.
The documents received by POGO show that those staff members have now apparently decided to ditch the investigators’ original finding of discrimination. An internal email obtained by POGO says that at an upcoming “Tenenbaum meeting,” one of those staff members “will be spotlighted for a progress account of his re-tooling of the report based upon Army input and changing the discrimination finding.” [Emphasis added]
POGO has asked Members of Congress to intervene to ensure that the original findings will not be altered. Further, POGO urges that the pending legislative provisions requiring the DOD OIG to have an independent general counsel will be passed and signed into law.
###
Founded in 1981, the Project On Government Oversight is an independent nonprofit which investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government.
Add comment May 10, 2008
Boeing responses to questions: Round two
http://seattlepi.nwsource.com/business/323842_boeingqa217.html
Boeing responses to questions: Round two
Last updated July 16, 2007 10:08 p.m. PT
These are the P-I’s second round of questions and Boeing’s written responses.
· Some organizations, including Standard & Poor’s, encourage full disclosure of deficiencies even though law does not require it. What factors went into Boeing management’s decision not to discuss internal control deficiencies in its filings to the Securities and Exchange Commission?
A: Standard & Poor’s is a rating agency and provider of financial market intelligence. It has no regulatory jurisdiction. Boeing discloses all relevant material information in its public filings with the SEC. While we respect S&P’s opinion as described in your question, there is no requirement for a company to disclose significant deficiencies. We are confident we are meeting all disclosure requirements for a public company.
· It appears that Boeing missed almost every key 2006 benchmark to satisfy to Deloitte & Touche that its IT compliance troubles should not constitute a material weakness. Why wasn’t Boeing able to finish all of its 2006 IT SOx testing? What is keeping testing pass rates below 90 percent? What reassurances was management able to provide Deloitte to deter it from elevating the significant deficiency that had been in place since 2004?
A: We will not speak for Deloitte & Touche. But for our part, we politely refute the premise of your question(s).
Boeing Corporate Audit did complete all testing requested by IT management for 2006. That testing was completed in early 2007 and prior to the IT ratings and management certification. Any controls that remained open were due to not having sufficient sample sizes available. In these cases, Boeing tested as many samples as were available.
Pass rates for Boeing’s 2006 SOX IT testing were above, not below, the figure you reference. That includes select controls that had failed earlier tests, and required remediation and successful re-testing. While Boeing set certain internal challenges around “first-time” pass rate (which is presumably what you are referencing in your question), what matters ultimately is overall pass rate, and that is above what you cite. It is simply incorrect to suggest something is “keeping pass rates below 90 percent.”
Independent external auditors do not issue opinions based on “reassurances from management”; they do so based on their own assessment of findings based on rigorous procedures that are independent from company management. Our external auditor issues two opinions at the end of each year related to Boeing’s internal control over financial reporting. One provides an opinion on whether management processes to evaluate their internal controls is effective; the other concludes whether Boeing’s internal control over financial reporting is effective. As disclosed in our 2006 10-K, Deloitte issued an independent and unqualified opinion on both management’s assessment process and the effectiveness of Boeing’s internal control over financial reporting.
Finally, it’s important to note that determination of SOX compliance and categorization of material weakness is ultimately a binary event as of the closing date. While a project may have internal “benchmarks” or schedules designed to organize efforts, there is no direct correlation between meeting internal schedule milestones and classification of deficiency or weakness as of the closing date. Any internal milestones on the project were not related to mitigating a material weakness, as you suggest, but rather to ensuring an efficient audit schedule and use of resources.
· In your last response, you said that you believe you are SOx compliant. Considering that in the 2006 fiscal year, Boeing’s information technology division had “not demonstrated a robust control environment,” how is that possible?
A: While we are not sure what document you are apparently quoting from, we reaffirm our previous statement of Boeing SOx compliance.
Being SOx compliant does not require zero deficiencies. It requires that mechanisms are in place to effectively identify, evaluate and remediate any deficiencies to the internal control structure. It also requires that appropriate reporting occur based on the significance of those deficiencies. And it requires that deficiencies are remediated within a reasonable time period. All of those activities were in place and occurred throughout 2006.
· Your last response said, “We have focused on documenting IT controls in appropriate detail and on demonstrating the operational effectiveness of our controls.” How did management assert that controls were effective in its 302 and 404 statements, if the internal staff only audited operating effectiveness, and not design?
A: Boeing Corporate Audit is chartered with performing operational effectiveness tests and therefore was not asked to assist management in their design effectiveness assessments. Process owners and our SOx teams perform the design effectiveness assessments as part of our overall compliance strategy and did so in each of 2004, 2005 and 2006. We have chosen to split the responsibility along the lines that focus on where our best assessments can be determined. Corporate Audit has experience in testing against a process or design. SOX teams and process owners need to be able to assess the design of their controls effectively and they have the expertise in this area.
· What is Boeing doing to mitigate security weaknesses with its database design? We understand that the company is implementing application-level controls to address the segregation-of-duties concern and that audit tests in 2007 are improving. What changes is Boeing making to its IT infrastructure to drive those improvements?
A: Through auditing and SOX IT testing, Boeing identified an opportunity to further strengthen an element of database design involving select administrators having access to all aspects of the database to perform required functions. This necessary, so-called super-user access is a common issue across the industry. Because super-user access also includes the ability to change data, we have taken action to reduce the level of access to as few personnel as possible and monitor to ensure access remains at minimal level needed. We have also put in place logging of database activity where appropriate and review those logs regularly for any irregularity. In addition, controls exist in the business side that monitor the validity of the data resulting from our databases that would identify intentional or unintentional misstatements resulting from the database administrators having the super-user access to the database and the data contained within.
· Regarding the deficiency around database segregation of duties: Why didn’t Boeing implement additional database security to address the problem?
A: Boeing took actions around additional database security as noted in the prior question. Implementation of corrections occurred across 2006 and Q1 2007.
· SEC filings show that Boeing has not disclosed any major internal control changes in response to control deficiencies. Does this mean that you are not addressing your deficiencies?
A: While there is a requirement for companies to disclose any material changes to their internal control over financial reporting, none of the changes we have made in our IT general computing control environment fall into this category. Our effort has been on improving our documentation and in being able to provide sufficient evidence to support our tests. These types of changes are not changes to our underlying processes and therefore are not required to be disclosed. Boeing has disclosed all items it considered material changes to its internal control over financial reporting.
· The Institute for Internal Auditors holds the standard that internal audit staff should not also design controls. How was Boeing able to reconcile that in 2006, for a period of at least two months, PricewaterhouseCoopers consultants provided services to both the IT and Audit teams? (We understand that a separate PwC partner is handling each side for 2007.)
A: (Boeing did not provide an on-the-record response to this question.)
· On Nov. 9, 2006, PricewaterhouseCoopers partner Glenn Brady took Boeing employees to dinner and a show at a comedy club in St. Louis. The next year, Boeing expanded PwC’s co-sourcing contract. Doesn’t this violate Boeing’s ethics rules?
A: Boeing employee attendance at the referenced event was approved in advance. The PwC host requested and received permission from the Boeing Director of Financial Compliance before inviting Boeing SOX employees. The event was part of a scheduled SOX working group offsite held at the Company’s offices in St. Louis.
