< PreviousA PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES 20 JULY | AUGUST 2021 the value examiner The vast majority of these fines (84 percent), focused on data security (access). Data was not secure enough to prevent unauthorized people, either internal or external, from accessing it. In many states, unauthorized access is the definition of hacking in the criminal code. Fines for this kind of access provide a regulatory action for the same behavior and may provide a civil cause of action for victims. As organizations store increasing amounts of data, their risk for a cybersecurity incident involving that data increases and we have known that since at least the 1980s. Data hoarding is high-risk behavior for an organization and it increases the criminal prosecution risk for individual employees. Of the access category, 99 percent of the fines were levied on two organizations: Marriott International and British Airways, both of which suffered external data breaches that generated liability to their customers and vendors. Processing fines are levied against organizations that analyze, connect, or convert data in a way that was not disclosed properly or for which the organization did not get effective consent. To avoid fines like these, organizations should assess the reality of their own stored data. Do they really need to know the names and physical addresses of their customers? Probably not. They could assign numbers to them and store a matching file separately, if at all. Do they really need to know who visits their website and what they do there? Probably not. If an organization is not actively making decisions that impact its operations on a regular basis based on that data, the risk of storing it may now be too high. Storage increases the risk of unauthorized access. Storage is the baby brother of access; fines levied for storage have been imposed on companies that fail to delete data from old systems (such as Morgan Stanley) or put personal information out on the internet when they should not, but have not suffered a data breach perpetrated by an external actor. Fines for usage have been levied on a company that sent millions of email marketing messages to customers without consent from those customers to use their data in that way. Another example is a company that accessed users’ audio and GPS data for use in detecting unauthorized broadcasts of a sporting event. The company matched the users’ audio against an audio marker in the broadcast, but never told users that it would be using their data in that way. This kind of behavior is very similar to pretexting—the company Figure 1: Fines Levied Prior to July 2019A PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES the value examiner JULY | AUGUST 2021 21 pretended to be a sporting event app, when really it was gathering evidence to be used in prosecution. That kind of behavior, such as gathering evidence for litigation, requires special licensing in many jurisdictions and conducting unlicensed activity carries a separate civil, and possibly criminal, liability. In Texas, for instance, conducting an investigation requires a private investigator license and an active investigative engagement. An individual investigator cannot gather evidence, such as audio and GPS data from a device, without meeting very specific requirements demonstrating his or her authority to engage in such activities. Companies that violate these regulations and use their apps in pretexting may be held liable to consumers or prosecuted under the criminal code. Some of these fines are levied on a per-record basis. In California, the consumer portion of fines for a data breach is $750 (paid to the consumer, with some exceptions and options for increasing it to $1,500); this amount can add up to a large number for some companies. As discussed below, however, for some large companies, the profits earned on consumer data are substantial enough that the reward outweighs the risk. Current Developments in GDPR Fines Today, we have new information about fines levied under GDPR, and it indicates a new direction for the data protection industry. Figure 2 identifies two new categories for fines levied through December 2020: gathering and policy. Figure 2: Fines Levied through December 2020 Three of the original categories—access, processing, and storage—increased by less than 10 percent since mid-2019, while fines levied for usage increased by 87 percent. Gathering is the largest new category and consists of fines levied on two large tech companies, Amazon and Google, which were fined $42 million and $120 million, respectively, by regulators in France for tracking cookies without consent. 