Recent Articles
Posted on August 20th, 2008 by Priya Ramesh »Permalink
Greetings, everybody. Financial Week has the goods on one of the most novel approaches to belt-tightening in these lean economic times that we’ve seen: CFO rental. (Wonder if they do rent-to-own . . . )
News today from CFO about our dear friend Harvey Pitt, who has been appointed deputy attorney general for the state of Alabama to investigate a case involving Colonial BancGroup, an Alabama company that attributes its recent plummeting stock values to naked shorting (we did NOT make up that term). Here’s hoping Mr. Pitt enjoys his time in the Yellowhammer state (nope, didn’t make that up, either) and gets to the bottom of things.
Also at CFO this week, an interesting wrap-up of comments to FASB on who accounting folks think should be writing accounting rules. It seems that with the imminent move to IFRS, there’s a healthy contingent out there who think FASB’s rule-writing days are — or should be — over. Check it out, and give us a shout in our comments with some thoughts of your own.
We’ve said before that fraud is costly — not only in terms of cash losses, but also in time. Looks like that’s true for the perp as well as the victims. Web CPA the skinny on a 10-year sentence for a convicted tax fraudster. Please pay no attention to this story, which doesn’t fit in nearly as well to the narrative about crime not paying.
Tags: Harvey Pitt, IFRS, FASB, fraud
| digg | del.ic.ious | reddit |
Posted on August 18th, 2008 by Priya Ramesh »Permalink
Happy Monday, everyone. Let’s start today with Stuart King who has a most enlightening look at some data privacy don’ts. There’s a reason these policies are supposed to be enterprise-wide, of course. That means everybody. (For some data privacy do’s, by the way, our very own Monica Elliott has a few things to say of her own).
In less entertaining — in fact, downright doom and gloomy news, Jim Peterson has a rather dismal forecast (shared by several accounting industry heavyweights) for the future of the industry. It’s worth a read for sure (ignorance and bliss notwithstanding).
Meanwhile, the WSJ has news on the increasing move toward green policies among corporate boards in the U.S. (And if you can’t see the registration-required link, the Baltimore Sun has the whole article here). If Jim Peterson and his cronies in accounting can do for their industry what Al Gore has done for global warming . . . well, imagine the possibilities.
Finally, this is so handy that we wonder why we haven’t seen (well, noticed) it before — Marketwatch’s weekly wrap-up on Corporate Social Responsibility.
Tags: data privacy, accounting industry, going green
| digg | del.ic.ious | reddit |
Posted on August 14th, 2008 by Priya Ramesh »Permalink
Jesse Eisinger’s latest column over at Portfolio dissects the current state of the UK’s financial status in light of a large credit crisis and looming R-word (hmm, sound familiar?), and compares it to the American model. Two different regulatory structures, two opposite approaches. Yet both countries are faced with similar problems — a threatening credit crisis and a bursting housing bubble. Eisinger determines that neither the UK’s or America’s model have worked in practice and as the Brits have started on the path towards reexamining their structure, suggests the U.S. keep an eye on our friends across the pond to learn what — and what not — to do.
In other news, the acronym de jour appears to be ERM — also know as enterprise risk management. CFO reports on the modern American company shifting from definition of risk management strictly in terms of audit and compliance to encompassing all aspects of the concept, including the changing role of, you guessed it, the CFO. With the S&P now including ERM as a determination of a company’s credit rating, we’re sure to hear more about this one.
And Financial Week is reporting on a new study that found M&A activities are the biggest strain on a company’s risk management practices, with half of those surveyed claiming the challenges associated with deal making and restructuring as one of the biggest potential challenges for their companies’ risk management processes. The shaky economy (no R word here) and political, legislative and regulatory changes rounded out the top three concerns. Speaking of the economy, today’s ironic byline … The New York Times’ David Jolly reports on the global economy and the world-wide feeling of … pessimism.
ERM, R Word, credit crunch
| digg | del.ic.ious | reddit |
Posted on August 13th, 2008 by Julie Garland McLellan »Permalink
In a recent article on Train Wreck, Steve Tobak put forward the idea that corporate governance is a myth. He based that hypothesis on the assertion that there are no consistent and effective laws, methods and metrics governing public companies.
From my years of experience with public company boards and directors, I would agree about the lack of consistently effective laws or methods for governance. But I would also give a bit more credit to those who serve on corporate boards. I have worked with quite a few in my day, and most have been peopled with ethical and hard-working directors and have managed good standards of governance, often under trying circumstances.
Through my work in corporate governance, I have come to view governance as a social system that is very dependent on the qualities and characters of the people involved. I have also come to recognize the key elements of a successful board – and a successful corporate governance program. While I have been fortunate to witness some real success stories, I do agree with Mr. Tobak that such stories are not nearly as common as they should be. For that reason, I’ve outlined below what I believe are crucial factors for a successful board that truly serves its shareholders.