The referenced event does not violate Boeing’s ethics rules or its policies governing acceptance of business courtesies. As documented in official procedures, employees may keep a business courtesy (including meals and entertainment like that referenced) that promotes successful working relationships and goodwill with persons or firms with whom Boeing may do business. Such courtesies include infrequent business meals and entertainment that are shared with the person who has offered to pay for the meal or entertainment. Employees are encouraged to use good judgment and decline invitations that create a perception of undue influence.
At the time of the dinner, PwC had already been retained for Boeing SOX for several months and was slated to assume select additional duties in coming months as our other SOX consultant, JWI, completed its assigned workscope. JWI had been told in 2004 that Boeing would eventually phase the firm out as documentation was completed. That occurred at the end of 2006, though some 30 JWI employees are still retained on a variety of duties at Boeing.
· Boeing has stored the results of its audits in an open data tool, giving many employees access to sensitive information about weaknesses. What is Boeing doing to mitigate that problem and protect that data? Is protecting it a priority? How can management be sure that, that information was not stolen and being used by someone who would want to commit fraud?
A: Boeing’s Corporate Audit and SOx IT team has a culture of open communication and process ownership; this is critical to ensuring employees have the information they need to do their jobs. The SOX team (which includes approved consultants and auditors) uses certain documentation or information-sharing tools to accomplish its work. Those tools have built in security and user access controls that are designed to permit access on an as-needed basis. We review quarterly the access lists to ensure access remains limited to those with a need-to-know. Access to certain, more-sensitive information is subject to even stricter controls and monitoring (by-name access). Boeing has a strong commitment to information protection and we regularly train and educate employees and vendor-partners on the proper handling of information
We have a culture that sets expectations of each of our employees to conduct themselves with the highest levels of integrity and ethical standards. There is no tool that will monitor an employee’s character or prevent dishonest and unethical employees/vendor-partners from stealing or committing fraud.
· What is Boeing doing to address the perception that management has created a threatening environment among auditors and IT staff? We have been told that there is an emphasis on making Boeing appear compliant, rather than actually be compliant.
A: Boeing strongly rejects any suggestion of an emphasis to “appear compliant” with SOX. Our goal has always been actual compliance and a strong control environment and it remains so. As described before, we have contributed significant resources and talent to meeting the challenge of achieving SOX compliance. To suggest those efforts were aimed at anything less than achieving actual SOX compliance is simply wrong.
While there was a sense of urgency and import around Boeing’s SOX efforts last year, at no time were employees encouraged to do anything other than the right thing. Scott Griffin’s November 2006 message to all employees working on SOX that “our objective is a strong set of computing controls, not simply passing a series of SOX tests” is indicative of the company’s committed approach to meaningful compliance.
Also wrong is the suggestion “management has created a threatening environment” around SOX. While we cannot speak to every employee’s individual interpretation, we are not aware of the “perception” you reference and in fact can cite repeated communications aimed at creating the opposite of a “threatening” environment.
Boeing leadership is committed to ensuring a culture of open and honest debate. We believe the fact that at least some SOX-IT participants felt comfortable voicing concerns about challenges encountered during the testing process — and engaged in candid discussions with management about those challenges — reiterates we have an open culture where issues can be raised.
· Why are quality ratings for auditors based on the number of their findings that are reversed?
A: Boeing uses several factors to determine auditor quality ratings on their internal performance reviews. One of those factors, among many, is accuracy of findings.
In 2006 Corporate Audit kept track of auditor productivity, which was number of controls tested and cycle time. There is an established escalation process whereby if IT doesn’t agree with the audit results they can ask for an escalation or a review of the test results by higher management to determine if the conclusions reached by the auditor were correct. That review follows documented, objective criteria. In 2007, as an organization, Corporate Audit is tracking the number of times the audit findings were reversed upon management review as a quality check on the accuracy of our audit findings.
· : Describe in detail the process by which company leadership gets comfortable with what they need to know to certify. How do people at the top of the organization get informed enough about what’s happening further down the chain to say with confidence the company’s controls are robust?
A: Open and frequent communication at various levels within our organization on the results of our internal testing and the results provided to us by Deloitte of their testing is the primary method all levels in our organization use to support their certification. Process owners are informed of all test results, financial accounting and IT organization first-line managers are aware of the test results in their areas, senior finance and IT leadership have full visibility and weekly status on the results of their tests and progress of any necessary remediation; executive leadership is also provided monthly updates by compliance leadership and by Deloitte on status and quality of the tests being performed.
The Boeing Audit Committee receives at every meeting a report on the status and quality of our testing by finance leadership and independently by Deloitte. Additionally, Office of Internal Governance senior leadership provides to the audit committee any instance of fraud that has been alleged and any and all reported cases sent through the ethics or SOx whistleblower hotlines and a status and conclusion on each.
· Why did Richard Nanula, who was an audit committee member, resign from the Boeing board?
A: Per the company’s corporate governance principles, directors who change the occupation they held when initially elected are expected to offer to resign from the Board. Mr. Nanula’s letter was received May 4, 2007, and it became effective immediately. Mr. Nanula recently resigned his position from Amgen, which stated he was leaving to pursue other opportunities. It is not unusual for executives to evaluate outside board commitments in the event of a change in professional status. Mr. Nanula would be the best source for any further information on his future plans.
Add comment May 10, 2008
Boeing responses to questions: Round One
http://seattlepi.nwsource.com/business/323843_boeingqa117.html
Boeing responses to questions: Round one
Last updated July 16, 2007 10:08 p.m. PT
Before providing executives for interviews, The Boeing Co. asked the Seattle P-I to outline its questions in written form. The P-I submitted two rounds of questions, which are displayed here along with the company’s official responses.
Boeing’s summary statement:
Boeing is confident in the integrity of the company’s overall control environment and in the accuracy of our financial statements, both of which have been independently audited by our independent external public accounting firm.
Like many other companies, Boeing has worked very hard to meet the challenge of SOX compliance with respect to information technology (IT) systems. It has not always been easy, but we are committed to high standards and effective internal controls. We continue to make significant progress in improving the execution of our IT controls and are confident that they contribute positively to the effectiveness of our overall system of internal controls over financial reporting. The company has applied and will continue to employ significant resources to assure that we are applying acceptable standards and best practices.
Boeing is committed to operating with the utmost integrity in our financial reporting, internal control framework, and legal and regulatory compliance activities.
· Please describe the issues Boeing is facing in making its IT systems Sarbanes-Oxley compliant.
Answer: Boeing, like many other companies, is working hard to meet the challenge of SOx compliance with respect to its information technology (IT) systems. We have focused on documenting IT controls in appropriate detail and on demonstrating the operational effectiveness of our controls. Although we identified some exceptions in our processes, at no time were these findings determined to be a material weakness in our internal controls over financial reporting. To ensure we are benefiting from industry-wide best practices, we have engaged two of the industry’s leading firms to provide support, advice and testing assistance. Boeing has been and remains SOX compliant within IT.
· Detail Boeing’s past and present timeline for bringing IT systems into Sarbanes-Oxley compliance.
A: We believe we are SOX compliant. Nonetheless, our efforts are focused on eliminating any exceptions to our processes and, in the spirit of continuous improvement that we apply throughout all of Boeing’s activities, we are focused on eliminating any exceptions to our processes and to constantly enhancing and refining those processes.