2 Policy is arguably the most interesting category for GDPR. These fines are levied against 2 Cookies are bits of code embedded in websites that allow those websites to store information about users while they are visiting a site and may allow them to store information about users’ online behavior even after they leave. GDPR is the main reason for all those little pop-up windows that now appear on websites across the internet. Those windows are the website’s way of obtaining consent. A PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES 22 JULY | AUGUST 2021 the value examiner companies with poor policies in place for data protection and cybersecurity prevention, even though they may not have suffered an internal or external breach. Fines for policy failures are increasing, but they are preventable for a relatively low cost. Google was fined $8 million by regulators in Sweden for failing to incorporate right-to-be- forgotten steps into its data protection plans. Belgium then levied fines against Google for the same thing. According to the Swedish Authority for Privacy Protection, Google failed to have a plan in place, failed to implement that plan (by default, because it did not exist), and failed to implement basic risk management controls in its data protection plan. Almost all risk management frameworks follow the same basic structure: have a plan in place, follow the plan when something happens, identify when a new plan is needed, and have ways to prove it all along the way. If an organization fails at step 1, having a plan, everything else fails as a result. Fortunately, the cybersecurity framework required for all U.S. federal agencies and their contractors is freely available. The National Institute for Standards and Technology (NIST) provides a largely ready-made cybersecurity framework, with fill-in-the-blank style controls (https://www.nist.gov/ cybersecurity). The NIST has even taken the time to narrow the framework for small businesses and provide a large knowledge bank of resources for the least technical among us. There are other frameworks out there but none of them are required by Executive Order so for most organizations it makes sense to follow one the U.S. government uses to secure our critical infrastructure and maintain our national security. Cyber Houston, an organization that grew out of the recognition that the city of Houston was at risk of a cybersecurity incident, in addition to natural disasters, produced an even more readable version of NIST’s Cybersecurity Framework, complete with checkboxes and a scorecard. The framework is available for free at https:// assess.cyberhouston.org/. Organizations should not visit this website and just check the boxes. They should use the assessment to determine where they need to improve their cybersecurity controls. In addition, a cybersecurity assessment should be considered to support adjustments in a business valuation. Given the ready availability of these cybersecurity frameworks, there is little excuse for organizations to fail to develop data protection policies, a key component of a robust cybersecurity program. Data gathering and policies around data protection, before an organization ever begins to store data, are now coming into regulators’ focus. A cybersecurity assessment has three major applications: to develop a cybersecurity policy, to support business valuation adjustments, and to support due diligence in mergers and acquisitions. This third application is also critical to avoiding fines for cybersecurity failures. For example, Marriott failed to properly audit Starwood’s cybersecurity and data protection efforts before it acquired Starwood—and that failure resulted in a massive breach and one of the highest fines levied to date. Risk versus Reward Over $640 million in fines have been levied to date, but that number still pales in comparison to above-board profits. It also pales in comparison to the below-board market for consumer data. In 2016, an investigation concluded that employees at the Jackson Health System in Florida inappropriately accessed health records and sold some of them in an online marketplace. Insider threats (e.g., disgruntled employees) went unchecked and unmonitored by the organization’s risk management program—a failure of internal audit, a failure of cybersecurity access and network controls, and a failure of fraud risk management. The health record firm paid about $90 per breached record in fines; however, just one of those medical records could be sold for $500 and it could be sold repeatedly. Figure 3 shows the cost per record that recently breached firms have been fined. The colored bubbles to the right show the revenue generated from one sale of one record in an online marketplace for illicit goods. Figure 3 highlights the fact that fines, as high as they are, provide little incentive for large organizations to protect the data they store. Arguably, the fallout from bad press incentivizes a company to protect customer data, but people still shop at Target and Home Depot, Google Chrome still has the largest browser market share, and many other companies that have experienced data breaches are still around, with little to no impact on their bottom lines. In fact, Experian, a competitor to Equifax, recently released an app that can increase one’s credit score by virtue of downloading it and sharing even more information with Experian. Rather than reducing the amount of data it stores and decreasing its risk of a breach, Experian has expanded its data gathering practices, illustrating that these fines may not be effective