Financial Statement Credential Authority Failure Through Fraudulent Entries Engineered Below Audit Materiality Thresholds at HealthSouth Corporation

HealthSouth Corporation was the largest provider of outpatient surgery, diagnostic imaging, and rehabilitative healthcare services in the United States, operating approximately 1,800 facilities across the country. CEO Richard Scrushy had taken the company public in 1986 and built it into a major healthcare corporation. By the mid-1990s, HealthSouth's actual earnings were falling short of Wall Street expectations. Rather than report the shortfall, Scrushy directed senior accounting staff to close the gap by inserting fictitious entries into the company's accounting system.

The fraud operated through a process insiders called "filling the gap." At the end of each quarter, accounting staff would calculate the difference between HealthSouth's actual earnings and the number the company had communicated to analysts. They would then create manual journal entries — adjustments inserted directly into the general ledger — to inflate revenue and assets by the amount needed to meet expectations. The entries were distributed across multiple accounts and multiple facilities to avoid concentration in any single account that might attract attention. Critically, the individual entries were sized to fall below the materiality thresholds that Ernst & Young used in its audit sampling. The people creating the entries understood the audit methodology and calibrated the fraud to survive it.

In early 2003, as the SEC began an informal inquiry into HealthSouth following questions about insider stock sales, newly appointed CFO William Owens was brought into the fraud scheme by existing participants who expected him to continue the practice. Instead, Owens contacted the FBI. He wore a recording device and captured conversations with Scrushy and others discussing the fictitious entries. On March 19, 2003, the FBI raided HealthSouth's headquarters. The SEC filed civil fraud charges the same day.

The investigation revealed the scope: approximately $2.7 billion in fabricated earnings over seven years, accomplished through an estimated tens of thousands of fraudulent journal entries. Fifteen HealthSouth executives eventually pleaded guilty to fraud charges and cooperated with prosecutors. The company's reported assets had been inflated by approximately $3.9 billion. Ernst & Young's audits across the fraud period had not detected the scheme — the fictitious entries had been designed to pass through the audit methodology undetected by remaining individually immaterial while being collectively massive.

The audit methodology relied on materiality — the principle that auditors focus testing on transactions and balances large enough to matter to financial statement users. Transactions below the materiality threshold received less scrutiny or none at all. This is standard audit practice, not a deficiency unique to Ernst & Young. Auditing standards do not require testing every transaction; they require sufficient testing to provide reasonable assurance that the financial statements are free of material misstatement. The methodology is designed to be efficient and risk-based rather than comprehensive.

The HealthSouth fraud exploited the methodology's known parameters. The insiders who created the fictitious entries knew the materiality threshold because they understood the audit approach — some had worked in public accounting before joining HealthSouth. They sized each individual entry to fall below the threshold. They distributed entries across accounts and facilities to prevent any single account from showing anomalous growth that might trigger substantive testing. The audit tested what it was designed to test — transactions above the threshold, account balances in aggregate, high-risk areas identified through analytical procedures. The fictitious entries were specifically engineered to avoid each of these detection mechanisms. The audit credential — the unqualified opinion certifying the financial statements — was the product of a methodology whose parameters the fraudsters understood and worked around.

Fifteen HealthSouth executives pleaded guilty. Scrushy was acquitted of criminal fraud charges in 2005 in a Birmingham jury trial but was subsequently convicted in a separate civil case and sentenced to approximately seven years in prison on bribery charges related to his appointment to a state hospital regulatory board. Ernst & Young paid $109 million to settle a class action lawsuit related to the audit failures but was not charged criminally. The case contributed to the implementation of PCAOB Auditing Standard No. 5 on internal control audits and heightened attention to journal entry testing, specifically testing of manual entries below traditional materiality thresholds. The case demonstrated that audit methodology, when its parameters are known to the audited entity, can be circumvented by calibrating fraud to survive the testing approach.