· Describe concerns external auditor Deloitte & Touche discussed with Mr. Bell at their recent meeting on the status of information technology Sarbanes-Oxley at Boeing.
A: We do not generally comment on matters discussed in internal Boeing meetings. We can confirm, however, there are regularly scheduled monthly SOX status reviews with James Bell and in the mid-May meeting, among other things, attendees discussed good progress on SOX IT testing and leadership reiterated commitment to the effort.
· Describe Mr. Bell’s and Boeing’s plan to address those challenges.
A: We continue to communicate to, among other matters: (1) ensure our teams understand our expectation of flawless execution of our processes; (2) provide training and support to the control performers to help ensure they understand the documentation and evidence requirements necessary to demonstrate compliance with our controls; (3) constantly monitor our execution of our controls in accordance with our processes.
· Describe the role of information technology in corporate governance and financial reporting at Boeing.
A: Information technology plays several key roles in Boeing’s application of its internal control framework (which is based on the COSO framework). (1) IT provides strategy, policy and direction related to the security, management, and monitoring of Boeing’s information and data; (2) IT deploys processes and controls that mitigate specific risks related to infrastructure management; application and data integrity; and information security; and (3) IT interacts with the finance and operational organizations within Boeing to provide necessary information and communications support.
Boeing IT uses in-house developed best practices as well as those identified within the IT control framework of CoBIT.
· Describe how Boeing reports SOx compliance issues to its board, audit committee and shareholders.
A: Board and Audit Committee Communication: Regular reports are provided to both the audit committee and the board. Financial reporting topics, including our internal controls over financial reporting, are discussed at each audit committee meeting and our internal and independent external auditors attend all such meetings and present updates on the progress of their work.
Shareholder Communication: At the time Boeing files its 10-Qs and 10-Ks, the Boeing CEO and CFO are required to certify under SOX Sections 302, 404 and 906. As required, they provide a letter to shareholders providing a conclusion of their assessment of Boeing’s internal control over financial reporting. Our 10-Ks include our independent external auditor’s opinions on our financial statements, on our assessment of the effectiveness of our internal controls over financial reporting, and on the effectiveness of such controls at year end.
· Describe the role of PricewaterhouseCoopers’ co-sourcing in IT and audit.
A: PricewaterhouseCoopers (PwC) was engaged in April 2006 to partner with our Corporate Audit team to help Boeing management understand, assess and test the effectiveness of our internal control system over financial reporting. Under SOX, management must come to its own conclusion about control effectiveness. Separately, our independent external auditor — Deloitte — must also test and opine on the effectiveness of the controls.
In January 2007, a new and separate PwC team led by a different partner was engaged to help us with the facilitation of process improvement workshops. PwC is also helping Boeing to evaluate and address the implications of recently-released regulatory guidance of the PCAOB and SEC.
· Why was PwC hired to perform these activities?
A: PwC was brought in because of their extensive experience in testing SOX 404 controls for their clients. We felt that such experience is useful in leveraging our internal resources to assure that we continually improve our methodologies for evaluating our compliance with our control processes. PwC also was able to provide all required services when Boeing went to a single SOX vendor in 2007 (in keeping with a companywide effort to reduce the number of paid consultants). While we continue to engage contract employees from Jefferson Wells (JWI) to augment our internal staff when needed, JWI was told in 2004 that Boeing would eventually phase out the firm as documentation was completed.
· Describe how Boeing evaluates and contracts with consultants for internal audit and IT.
A: Generally speaking, contractors are evaluated individually based on capabilities, relevant experience, certifications, availability and cost.
· Describe how Boeing makes its 404 and 302 certifications (i.e. How do the C-level executives learn what they need to make their certifications?)
A: Boeing has a very detailed SOX certification process, which is outlined in a formal company procedure PRO-6471, “Disclosure Controls and Procedures Over the Finance Reporting Process.” Boeing’s multi-tiered certification process rolls up from process owners throughout the organization to senior management to C-level executives.
Controllers at our business units review the detailed results of SOX financial control testing in their businesses. They communicate aggregated results to each business unit CFO and CEO. This information is then combined with information from various corporate functional organizations and Finance functional leadership to provide our company CFO and CEO sufficient information on which to base their certifications.
· Regarding Deloitte’s finding of significant deficiency in general computing controls, please explain why it wasn’t reported to shareholders, why it is not classified as a material weakness, and how it is being addressed.
A: There is no requirement for a company, including Boeing, to disclose significant deficiencies. There is a requirement to disclose material weaknesses. However, we have no such material weaknesses and, accordingly, have made no such disclosure.
· How is Boeing addressing corporate cultural challenges, as outlined by Mr. (CEO Jim) McNerney, and how does that extend to Boeing’s SOX-IT process?
A: Boeing has been working to instill greater functional and process discipline, along with a culture where issues and concerns are discussed openly. Throughout the SOX IT compliance effort, candid discussions about the importance and the difficulty of the effort were and are common — and are encouraged — at all levels of the organization. While management set high expectations for these efforts, it is quite clear that the expectation is for performance with integrity, as always.
· Separately, on the matter of Robert Rice, the former supply chain management director who was convicted of fraud in 2005-06: How did Boeing catch him? Why was he able to manipulate the systems for as long as he did? And what steps has Boeing taken in response?
A: Boeing discovered Mr. Rice’s wrongdoing through established processes undertaken as a result of an internal complaint. We conducted a thorough investigation, turned over the information to the appropriate authorities, cooperated in their subsequent investigation and dismissed Rice. The amount of Mr. Rice’s fraud was about $300,000. While that represents a significant amount of money for an individual, in the larger scope of Boeing operations, it is clearly not material to our organization.
Details of Mr. Rice’s activities are outlined in Department of Justice case files. Following discovery of Mr. Rice’s activities, Boeing tightened processes and controls around applications and usage of company purchasing cards, increased the frequency of audits, and implemented several additional fixes as recommended by the Defense Contract Audit Agency.
Add comment May 10, 2008
Computer security faults put Boeing at risk
Failings could leave it open to fraud, theft
Tuesday, July 17, 2007
Last updated July 24, 2007 3:44 p.m. PT
By ANDREA JAMES AND DANIEL LATHROP
P-I REPORTERS
For the past three years, The Boeing Co. has failed, in both internal and external audits, to prove it can properly protect its computer systems against manipulation, theft and fraud.
Internal documents and interviews conducted over the past six months detail the angst and turmoil within the auditing and information technology wings of the aerospace giant. They also provide a rare glimpse of how the company that builds the most complex flying machines in the world has been stymied for years by a few obscure paragraphs in the Sarbanes-Oxley Act, the federal law enacted in the wake of the Enron scandal.
It’s a view of the company that stockholders don’t get to see.
Top company executives insist that the company is compliant with Sarbanes-Oxley and that its financial information is sound. But they acknowledged, in response to Seattle P-I inquiries, that the failings forced Boeing to scramble at the end of each year to assure that its financial information had not been affected.
And two recent theft cases — one involving documents that Boeing said could have cost the company $5 billion to $15 billion — underscore that the vulnerability of the company’s computer systems is not confined to Sarbanes-Oxley.