incentives for data protection for large data brokers. At the same time, however, cybersecurity fines can be devastating for small and mid-sized organizations engaging A PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES the value examiner JULY | AUGUST 2021 23 in the same behavior. In fact, the failure to disincentivize large organizations arguably increases smaller organizations’ third- party risks if they rely on large service providers to process or store their data. Cybersecurity insurance is available, but policies may restrict coverage to exclude internal actors and limit coverage to specific costs. Many cybersecurity issues have an internal component that may be difficult to identify as external to overcome the internal exclusion. Conclusion Given the changing focus of cybersecurity regulations, business valuation practitioners should assess cybersecurity risk as a normal part of the valuation process. They should take steps to assess whether valuation subjects have adopted best practices in cybersecurity—including conducting a risk assessment and adopting a robust cybersecurity framework. I will explore these subjects in future articles. VE Dorothy Haraminac, MBA, CFE, MAFF, PI, encourages collaboration and transparency in the investigative industry to engender strength in best practices and propel the industry forward. She provides consulting and testimony in criminal and civil litigation, including complex commercial disputes as well as matrimonial disputes. Her firm provides risk management for physical and digital asset security, including executive extraction, risk assessments (fraud, cyber, and traditional), and process recommendations. Ms. Haraminac’s expertise includes traditional and cryptocurrency asset tracing, oil and gas operator disputes, royalty interest disputes, fraud examinations, IP and trade secret theft, lost profits, and other economic damages. She used financial forensics to develop and testify to her expert opinions on cryptocurrency assets held by and on behalf of an individual, becoming one of the first U.S. court-qualified experts on bitcoin asset and cryptocurrency tracing. Ms. Haraminac showed that accounting records released through a data breach were, in fact, business records and could be relied upon to determine asset concealment. Ms. Haraminac is also an adjunct professor of cyber engineering at Houston Baptist University (HBU) and serves on the advisory board for HBU, where she provides industry insight and builds strategic partnerships. She serves as chairman of the Litigation Forensics Board for the National Association of Certified Valuators and Analysts (NACVA), where she provides insight on maintaining standards and credentials. Ms. Haraminac also volunteers her time to train law enforcement, attorneys, and executives on cybercrime risk, blockchain compliance and implementation, and gathering evidence in emerging technology, such as bitcoin, cryptocurrency forks, and other blockchain tokens. She received the Houston ACFE Speaker of the Year award and was recognized as one of NACVA’s 40 Under Forty honorees in 2019. Email: dorothy.haraminac@greenvetsllc.com. Figure 3: Costs per Record BreachedA PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES 24 JULY | AUGUST 2021 the value examiner VALUATION /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Letters to the Editor T he following letter is in response to “A Call for Industry Specialization: An Academic Perspective on the Importance of Qualitative Research,” by Kipp A. Krukowski, PhD, CVA, ASA (retired), and Lawrence Justin White, Jr., PhD, CVA, which appeared in the May/June 2021 issue of The Value Examiner. The authors’ response follows. In Defense of Generalists To the Editor: I am not sure of the intended audience for Messrs. Krukowski and White’s article. The introduction states that “the purpose of this article is to highlight the advantages of specialization in business valuation.” It provides some examples and ends with a challenge to the valuation industry to “collectively develop a standard for when a specialist is needed.” The authors’ discussion of combining qualitative and quantitative information as a basis for concluding as to a company’s or an interest’s value is informative. A well-written valuation report will tell a story and lead the reader to agree with the analyst’s conclusion. I have read many valuation reports that are nothing more than a dump of information obtained from various sources to check the boxes of the report writing standards. There is no explanation as to how this information relates to the conclusion of value. This type of report is sometimes generated from a service that allows the analyst to enter the numbers and push a button. If these analysts are the audience for the article, then the authors provide good guidance. Every business exists in an industry and an overall economic environment. The numbers do not tell the whole story. However, I would be the first to stand up against any effort by the valuation industry to develop a standard for when a specialist is needed. The authors do not explain how this would be accomplished