Beware Non-GAAP Accounting Standards

By Mark Melin, published on

The practice of companies using their own, non-GAAP accounting standards to spin earnings is nothing new.  But did last week a statement from Target Stores go too far?  The Minneapolis-based retailer’s spokesman Eric Hausman was quoted as saying it will exclude from its accounting statements costs from a recent technology breach where 40 million of its customer credit and debit card accounts were hacked, customer’s private information stolen.

The key question is: are these really one time charges?  Is there any residual, lasting impact on the Target brand or customers sense of security going forward?  Multiple sources  reported that after the December data breach occurred, Target’s traffic and credit card sales saw a significant drop.  Can Target claim definitely the event is really only a onetime cost?

As Bloomberg’s Jonathan Weil notes: “It’s not as if Target hasn’t had stuff stolen from it before, or that it doesn’t get sued on a regular basis. The difference is that the latest data heists were really, really bad. The upshot: Small losses count (think shoplifters). But losses stemming from the theft of personal data for tens of millions of customers don’t count, because those would be much bigger. Put another way, the bigger the losses are, the less they matter.”

The costs being excluded from the firm’s forthcoming earnings report includes “liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities.”

Target’s Mr. Hausman was quoted as saying “It is a unique, nonrecurring event. This has never happened before. So it is not considered a part of our recurring operations.”

Pay attention to the concept that this is a unique, nonrecurring event when considering Target’s annual report which identifies several risk factors, including significant data security breaches that “could adversely affect our reputation and results of operations.”

If a firm identifies a potential risk, and then that risk occurs and costs the company money, can it be defined as a unique and non-recurring event?  This is particularly interesting given the recent uptick in cyber security breaches and online crime.  In the report  2013 Cost of Cyber Crime Study, HP and the Ponemon Institute said the cost, frequency and time it takes to resolve cyber attacks has risen for the fourth consecutive year.  The report clearly shows a trend towards increasing costs of cyber crime, noting that the costs of solving cyber crime increased by 55% in 2013 when compared to 2012.  Not only did the cost increase, but the time involved in solving the problems grew as well from 24 days in 2012 to 32 days in 2013. Perhaps most troubling is the fact the number of cyber crimes continues to rise, from 102 attacks per week in 2012 to an average of 122 in 2013.  When investors consider the cost of cyber crime on earnings they consider that the costs a company actually incurs might be in the eye of the beholder.




DISCLOSURE: These are the opinions of the author and may not have considered all risk factors. Nothing on this web site should be construed as an individual recommendation, talk to your independent advisor. The author and Opalesque may have relationships with those people they cover in the publication. Mr. Melin provides a full disclosure of his business relationships to regulators and certain eligible participants who engage him in consulting projects. Managed futures investing involves risk and there are no guarantees of safety or future performance being implied. Managed futures can be a risky investment. This web site and its content is subject to the terms of the web site. Risk Disclosure and terms of web site are available here: Performance information received on this site is provided by third parties and deemed reliable but there is no guarantee relative to same. Performance reporting sources and quality assurance techniques may include, but are not limited to: disclosure document, CTA self reporting, brokerage firm reporting, consultant reporting, spot checking other reporting databases; nonetheless no guarantee of accuracy or implication performance verification or auditing is being made by the publishers. The CTA Database is a project separately managed from

Leave a Reply