The continuing effort to fix the problem has cost millions of dollars. Boeing has had a full-time staff of dozens and, at times, up to 65 consultants charging from $115 to $500 per hour, engaged in testing the systems that affect financial reporting to prove it can lock its computer doors.
Boeing and its external auditors have rated the company’s inability to patch database and software development security holes as a “significant deficiency” with the computer infrastructure since 2004 — the first year it had to comply with the 2002 law. The failure has been deemed serious enough that for three years in a row, finance teams have spent the last 45 days of each year testing whether financial numbers are correct. Director of Financial Compliance Michael Zanoni said the “massive” effort in each case reassured the company that stockholders’ assets were safe.
The company says it is making progress.
“We are well ahead of schedule in our testing this year. We’re seeing significant improvement and are confident we will be able to close any outstanding issues later this year,” said Anne Eisele, Boeing director of finance communications.
Problems persist. Interviews and about 5,000 internal documents examined by the P-I show in detail the struggles created for Boeing — and perhaps for many corporations — by the post-Enron, Sarbanes-Oxley requirements, often referred to as “SOx.”
Among the problems the P-I found:
· Boeing’s internal audit findings were so poor — meaning that so many computer system controls were failing or evidence was missing — that external auditor Deloitte & Touche decided not to rely on the results for three consecutive years.
· Boeing exposed sensitive information about computer systems’ holes to employees who did not need access to all of the data, according to e-mails and interviews.
· An internal complaint was filed with the company’s ethics board that audit results had been manipulated. The company decided last September that the allegation was unsubstantiated.
· Some employees involved in the compliance process perceived a threatening culture. A late 2006 internal report said that employees felt they were being told that their jobs and salaries were “on the line,” and they were being pressured to produce evidence for audits “ahead of events occurring normally.”
|
|
Law meant to halt Enrons
Sarbanes-Oxley is a wide-ranging law aimed at preventing stockholder rip-offs such as the Enron scandal from happening again. Among its requirements, it forced public companies such as Boeing to shine a light on their internal controls. It must show it has checks and balances on people and computer systems to guarantee accuracy of financial statements.
No one has alleged financial fraud at Boeing, or claimed there is missing money. And the new law hit the airplane maker as it was in the midst of some of the biggest challenges it had ever faced, including developing an all-new airplane and an ethical makeover after a procurement scandal, the resignation of two CEOs, the jailing of a chief financial officer and revelations that it had stolen trade secrets from a competitor.
The federal guidelines for computer controls are unclear, and where the law is murky, auditors and company officials are left to fill in the gaps — facing criminal penalties if they are wrong. Companies are hungry for clarification on how to handle the information technology portion of Sarbanes-Oxley, according to The Institute of Internal Auditors, a leading professional association.
In 2004, Boeing considered how it would handle what would be a massive compliance effort for a firm that spans six continents and handles about $1 billion in transactions per week.
Corporate Controller Harry McGee set up a team to handle Sarbanes-Oxley the same way the company would tackle building an airplane, with daily progress updates. The company wanted to get it right — the first time — and parts of the corporation had no trouble, particularly the financial teams that were used to audits and strict standards.
First 2 years were ‘pure hell’
But Boeing’s information technology staff suffered.
“They weren’t used to being involved in a finance-related audit,” McGee said in a June interview at Chicago headquarters. “We drove process discipline pretty hard.”
One person involved in the compliance effort, who asked not to be identified, told the P-I that information technology managers thought the new rules would blow over and that workers were “openly hostile” to the audits. The level of rigor — for example, documenting every single approval for a coding change — was foreign to the get-things-done culture of Boeing’s computer professionals.
The employee described the first two years as “pure hell” for the information technology staff. Colleagues agreed. Even auditors were unhappy, leading to infighting last year between consultants at PricewaterhouseCoopers and Jefferson Wells — the two firms contracted to help Boeing with internal audits.
By the time 2006 arrived, Boeing was eager to eliminate its significant deficiency. But it didn’t.
In testing its computer controls, the company missed most of its important internal benchmarks last year, for the third year in a row, documents show. Auditor Deloitte decided it would do its own tests to come to its own conclusion about control effectiveness and decide whether to “close” the significant deficiency.
The result wasn’t good. An internal briefing document stated the company’s information technology division “has not demonstrated a robust control environment.”
In late 2006, Chief Financial Officer James Bell sent an e-mail to employees on the compliance effort telling them that “this performance is unacceptable.”
Chief Information Officer Scott Griffin, who led the information technology division through the Sarbanes-Oxley compliance effort, retired at age 52 on July 1. He declined to comment on the problems.
In its official response to the P-I, Boeing said that what matters most in Sarbanes-Oxley compliance is where the company stands at year’s end, and that “while a project may have internal ‘benchmarks’ or schedules designed to organize efforts, there is no direct correlation between meeting internal schedule milestones and classification of deficiency or weakness as of the closing date.”
Boeing officials say they are confident that its problems with general computer controls will be solved soon and they are happy with their progress, despite the inability for three years to resolve it.
“For the complexity of the stuff we do and the number of things we look at, it’s a strong system of internal control,” McGee said. “We’re working to try to optimize it.”
He firmly denied that the company has manipulated any results of its internal audits, as some employees have charged.
“Absolutely not,” he said. “I honestly believe there’s no fraud on this. Nothing.”
He said he must be comfortable with the corporate controls before recommending that Chief Executive Jim McNerney and CFO Bell sign off on control soundness, and that he trusts Boeing’s processes and its people.
Fortune 50 companies are better equipped to fix significant deficiencies, which makes Boeing’s problem unusual, experts say. Significant deficiencies were more common in 2004, when most major public companies had to begin complying with the law.
“Having them at the moment is a bit of a surprise, to be honest with you,” said Christopher Fox, a technology audit consultant who has co-written industry guidelines on the topic. “How did they get into this situation? I don’t know. I’m surprised they’re in it, this many years in.”
‘I’m sick of all this’
|
|
- See the complete e-mail here. (PDF)
To figure out how Boeing found itself in its fourth year of technology-compliance woes, the P-I contacted dozens of employees and contractors and read thousands of internal e-mails.
Senior managers said that compliance was always a top priority. But junior managers said they didn’t have enough resources. Auditors said that the information technology department was too resistant to change. IT workers said that auditors kept changing their minds about what they wanted and were too eager to fail controls.
Meanwhile, the experts at Jefferson Wells and PricewaterhouseCoopers spent hours — billed to Boeing — disputing each other’s findings.
“I’m sick of all this and I will be retiring as soon as I can process the paperwork,” wrote Michael DuPas, an IT worker, in a June 2006 message to managers and directors. “None of the core team, (corporate audit), or Deloitte folks view anything the same so everything is a nightmare of explanations, discussions. That is why SOx is failing in Boeing.”
Another IT worker, Bryce Lytle, wrote: “We’ve been at this three years, and these type of things come up almost on a daily basis. … As a company we can do better than this and I’m frustrated as to why we are not.”
Arguments ensued when managers overturned audit findings. Tension was rife between auditors and IT workers. “You are preventing us from getting results documented,” auditor James Estep wrote in an e-mail after discovering a control rated as “passed” that he had rated as failing. “Is that your intent?”
Another auditor, Macy Moring, warned managers that a large number of employees had access to the audit findings — practically a blueprint for how to commit and hide financial fraud at Boeing.