or what industries would require a specialist. The multitude of available credentials is already confusing to the public. Would lack of a “specialist” credential preclude an analyst from accepting an engagement? As the authors note, professional ethics standards require an analyst to consider whether he or she has the expertise to accept an engagement or can gain that expertise. How is one to become a specialist in an industry unless one first performs a valuation in that industry? When accepting an engagement in an unfamiliar industry, most analysts consult other analysts with specific industry experience. It is easy to find such experts, as they have written books and articles and presented CPE webinars. In my experience, they are willing to provide guidance or even review a report. The authors refer to sources like First Research, IBISWorld, and the Business Reference Guide. They seem to imply that these sources are not sufficient; that the analyst needs “industry experience and specialization to enable the practitioner to dissect answers to industry-specific questions.” The examples presented in the article do not bolster their argument for specialization. I compared information provided in the First Research reports for each industry example to the “unique business characteristics” presented in the article. The First Research reports include all the points raised in the examples. Information from these reports, combined with general business knowledge, can provide the analyst with the ability to challenge assumptions provided by the company and advisors in these industries. I cite First Research here because it is the source I use. Their reports provide a list of interview questions as well as industry background data, financial metrics, and references for further research. IBISWorld is similar. The Business Reference Guide is helpful for Main Street businesses and franchises but it is not as detailed as the other two and should not be relied upon as a single source of industry research. For bars and restaurants, First Research reports: To open a bar or nightclub, a location must have proper zoning from local government. Community resistance to new bars and nightclubs is common due to anticipated problems with drunken patrons, noise, and A PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES the value examiner JULY | AUGUST 2021 25 parking issues. Companies may need both a standard liquor license to sell alcohol, and a pouring license to serve alcohol for consumption on-premise. Multiple types of liquor licenses dictate what types of alcohol a bar can sell, and the availability and cost of licenses can vary greatly. Licenses to serve beer and wine tend to be less expensive than to serve hard liquor. Some communities issue a limited number of liquor licenses, and companies may have to buy one from an existing licensee. Local municipalities may also require an entertainment license to provide TV programming, live music, or dancing. Local laws typically dictate days and hours of operation. 1 For Manufacturing—Machine Shops, First Research reports: How many shops does the company operate? Very few companies have more than one operation. What types of machinery does the company have? Drill presses, lathes, milling machines, and machining centers are typical, and come in many varieties. What sorts of work does the company specialize in? Many shops own machinery with special applications. How large a geographical area does the company serve? Because of the need for close technical consultation with customers, the geographical area served is usually small unless the company provides highly specialized work. What end-use industries are major customers? 2 For Amusement and Theme Parks, First Research reports: Amusement park operators offer various types of rides such as roller coasters, tower and “kiddie” rides, and water slides...Rides, shows, shops, and food outlets are generally intermingled to encourage cross selling. 1 First Research, Bars and Nightclubs, industry profile (Dun & Bradstreet, March 29, 2021). 2 First Research, Machine Shops, industry profile (Dun & Bradstreet, April 26, 2021). A typical park is spread over 100 to 300 acres; flagship parks that include hotels and multiple attractions such as water parks and safaris may be several hundred to thousands of acres. Many parks operate only for a portion of the year because of weather. Parks open year-round may also operate hotels, stores, condos, golf courses, or other facilities in the vicinity...How much land is owned at each site? Is there room for expansion? A large park may sit on 100 to 300 acres; regional parks that include multiple attractions such as water parks and safaris may have a thousand acres or more. 3 Information from the above-mentioned sources—coupled with common sense, overall business knowledge, good financial information, and open access to management— is sufficient to allow a “generalist” to provide a credible valuation in these industries. Had the authors used examples like hospitals, banks, or oil and gas drilling companies, they might have made a stronger argument. Those of us holding business valuation credentials are professionals and should have the leeway to decide whether we are competent to accept an engagement. Specialization happens organically as an analyst becomes known in an industry by performing valuations, writing, making presentations, and posting on social media, and through word of mouth. There is no need to add more credential letters to the existing alphabet soup. — Judith H. O’Dell, CPA, CVA Judith H. O’Dell, CPA, CVA, is president of O’Dell Valuation Consulting LLC CPA, founded in 2002 and limited to business valuation and exit planning services. After a long career as an auditor and tax preparer, she obtained her CVA designation in 2000. Ms. O’Dell has performed valuation services for ESOP, divorce, estate, gift, succession, and litigation purposes. In the last three years, her practice has focused on valuations for ESOP transactions and annual valuations for ESOP companies. Ms. O’Dell serves on the Editorial Board of The Value Examiner and is the former chair of FASB’s Private 3 First Research, Amusement Parks and Arcades, industry profile (Dun & Bradstreet, May 24, 2021). A PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES 26 JULY | AUGUST 2021 the value examiner Companies Financial Reporting Committee. She received the AICPA’s Special Recognition Award and Case Western Reserve University’s Braden Award for her role as an advocate for private company financial reporting. Ms. O’Dell has made numerous conference presentations and authored articles for professional journals. She holds a BA in Economics from Immaculata University and an MFA in Visual Storytelling from Maine Media College. Email: jodell@odellvalue.com. Authors’ Response To the Editor: We appreciate the opportunity to respond to the letter to the editor, “In Defense of Generalists,” submitted by Ms. O’Dell. Her response to the article highlights the importance of continuing the dialogue on the topic, as there are differing viewpoints among practitioners. We also appreciate that Ms. O’Dell agrees with our central argument that “numbers do not tell the whole story,” and that qualitative analysis enhances a business valuation. As we state in our opening paragraph, “We do not attempt to identify which industries or situations warrant the use of a specialist, or who should make that determination,” as this was not the intent of our article. To be clear, our article does not propose a solution that would involve a specialist to be credentialed, as implied by the letter to the editor. We agree with Ms. O’Dell that “the multitude of available credentials is already confusing to the public,” and though we are not recommending a solution in our article, a credential is not one we would endorse—unless the industry provides further evidence that this would be the best solution. Our article states that we are challenging the valuation industry to collectively develop a standard for when a specialist is needed. While we would like to believe most analysts consult other analysts for guidance, we believe many readers have reviewed reports where it appears that is not the case. And though we agree that in many cases experts are available and willing to provide guidance, that does not necessarily mean such practitioners seek such guidance. There are many reasons practitioners fail to consult others on business valuation projects, including tight turnaround times, low-margin projects, lack of a professional network, and fear of being viewed as incompetent. As Ms. O’Dell points out, our article does refer to sources such as First Research, IBISWorld, and the Business Reference Guide for secondary research. We are actually strong supporters of using these sources to help in understanding industries and to assist in developing questions for business owners and their representatives. While we list questions in our three industry examples, our point is that it is not just the questions that matter, but understanding the response to the questions, and then potentially asking follow-on questions to fully understand the response and the corresponding implications. Similar to the approach used by successful litigators, a series of questions are asked to clearly understand the response and true implications. For example, selecting one industry to illustrate, we can look at an issue that is plaguing some automotive manufacturers today—semiconductors. Semiconductors have affected production, which has a direct effect on sales, profitability, and, ultimately, valuation. Asking a manufacturer being valued whether the company has high supplier concentration is not enough. The manufacturer may respond that “no supplier makes up a significant percentage of the components we purchase.” But what if a small percentage of a vehicle consists of a single component that comes from one supplier—a question that may fall off the radar of many generalists. It is essential to ask whether any components are single-sourced and whether production is dependent on those components. One part of an automobile can, and has, shut down production. How can this risk be mitigated? Can the part be dual-sourced? Is there