“We are talking all the potential ways of inappropriately manipulating our financial systems out there for the multitudes to see,” she wrote. “This one makes me very uncomfortable.”
DuPas has since retired. When contacted by the P-I, he said he would “only do a disservice” to the company by speaking about such a “loaded” topic. Lytle, Estep and Moring declined to comment.
McGee acknowledged that emotions were high, but he said that the same sentiment could be found in airplane programs — or any other instance where the company demands high standards under a tight deadline.
Experts contacted by the P-I were not surprised that the IT workers at Boeing did not greet the auditors as liberators, they said, though they said that the level of emotion seemed unusual. But experts did not agree on who was at fault; they blamed too-vague federal rules, too-picky auditors, too-complacent Boeing and every possible combination of each.
“This sounds really, really messy,” Heriot Prentice, director of technology practices at the Institute of Internal Auditors, said upon hearing all of the charges and countercharges without knowing that he was speaking about Boeing, specifically. “This sounds like a big mess.”
Companies have been monitoring their computer systems for years — but under Sarbanes-Oxley, it was the first time that all public companies were required by law to do so as a part of a company’s “internal control over financial reporting.”
That control requirement, often nicknamed “404 compliance” after its corresponding part of the law, has been the most controversial and expensive aspect of Sarbanes-Oxley — and federal rules are now under review. Many executives bristled at the soaring costs of information technology compliance.
This year, Boeing has overhauled its strategy so that it focuses more on potential risks. It is relying on the work of 33 auditors from Pricewaterhouse, 10 Boeing auditors and one from Jefferson Wells, though numbers fluctuate.
Why problems not disclosed
Federal accounting regulations say that companies have a “reasonable” time to fix deficiencies before they must be classified as a “material weakness,” and thus must be reported to shareholders. A material weakness is the technical term that means a company’s profit or revenue figures could be off by a large amount.
Some Boeing managers worried that the company’s external auditor, Deloitte, would elevate its evaluation of the problem to a “material weakness” if it went uncorrected, sources told the P-I.
“There was a lot of talk about a fear of a material weakness,” said one source who did not want to be identified. Other employees and e-mails confirmed that sentiment.
Deloitte never categorized the problem as a material weakness, even after the problem persisted for three years. Though Deloitte would not discuss the matter with the P-I, experts agree that an external auditor can keep mum on deficiencies if it feels that the financial statements are accurate and that the company is making progress toward fixing problems.
“It is unusual to have a deficiency stay out there that long, ” said Trent Gazzaway, managing partner of corporate governance at Grant Thornton. But, “it sounds like there has been progress made. … You have to look at the whole system together.”
Also, general computer control failures rarely result in material weaknesses, said Nick Tootle, a partner at Kaufman Rossin & Co., a large Florida-based accounting firm.
“There’s no bright lines,” said Tootle, who asked not to be told which company the P-I was examining. “It’s judgment, judgment and more judgment.”
Boeing officials did not call the problem a significant deficiency in on-the-record conversations with the P-I — to do so could be considered a disclosure under federal law, and such disclosures fall under strict guidelines.
Controller McGee spoke frankly about how much work went into compliance and how Boeing is addressing its computer control challenges. For example, the company has beefed up database security. Perhaps more important, the company says it has set up other procedures, such as manual checks, to ensure that data stay valid.
Boeing says that if it had a material weakness, it would have disclosed it, and that its problems do not affect its financial statements.
“Like many other companies, Boeing has worked very hard to meet the challenge of SOx compliance with respect to information technology systems,” Boeing said in a written response to P-I questions. “It has not always been easy, but we are committed to high standards and effective internal controls.”
Shareholders should be concerned if the significant deficiency is symbolic of a lax compliance ethos in management, says Romana Autrey, an accounting professor at Harvard Business School. That the problem persists at a large company does raise questions, she said
“This is a tone-at-the-top kind of problem,” said Autrey, who also asked not to be told the company’s name.
Stronger controls over computer systems also better prevent errors from slipping through — and that’s a desirable thing, experts say.
“If somebody can’t get into the system, you don’t need somebody else to check the report 75 times to make sure nobody messed with it,” Tootle said. “In a Fortune 50 company, that’s a pretty big task.”
The larger question
In 2006 alone, Sarbanes-Oxley compliance cost Boeing $55 million, according to the company — about the list price of one new 737 plane. A lot of that money has gone to the external auditor, Deloitte, and other large accounting firms that helped with its internal audit, including PricewaterhouseCoopers and Jefferson Wells.
In mid-May 2007, CFO Bell met with auditors from Deloitte to discuss the status of information technology compliance, sources said. Boeing confirmed that “attendees discussed good progress on SOx IT testing.”
Such briefings between external auditors and executives are common because much of auditing ultimately comes down to a judgment call — the external audit firm decides whether it believes its concerns should be public, or only discussed with management.
Deloitte has shared its concerns with Boeing management, but because it decided the problem did not rise to the level of material weakness, it gave the company’s controls a clean bill of health in public documents filed with the Securities and Exchange Commission.
When it comes to telling shareholders all that it should, Deloitte does not have a spotless record, according to government records.
The Public Company Accounting Oversight Board, which was created by the Sarbanes-Oxley Act, inspects audit firms by reviewing samples of their work.
In the three reports the board has published on Deloitte, it has questioned dozens of decisions that made audit results appear rosier. In 2006, the board criticized one Deloitte audit for certifying information technology controls that the firm had not sufficiently tested. The company being audited was not identified, and Boeing said it was not the firm.
Experts said Boeing is not alone in its struggles, although the extent of other companies’ information technology compliance problems is not known.
In fact, law or no law, computer security is a “monster,” audit expert Jack Champlain said.
“I’d be afraid to be a CEO and have to sign off on a SOx certification,” he said. “They are hoping beyond hope that it’s secure, but there’s no way they would know.”
Do general computer controls matter? Experts say yes.
Tootle likened a company’s financial statements to an apartment, and the general computer controls to the foundation and building that houses it.
“Your unit 4C on the fourth floor may be perfect, but if the foundation and everything around it is worthless, then your apartment is worthless as well,” he said.
Sarbanes-Oxley, though painful, has forced business improvement at companies across the board, Tootle said.
“If you start from where they were to where they are now, you’d be hard-pressed to find anybody who hasn’t improved,” he said. “Now was it worth it? That’s another story.”
P-I reporter Andrea James can be reached at 206-448-8124 or andreajames@seattlepi.com. P-I reporter Daniel Lathrop can be reached at 206-448-8157 or daniellathrop@seattlepi.com.
Add comment May 10, 2008
Classified Document Operation-Boeing Employees Caught
CLASSIFIED DOCUMENT OPERATION INVOLVED CURRENT BOEING EMPLOYEES IN A … NETWORK OF SECRETS
By Christopher Hanson P-I Washington Correspondent
Thursday, March 8, 1990
Section: News, Page: A1
The activity that landed ex-Boeing analyst Richard Fowler in prison for illegal trafficking in classified Pentagon documents was part of a widespread operation involving hundreds of Boeing officials and secret libraries or repositories in at least five cities.
Although Fowler was the only Boeing employee tried and convicted for illegal trafficking, a Post-Intelligencer examination of company records and court documents, and interviews with dozens of federal investigators, government officials and former and current Boeing employees demonstrate that Fowler was not acting alone.