intellectual property preventing two sources? What if there is a fire at the plant where the part is made? Can production be shifted to another plant or are there unique toolings or molds that exist only at this plant or can be run only on specific machines? How much of the critical part is maintained in inventory? If new tooling needs to be manufactured, what is the lead time to produce it? How quickly can parts be made on the tooling afterwards, assuming that they need to go through the Production Part Approval Process (PPAP) and signed off on by the supplier quality engineer? The list of questions goes on, and it is highly likely they will not be listed in the secondary sources. (Note: One author was a buyer in global purchasing in the automotive industry and had to deal with such issues when a fire at a single-source supplier destroyed tooling that existed only at that plant.) While we agree that the listed secondary sources are useful in developing basic questions, the key is to understand the implications of the response and know what to ask next.A PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES the value examiner JULY | AUGUST 2021 27 The Value Examiner ® — Ma y /June 202 1 CPE Exam Earn five hours of NACVA CPE* by reading The Value Examiner and completing this exam. For CPE credit, visit www.nacva.com/valueexaminer and log in; or scan and e - mail to: CPE@NACVA.com; or fax to: (801) 486 -7500; or mail to: 1218 East 7800 South, Suite 302, Sandy, UT 84094 C ost: $ 80 .0 0 Name: Designations: NACVA Member #: Firm Name: IBA Member #: Address: City: ZIP: ❑ AMEX Expiration Date: ❑ Same, or State: ZIP: Certified Valuators and Analysts (NACVA) to , it may not be accepted by all state agazine meets their CPE riate in the tech industry because: The Value Examiner ®— January / February 202 1 CPE Exam Earn five hours of NACVA CPE* by reading The Value Examiner and completing this exam. For CPE credit, visit www.nacva.com/valueexaminer and log in; or scan and e -mail to: CPE@NACVA.com; or fax to: (801) 486 - 7500; or mail to: 1218 East 7800 South, Suite 302, Sandy, UT 84094 C ost: $ 80 .0 0 Name: Designations: NACVA Member #: Firm Name: IBA Member #: Address: City: State: ZIP: Tel: Fax: E - mail: Check # : (payable to: NACVA) or VISA MasterCard AMEX Discover Credit /Debit Card #: Expiration Date: Credit card billing address: Address: City: Authorized Signature ‡ ‡By signing, you authorize the National Association of Certified Valuators and Analysts (NACVA) to charge your account for the amount indicated. NACVA can also initiate credit entries to your account in the event a credit or correction is due. Your signature authorizes NACVA to confirm the above information vi a e -mail and/or fax and to use either for future communication. NACVA will not disclose or share this information with third parties. * This exam does not qualify for NASBA QAS CPE credit. Important note: Although this exam qualifies for NACVA CPE or accrediting organizations. Therefore, individuals should contact their state board or accrediting organization to determine if passing an exam after reading a book/magazine meets their CPE requirements. State CPE Sponsor #:_______________. Taking the Leap from Valuation Analyst to Value Growth Advisor By Kevin A. Papa, CPA, CVA, ABV, CVGA 1. When beginning a consulting engagement to assist a business in growing value, the consultant should: a. Analyze the company's h istoric financial statements for unusual activity b. Estimate the company -specific risk premium of the business c. Ask thought -provoking questions of management and require them to grade themselves d. Present an initial valuation analysis to the owner 2. A company wi th very low risk in the fundamental category of planning, will: a. Be ready to convert its ideas into a completed business plan b. Have many customers with consistent ordering history driving sales The Value Examiner ® — March /April 202 1 CPE Exam Earn five hours of NACVA CPE* by reading The Value Examiner and completing this exam. For CPE credit, visit www.nacva.com/valueexaminer and log in; or scan and e -mail to: CPE@NACVA.com; or fax to: (801) 486 -7500; or mail to: 1218 East 7800 South, Suite 302, Sandy, UT 84094 C ost: $ 80 .00 Name: Designations: NACVA Member #: Firm Name: IBA Member #: Address: City: State: ZIP: Tel: Fax: E -mail: Check # : (payable to: NACVA) or VISA MasterCard AMEX Discover Credit /Debit Card #: Expiration Date: Credit card billing address: Same, or Address: City: State: ZIP: Authorized Signature ‡ Date: ‡By signing, you authorize the National Association of Certified Valuators and Analysts (NACVA) to charge your account for the amount indicated. NACVA can also initiate credit entries to your account in the event a credit or correction is due. Your signature authorizes NACVA to confirm the above information vi a e -mail and/or fax and to use either for future communication. NACVA will not disclose or share this information with third parties. * This exam does not qualify for NASBA QAS CPE credit. Important note: Although this exam qualifies for NACVA CPE , it may not be accepted by all state boards Visit www.NACVA.com/ValueExaminer and log in to access an exam. Online exams are available for The Value Examiner issues from 2014 to current. You will be able to purchase, complete, and earn five hours of NACVA CPE* for each exam. You will instantly receive a certificate of completion for each exam you pass. Earn CPE Online by Reading The Value Examiner ® ! * This exam does not qualify for NASBA QAS CPE credit. Individuals should contact their state board or accrediting organization to determine requirements for acceptance of CPE credit. To learn more, please visit www.NACVA.com/ValueExaminer, or call Member/Client Services at (800) 677-2009. The Value Examiner CPE exam can now be taken online! We agree that “the above-mentioned sources coupled with common sense, overall business knowledge, good financial information, and open access to management” are important, but we submit that these factors are not always sufficient to provide a credible valuation. We believe that identifying the situations in which they are, or are not, sufficient warrants a continued dialogue among those in the valuation profession. — Kipp A. Krukowski, PhD, CVA, ASA (retired), and Lawrence Justin White, Jr., PhD, CVA VE Kipp A. Krukowski, PhD, CVA, ASA (retired), is a clinical professor of entrepreneurship at Colorado State University. Dr. Krukowski earned his PhD from Oklahoma State University, MBA from Carnegie Mellon University, and bachelor’s in mechanical engineering from Youngstown State University. He earned the CEPA designation from the Exit Planning Institute and CBI designation from the International Business Brokers Association. Prior to entering academia, Dr. Krukowski founded several business advisory firms, served as an expert witness, and was recognized by the Business Brokerage Press as an industry expert for selling manufacturing companies. Email: kipp.krukowski@colostate.edu. Lawrence Justin White, Jr., PhD, CVA, is an assistant professor of business administration at Riverside City College. Dr. White earned his PhD from Oklahoma State University, MBA from California State University, Long Beach, and bachelor’s in mathematics from Northern Illinois University. He is a certified facilitator of the Entrepreneurial Mindset (The Entrepreneurial Learning Initiative) and a certified administrator of the Entrepreneurial Mindset Profile ® (Leadership Development Institute at Eckerd College). Prior to entering academia, Dr. White worked in the theme park industry, where he developed expertise operating food and beverage, retail, games, and warehouse facilities. Email: justin.white@rcc.edu.A PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES 28 JULY | AUGUST 2021 the value examiner T his column provides summaries of contemporary research in valuation and forensic accounting. Summarized manuscripts—selected from numerous academic research outlets—cover significant developments that affect the ever-changing valuation and forensic accounting landscape. The objective is to increase awareness of recently completed research that advances knowledge of these subjects. As this column evolves, The Value Examiner encourages readers to forward relevant manuscripts or working papers for consideration. Please send links or files to plohrey@ pragermetis.com or DanS1@NACVA.com with Academic Research Briefs in the subject line. Analyst Forecasts: Sales and Profit Margins Authors: C. S. Agnes Cheng, K. C. Kenneth Chu, and James Ohlson Source: Review of Accounting Studies 25, no. 1 (March 2020): 54–83 DOI: https://doi.org/10.1007/s11142-019-09521-z Summary One can think of earnings (E) as the product of sales (S) (or revenues) and profit margin (PM)—that is, E = S × PM, where profit margin is defined as earnings divided by sales. Consequently, one can derive an earnings forecast given a forecast for sales and a forecast for profit margin. This study by professors Cheng, Chu, and Ohlson (CC&O) uses several clever, robust statistical methods to evaluate four properties that have been identified with equity sell-side analysts’ earnings forecasts in the academic literature. Specifically, CC&O find that the following four properties apply to both sales and profit margins: optimistic forecast bias, relative accuracy with respect to benchmark model forecasts, forecast suboptimality, and serial correlation of forecast errors. To summarize this study’s key result: Sales forecasts generally perform better than profit margin forecasts in terms of these properties. Background and Motivation Why should one pay attention to sales and profit margin— the components of earnings—instead of earnings itself? CC&O provide two answers to motivate their analysis. First, the financial media reports on sales as frequently as earnings, and profit margin is frequently mentioned in the news when corporate performance is discussed. Hence, CC&O argue that sales is a central performance metric that is complemented by profit margin. Second, CC&O provide the following intuitive example to motivate this study. Consider two firms, A and B. Both firms have expected and actual earnings growth of 10 percent. Despite identical earnings