Previously undisclosed Boeing records show that at least 15 other executives, some still on the company payroll, did what Fowler did – obtained classified Pentagon documents and brought them to Boeing. Between 1983 and 1985 alone, other Boeing marketing executives obtained 75 secret reports, including sensitive internal memos to the chairman of the Joint Chiefs of Staff and Chief of Naval Operations, as well as reports that could have given Boeing inside information on the products of rival defense companies.
A Boeing spokesman said recently that the company has tightened its controls and that the government had found no evidence of wrongdoing either after 1985 or “by any current Boeing employee.” And while the company is still conducting an internal review, it said yesterday it had “derived some degree of assurance about the degree of … present employee involvement” from prosecutors who concluded that only Fowler should have been prosecuted.
But an examination of logs from Boeing’s Rosslyn, Va., office indicates that among those who obtained secret documents without required receipts were Washington-based executive Dennis Zeug-schmidt, who brought in nearly 30 Navy documents for which no receipts could be found in Boeing’s files; Sylvester Berdux, based in Washington, who brought in some of the Army documents on the list; Hank Tucker, also based in Washington, who brought in several Air Force documents; Mike Coleman, a Seattle-based executive who acquired at least one Air Force document; and Donald Adams, based in Ogden, Utah, who acquired five Defense Department reports.
Boeing officials argue that receipts may not have been necessary when obtaining documents, and that the company did not always retain them. But federal prosecutors and Pentagon officials said during Fowler’s trial that Defense Department receipts were in fact required and kept on file by the company.
Richard Smith, special agent with the Defense Criminal Investigative Service, a Pentagon police agency that probes allegations of criminal violations in the defense industry, acknowledged that others in Boeing besides Fowler had acquired documents without authority and that the U.S. attorney had agreed not to prosecute them in exchange for their cooperation.
In addition, government investigators say more than 300 Boeing officials were involved in the operation in other ways, including reading the documents, transporting them, giving them to other Boeing employees or acting as custodians of the documents. Among them were at least one division president and at least three division vice presidents, Boeing records show.
Company logs and other records were examined in the federal courthouse in Alexandria, Va. They were on file with other exhibits from the Fowler case.
An unspecified number of Boeing officials were named by a federal grand jury as unindicted co-conspirators in the Fowler case, but federal attorneys chose not to prosecute them. They have not been publicly identified, and Boeing said it does not know who they are.
Other Boeing document-gatherers were not prosecuted because they had cooperated with investigators and had brought in far fewer documents than Fowler, sources say. Other factors were a five-year statute of limitations, and the fact that prosecutors were less interested in other Boeing officials than more egregious violators from other defense firms. Finally, a major target of the investigation of the defense industry was employees in the Pentagon who leaked the secret documents, rather than those who received them.
“You end up immunizing people because you want their testimony to convict someone else and the statute of limitations was a very real concern in this case,” said one source close to the investigation.
Investigators say illicit document-gathering seemed to come to a halt in 1985, meaning that the statute of limitations has expired or is about to expire for others who brought in documents without authority.
Under that sort of time pressure, “you have to make tough choices” on whom to indict, said Randy Bellows, the assistant U.S. attorney who prosecuted Fowler.
However, Michael Costello, special agent in charge of the Washington, D.C., office of the Defense Criminal Investigative Service, said that because illegal trafficking did not come to a halt until September 1985, prosecutors would have until at least September of this year to indict additional violators.
Under some circumstances, he said, there would be even more time to prepare an indictment if the documents were acquired as part of a conspiracy and if other acts in furtherance of that conspiracy, such as the destruction of documents, took place later on.
One legal expert said that alleged conspirators whose last illegal act was performed more than five years ago could, in theory, still be indicted if others in the conspiracy committed illegal acts more recently – but that securing a conviction would probably be difficult.
It was almost impossible to prove that Boeing executives who used the documents knew they were acquired illegally, investigators said.
Smith and Costello said it would be illegal – conspiracy to defraud the government or conspiracy to traffic in documents – for someone to read a secret document, or transport such a document, if the user knew it had been obtained illegally. The problem, they said, was proving that knowledge.
Costello said that more than 300 Boeing employees “might have been in complicity, but this is the real world and you can’t prove it.”
And, using a drug enforcement analogy, he added: “You don’t go after the guy dealing on the street corner, you go after the supplier.”
Costello said investigators did not pursue document gatherers other than Fowler because of time constraints and because Fowler appeared to be the chief abuser at Boeing.
Smith said a problem with moving against the users of the documents was that the documents were regularly destroyed by Boeing and investigators later could not determine if the cover sheets and markings indicated that they were not releasable to contractors.
When Boeing pleaded guilty last November to two counts of accepting illegally obtained documents from Fowler, U.S. District Court Judge T.S. Ellis III questioned why other Boeing officials had not been held accountable for using classified documents.
“For a group to know they have these documents and take no action is fairly arresting,” Ellis said.
Fowler, who was incarcerated in a federal prison camp in Petersburg, Va., following his December conviction, remains bitter and convinced that he was a “fall guy.”
“Not all documents on file in Seattle were obtained by me,” said Fowler. “It was common practice for all marketing reps in Boeing throughout the country to provide this data. Yet … you won’t see a low-, medium-, or high-level official from Boeing come forward in my behalf.”
Boeing fired Fowler after the Pentagon began a full-scale probe of Boeing in 1986. He was the only Boeing employee dismissed in the affair, in which the company last November plea-bargained, pleading guilty to just two counts of accepting documents from Fowler (it actually accepted hundreds) and paying $5.2 million in fines and restitution.
As was the case with the documents illicitly obtained by Fowler, the 75 documents obtained by the other Boeing marketing executives between 1983 and 1985 did not have Defense Department receipts that prosecutors and Pentagon officials say are required to show that the release of secret documents was authorized, according to Boeing records.
The U.S. attorney’s office says any secret document authorized for release must be accompanied by a Defense Department receipt. But there were no receipts for the 75 documents in Boeing’s 1983-85 “incoming receipt” records on file with the court.
Prosecutor Bellows told Fowler’s jury the absence of receipts was a strong “indicator” secret papers had been acquired without authority because “no one who gave Mr. Fowler documents was willing to put pen to paper to acknowledge he had given him the documents.”
Fowler says forgoing receipts was a way of avoiding a paper trail that would have allowed his sources to be identified. “You are keeping that guy off of a potential hot seat,” he said.
Zeugschmidt, the Boeing marketing executive who brought in nearly 30 Navy documents for which no receipts could be found in Boeing’s files, said each document was acquired legitimately.
“Every document had a receipt and every document was linked to a contract,” meaning that Boeing had a genuine need for the information, he said. If the receipts were not in the files, they must have been misplaced, he said.
Berdux of the company’s helicopter division, who brought in some of the Army documents on the list, said if they had no accompanying receipts it meant the Army had not required receipts.
Tucker would not comment on the documents he had obtained, referring questions to the Boeing public relations office. Coleman also declined comment.
Many of the documents were internal Department of Defense memos, drafts, plans and budget projections – all of which should have been off limits to Boeing and other defense contractors, according to Pentagon and corporate sources.
“It just makes you sick,” said one veteran Pentagon official, who was shown the list of 75 documents obtained by the Boeing executives. “These are terrible.”