growth, however, the firms are different in terms of sales and profit margin. For firm A, sales increased by 10 percent while profit margin remained constant. In contrast, for firm B, sales remained constant while profit margin increased by 10 percent. Given that E = S × PM, both firms report a 10 percent growth in earnings. Is this difference between A and B relevant? Which firm is reporting better news? 1 If one acknowledges that firms A and B are in different situations, it makes sense for analysts to forecast sales and profit margin separately. Data and Descriptive Statistics For this study, data are obtained from the Institutional Brokers’ Estimate System (IBES) detailed files. Specifically, one-year-ahead forecasts and actual values of annual sales and earnings-per-share (EPS) for nonfinancial firms (i.e., excluding SIC codes 6000–6999) are used. Earnings is calculated as number of shares outstanding × EPS/sales forecasts. This sample only includes observations that have a 1 Here is an answer to this rhetorical question. One could argue that a 10 percent increase in sales is preferable to a 10 percent increase in profit margin, to the extent that current sales growth predicts future sales growth. In contrast, profit margins are likely to be mean-reverting, thereby making current increases in profit margin less impactful. Academic Research Briefs Guest Reviewer: Philipp Schaberl, PhD /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ACADEMIC REVIEWA PROFESSIONAL DEVELOPMENT JOURNAL for the CONSULTING DISCIPLINES the value examiner JULY | AUGUST 2021 29 forecast by the same analyst containing sales as well as EPS forecasts. To estimate a firm-year-level forecast, CC&O used the median forecast from the latest individual forecasts made during the three-month window that is nine to 12 months before the forecast period end date. For example, for a December fiscal-year-end firm, forecasts made during January, February, or March of that year would be used. CC&O chose this specific timing to mitigate the effect of the potential walk-down by management, where forecasts start out optimistically and then are “walked down” to a beatable benchmark throughout the year (see Richardson et al., 2004). 2 The sample covers the years 2002 to 2016. Sales forecasts prior to 2002 are not available in IBES. The final sample contains 25,230 firm-year observations based on U.S. publicly traded companies. For size effects, CC&O used five size groups, based on market capitalization at the time of the forecast. Specifically, firm-year observations were allocated into size groups by preset (rather than relative) size break points across all NYSE-, AMEX-, and Nasdaq-listed firms. Given that analysts tend to follow larger firms, it is not surprising that 33 percent and 29 percent, respectively, of observations were assigned to groups 5 and 4 (the largest and next-largest firms), while only 2.8 percent of the observations were assigned to group 1, which contains the smallest firms. Basic descriptive statistics. The basic descriptive statistics are consistent with analysts’ forecasts displaying an optimistic bias. For example, the median predicted sales growth (forecast of next year’s sales/current year’s actual sales) equals 7.5 percent. In contrast, the median actual sales growth (next year’s actual sales/current year’s actual sales) equals 7.2 percent. A similar pattern emerges with profit margin. The median predicted profit margin (forecast of next year’s earnings/forecast of next year’s sales) equals 5.6 percent, while the median actual profit margin equals 5.3 percent. CC&O hypothesize that, due to the richer information environment, forecast errors are smaller for larger firms. Consistent with this prediction, CC&O found a monotonically decreasing median scaled sales forecast error from 12.3 percent for small firms to 3.8 percent for large firms. The scaled forecast error is defined as the difference between actual and predicted sales, scaled by actual sales. Similarly, the results showed that the forecast error for profit margin decreased from 5.9 percent for small firms to 0.7 percent for large firms. Methodology and Results CC&O use several clever, robust statistical methods to evaluate four properties that have been identified with equity sell-side analysts’ earnings forecasts in the academic literature. Specifically, this section will show that optimistic forecast bias, relative accuracy with respect to benchmark model forecasts, forecast suboptimality, and serial correlation of forecast errors apply to both sales and profit margins. 3 2 Scott Richardson, Siew Hong Teoh, and Peter D. Wysocki, “The Walk-down to Beatable Analyst Forecasts: The Role of Equity Issuance and Insider Trading Incentives,” Contemporary Accounting Research 21, no. 4 (Winter 2004): 885–924. 3 For simplicity and clarity, some variable names used in this Academic Research Brief are modifications of the variable names used by CC&O. Optimistic forecast bias, relative accuracy with respect to benchmark model forecasts, forecast suboptimality, and serial correlation of forecast errors apply to both sales and profit margins.Next >