The Pentagon official, who has years of experience in the defense aerospace field, said Boeing definitely should not have had 54 of the 75 documents. Another 16 were questionable at best, he said.
He said internal Defense Department memos should not have been given to contractors because they could reveal the military’s hand prematurely and “could also have sensitive (weapons) performance information that may give Boeing an advantage, help it learn about competitors’ products.”
One “definite no-no,” he said, was a Jan. 28, 1985, Army “acquisition plan” for special operations helicopters. Acquired by Boeing just two days after it was written, this document could have given the company an advantage over competitors by revealing to Boeing what helicopters the Army wanted to buy.
A January 1984 Navy report comparing the Boeing E6 communications plane with the EC-130, built by Lockheed, should not have been released because it might have given Boeing inside information on a competitor’s system, he said.
And an August 1984 “Memo for Director, DARPA (Defense Advanced Research Projects Agency) – Technology Initiatives,” might have provided Boeing advance information about weapons systems on the drawing board, giving it a potential leg up in contract bidding.
“It’s almost inconceivable to me that (release of this document) could have been authorized,” said a military expert who recently left one of the highest posts in the federal government.
He said Boeing might “conceivably” have had a legitimate reason to possess some of the documents on the list, to help it carry out existing contracts, but only if a Department of Defense program manager had authorized release.
Costello, however, said that of the 75 documents, the ones relating to budget plans were clearly off limits to Boeing. “If it was an internal document, classified secret, with limited distribution, you have to assume it was not authorized for release to contractors. That would be my assumption.”
KEY EVENTS IN CASE
March 1978: Richard Fowler joins Boeing’s Rosslyn, Va., office outside Washington, D.C., after a career as a civilian Air Force budget analyst. He was hired to acquire secret budget documents, according to the U.S. attorney.
1978-1985: Fowler brings in hundreds of secret reports, which are recorded in a special Boeing log. Other executives also bring in secret documents. Defense Intelligence Agency (DIS) inspectors periodically check the log but raise no objections.
December 1985: DIS agents find several questionable budget documents in Boeing’s Huntsville, Ala., office and begin an investigation. The documents are traced to Fowler.
January 1986: After more questionable documents are found in Boeing’s Rosslyn office, the DIS suspends the office’s security clearance. Fowler declines to identify his Pentagon sources.
March 1986: Boeing tells the DIS it has tightened procedures to prevent further acquisition of unauthorized documents. But Boeing Vice President Boris Mishel argues that the company had a legitimate need for the information Fowler brought in.
April-June 1986: Security clearance of Boeing’s Rosslyn office is reinstated, but the DIS presses Boeing to persuade Fowler to reveal his sources. The DIS suspends Fowler’s security clearance.
June 16, 1986: Fowler wins Boeing Aerospace Co. “marketing employee of the quarter” award. His boss, marketing executive Paul Demetriades, sends him a letter of congratulations.
June-August 1986: Demetriades sends a letter urging Fowler to cooperate with investigators and reveal his sources. Boeing internal security investigators press Fowler to do so.
Sept. 8, 1986: Fowler is fired by Boeing. His termination letter is signed by Demetriades. Fowler’s comment on the termination papers: “It’s been a great eight and one-half years working for this fine company.”
1986-1989: Investigation of Fowler by the Defense Criminal Investigative Service (DCIS) and the U.S. attorney in Alexandria, Va.
Aug. 15, 1989: Fowler is indicted on 39 counts for illegal trafficking in secret documents.
Nov. 13, 1989: Boeing pleads guilty to two felony counts for accepting documents from Fowler, pays $5.2 million in fines and restitution. Court admonishes Boeing for failing to send a top executive to the proceeding.
Nov. 14, 1989: Air Force suspends Boeing’s Rosslyn office from bidding on government contracts. Analysts say the move is a slap on the wrist because other Boeing offices still can bid.
Nov. 16, 1989: At court’s urging, Boeing Chairman Frank Shrontz sends a letter to the court apologizing for the company’s conduct.
December 1989: Fowler is convicted after a four-day trial in U.S. District Court in Alexandria, Va. Jury deliberates only two hours. Fowler is then called before a grand jury, refuses to identify his sources, and is sent to jail for contempt of court for up to nine months.
Jan. 12, 1990: Fowler is sentenced to two years for his felony conviction.
Feb. 23, 1990: The Air Force lifts its contract bidding suspension, allowing Boeing’s Rosslyn office again to seek Pentagon business. Shrontz says the actions that had led to the suspension had occurred “in the early 1980s” and that they could not take place today because of new safeguards. He said the suspension was unwarranted.
i m h
Add comment May 10, 2008
Archive: Book Cooking at Boeing
Onward and Downward
Book Cooking at Boeing
By JEFFREY ST. CLAIR
Early this summer, a top Wall Street stock picker issued a glowing report about Boeing: buy, buy, buy. The unusually rosy assessment for the troubled company had nothing to do with the need to replenish the Pentagon’s arsenal of cruise missiles depleted by the Iraq war or the Bush administration’s drive to implement Star War, both of which will net Boeing billions. No, this analysis, written by Heidi Wood, a vice-president at Morgan Stanley, pointed to “a no risk” risk deal with the federal government to lease 100 Boeing-767 tanker aircraft.
According to Wood’s report, the deal will generate $2.3 billion in profit for Boeing. To put this in perspective, that’s about as much profit as Boeing reaps for the sale of 1,033 of its 737 commercial airliners. From Boeing’s perspective, the great part of the tanker deal is that the company has few obligations, yet the government is locked into the leases, even if it proves that the Pentagon doesn’t need the planes. Boeing is guaranteed a 15 percent profit on each plane it delivers. “There’s substantially less risk than is common in the commercial aircraft market,” Wood wrote.
Wood should know what she’s talking about. The Wall Street Journal calls her the top stock analyst in the Aerospace / Defense sector and she also serves as a Bush appointee to the Commission on the Future of the US Aerospace Industry.
Under the deal approved by the Pentagon last month, Boeing will convert 100 B-767s into military refueling tankers. It’s quite a coup, because many Air Force generals have said that the planes aren’t needed, an assessment backed up by a Government Accounting Office investigation.
There are currently 545 KC-135 tankers in the Air Force fleet. More than 400 of them are new, fully upgraded “R” models. The other 134 tankers are older “E” models that some inside the Pentagon and the Congress are anxious to replace with the leased planes from Boeing.
On the surface, the Boeing proponents appear to have an argument: the E tankers are aging. Most of the planes are 35 years old. However, the Air Force primarily assesses the life span of planes based not on age but on flight hours. The engines for the “E” model has a projected life of 36,000 flying hours. A 1995 GAO report revealed that the majority of the “E” tankers have accumulated about 13,000 hours. The report projected that not one of the tanker planes in the fleet would reach its limit until 2040. The new plan is to begin replacing the E tankers with the Boeing planes in 2006.
Even if the Air Force decided it needed to upgrade the engines on the E planes sooner, because of added usage and stress from the wars in Afghanistan and Iraq, it would be much cheaper to simply upgrade the engines instead of entering into a lease arrangement with Boeing. The GAO estimates that the entire fleet of “E” tankers could be upgraded with “R” engines for about $3.6 billion. This is more than seven times cheaper than the $26 billion the Air Force will have to fork out for the Boeing commercial tankers.
Despite the fact that Boeing famously fled Seattle to set up its new headquarters in Chicago, the tanker lease deal was engineered through the tireless work of the Washington State congressional delegation, led by Sen. Patty Murray and Congressman Norm Dicks. Wood, who demonstrates a sophisticated understanding of the political economics of the Beltway, cautions investors that Boeing may need to demonstrate its gratitude to the Washington delegation by agreeing to locate some of its manufacturing plant for the new 7E7 commercial jet in Seattle rather than in a more corporate friendly environs.
“A subtle negative may be the payback required considering political capital BA [Boeing] has expended to land the tanker deal,” Wood warned. “Now the company is somewhat beholden to its hard-working Washington constituency. This may limit some of the latitude the company would probably like to have in deciding where to build the 7E7, adding pressure to keep some of the 7E7 work in expensive, union-dominated Seattle.”
Of course, the congressional delegation couldn’t have prevailed on its own. Boeing got some vital help greasing this deal from the inside as well in the form of Darleen Druyun, a top Air Force official who called herself the Godmother of the C-17-the troubled air transport plane made by Boeing. According to Pentagon sources, she helped craft the tanker deal, fought off skeptical Pentagon accountants and auditors, worked the appropriations committees and, finally, when it all seemed nicely tied up, retired from the Pentagon and joined Boeing as an executive vice-president, where she now supervises the company’s interests before congress and the Pentagon.
Druyun is not the only Pentagon powerbroker to be recruited into Boeing’s corporate hangar. Recently, Boeing’s board has boasted both former Defense Secretary William Perry and John M. Shalikashvili, at one time the chairman of the Joint Chiefs of Staff. In 2001, Boeing also hired Rudy de Leon, Clinton’s Deputy Secretary of Defense, to run its Washington office. Although De Leon is known as a hawk and a masterful dealmaker, his hiring may have been a rare misstep for Boeing, since congressional Republicans howled that the company should have picked one of their own from the Pentagon’s rolls.
It’s just this kind of zealous devotion to political payback and behind-the-scenes influence peddling that has landed Boeing in a rare spot of trouble. According to a one paragraph item in Reuters from early June, the Inspector General of the Air Force has opened an investigation into Boeing whether or not Boeing should be debarred from bidding on contracts with the federal government. The probe stems from allegations that Boeing executives received proprietary information from Lockheed concerning bids on Pentagon contracts.
The Lockheed affair is not Boeing’s only transgression. The Project on Government Oversight, a DC-based Pentagon watchdog group, reported last year that since 1990 Boeing has committed more than 36 violations and has been forced to pay more than $350 million in fines, penalties, restitution and settlement. Among the more recent allegations:
Boeing placed defective gears in Chinook helicopters;
Company officials offered bribes to officials of the Bahamas government as a means of securing a contract;
Produced a defective safety system for the Apache helicopter;
Misrepresented the progress of clean-up at Rocky Flats nuclear weapons site; Charges from the State Department that Boeing violated the Arms Export Control Act and International Traffic in Arms Regulations-more than 100 instances are cited;
Accused of civil rights violations in hiring and salary practices toward blacks and women;
Routinely mistated labor costs and exaggerated overhead costs.
These are serious charges of criminal and civil malfeasance, some of which Boeing didn’t even dispute. Yet, despite the rap sheet, Boeing has never been suspended or debarred from bidding on contracts since 1990. Federal contract guidelines require that contractors to the government sanction violators and only award contracts to “responsible” contractors with a record of “integrity and business ethics”.
Of course, Boeing is hardly alone in getting a pass from these high-minded rules. In the past decade, out of the top 50 defense contractors the Pentagon has only suspended the contract privileges of only one major company, General Electric Avionics Division, and that lasted for only five days.
Even so, some in Congress aghast at the mere possibility of a crackdown on cheating contractors make haste to loosen the rules even further. At the behest of Boeing and other big contractors, Rep, Tom Davis, the Virginia Republican who chairs the House Government Reform Committee, has just introduced legislation that will unravel many of the key provisions governing the regulation of Pentagon contracts.
One of the changes proposed by Davis is for the Pentagon to shift to so-called Time and Material and Labor Hour contracts, where the weapons firms would get paid for how much time they spent working on a project rather than by such standards as to whether they completed it on time or according to code. This amounts to a blank check without any incentive ever finish the job. Davis even includes a provision that would prohibit government auditors from examining the contractor’s billing records.
The congressman, who once won a Harvard rock trivia contest by correctly identifying the Blues Magoos as the group that performed the 1966 hit “(We Ain’t Got) Nothin’ Yet, also wants to expand the use of Share-in-Savings Contracts, a kind of Enron-style financial speculation that allows contractors to be lavishly reimbursed for investments in infrastructure upgrades, such as computer systems. The companies are allowed to charge the government for “efficiency savings” over the lifetime of the contract. But even the Bush administration is skeptical of such claims. In hearings before Congressman Davis’s committee last year, Angela Styles, the chief procurement analyst for the White House, testified that her office had examined dozens of the contracts and “we have seen no real savings.”
The program is so ripe for fraud that one expert in defense contracts compared it to the savings-and-loan scandal. “Share-in-Savings contracts could propagate problems similar to those that accompanied deregulation of the government-insured savings-and-loans institutions or procurement of defense spare parts in the 1980s by sole-source contracts,” says Charles Tiefer, a professor at the University of Baltimore School of Law.
The biggest prize for the defense contractors is Davis’s plan to scrap key provisions in two hated laws: the Truth in Negotiations Act and the Cost Accounting Standards Act. Back in the late 1960s, Senator William Proxmire teamed with Admiral Hyman Rickover to standardize accounting procedures for defense contractors during the spending frenzy of the Vietnam War. They also set up a board to oversee the enforcement of the standards and deflate the complex accounting tricks of the defense contractors which were costing the government more than $6 billion a year.
The Truth in Negotiations Act forced weapons manufacturers to come clean with the true basis of their pricing and cost data. Under current guidelines, defense contractors must comply with TINA for any contract over $550,000. Davis’s measure would effectively gut the bill by making the reporting requirements apply only to contracts involving more than $200 million.
After the defense industry consolidation frenzy of the 1990s, many Pentagon contract offerings now receive only one bid. To allow the defense companies to set their own accounting and pricing rules in this sole-source environment is to invite the kind of runaway fraud last seen in the procurement scandals of the 1970s and 1980s. It’s one way to jumpstart the economy. No wonder Wall Street’s bullish on Boeing.
[Postscript: This article was written in June. On July 25, the Pentagon announced that it was prepared to impose sanctions on some of Boeing's subsidiaries for contract fraud. This is the first tiime in more than a decade that the Pentagon has taken action against one of its prime contractors. The terms of the sanction have not yet been announced. But don't expect the sentence to be too harsh. The last time the Pentagon barred a big contractor from bidding on new contracts the ban only lasted five days. --JSC]
Jeffrey St. Clair is author of Been Brown So Long It Looked Like Green to Me: the Politics of Nature (Common Courage Press) and coeditor, with Alexander Cockburn, of The Politics of Anti-Semitism (AK Press).
Add comment May 10, 2008
(320)12.jpg){kind=link}