Straight Talking. The first requirement for a successful corporate board is a willingness to tell – and hear – hard truths. Good governance requires guts, and good boards are made up of brave and courageous people. I know about the sorts of boards that led Steve Tobak to write his article – the very sorts who would never dare to hire a consultant (such as myself) who might tell them the truth.
Knowing the Goals. To discharge their responsibility to the shareholder requires a board to understand what type of shareholders they have and what type of performance the shareholders are looking for. For a large listed company, this is no mean feat. Responsible, successful boards invest time and effort on communicating with their shareholders to ensure that investors understand the company’s direction, goals, and likely outcomes – with a keen awareness of their responsibility to represent the interests of minority shareholders along with those of larger investors.
Planning Strategy and Execution. Once the board has worked out what is acceptable performance for their shareholders, they reach the real challenge: ensuring that the company has a strategy that will deliver that performance. It is imperative that the board should contain individuals with a deep understanding of both the company’s business and the industries in which it operates, as well as any geographic regions and key customer needs. It is also imperative that the board should be independent of management and capable of thinking through an independent line of analysis.
Defining Success. Boards must take responsibility for developing key performance indicators (KPIs) and ensuring that management report these diligently and accurately. Reporting must be comprehensive and timely enough to ensure that the board is aware of performance without being so cumbersome that it hampers management’s ability to deliver. Developing good KPIs is more of an art than a skill — something that boards get better at with practice.
Building a Team. When the board has endorsed the corporate strategy, they then have a responsibility to ensure that there are sufficient skills within the boardroom for appropriate oversight of the strategy as management set about implementation. Sometimes the best person to add to a board is one who makes the other board members slightly nervous. It requires courage to recommend such appointments to shareholders, but a good chairman will seek out such directors, confident that they add value to the board, even if they do make his job more difficult.
Leadership on Compensation — both for the board and for executives. Many people consider “independence” in this sense to mean sufficient personal wealth that board directors need not rely on fees paid for board appointments. That is a sadly deficient definition. It is not uncommon for board members to become almost addicted to the status of his or her membership. There is a difference between loyalty to the board and a slavish desire to remain on the board.
My personal preference is for a board fee that adequately compensates board members are the risks and liabilities of the position as well as the considerable time and expertise that it requires. Like Mr. Tabek, I have found that stock and options provide incentives for board members to further their own interests over and above those of shareholders, although I know many ethical directors are paid in that manner and would never do any such thing.
The board must also give thoughtful guidance as to executive compensation. Again the issue of options, whilst intended to align interests with those of the shareholders, can provide perverse incentives. Boards need to ensure that executives are paid sufficiently well to stay on board, without risking an unacceptable transfer of wealth from the shareholders to the CEO.
Effective Oversight. Having decided on the remuneration mechanism, the board must develop a close relationship with the CEO so that they can oversee performance and ensure that ethical behaviour in the best interests of the company and the shareholder, rather than incentive-driven behaviour in the best interests of the CEO’s pay packet. As Steve Tobak points out, it is easy for a board to condone behaviour that raises the share price in the short-term whilst undermining the long-term sustainability of the organisation. Good boards do not take the easy route, instead understanding the key attributes of the strategy and linking compensation to achieving strategic milestones.
These things can be consistently measured and compared across different companies – but of course they don’t tell you whether or not the board members are ethical, independent and fiercely committed to the success of the company. You cannot legislate for ethics or commitment. All you can do is hire the best available board members, support them in their endeavours, and hold them to account through appropriate disclosure. However, if you do that, my experience suggests that you will get good governance.
Tags: Tags: corporate boards, shareholder value, corporate governance
Julie Garland McLellan has over 20 years experience in strategic business development in resources, utilities and energy industries. She is currently a corporate governance consultant with Blackrock ITS, a leading Australian IT services and solutions firm. Previously, she served as associate director with McLennan Magasanik Associates, and a board member of the Victorian Minerals and Energy Council, the Victorian Energy Networks Corporation (VENCorp), the Melbourne University Engineering Foundation and City West Water. Julie has an honours degree in civil engineering from City University in London, an MBA from the leading Spanish Business School (Instituto de Empresa in Madrid) and is qualified in finance and corporate governance.
| digg | del.ic.ious | reddit |
Posted on August 12th, 2008 by Priya Ramesh »Permalink
Nothing like a bit of good news to kick off the week, right? Which is why we lead off today with this from Accountants Round Up — an interesting story from SmartPros on how recession-proof the accounting industry is. Not that we’re talking about the R word ourselves, but let’s just say it’s good to keep in mind.
Speaking of the R Word (without really saying it, of course), we heard an interesting story yesterday on Marketplace Radio on the real-life bet-hedges that regular folks can make to help them weather economic storms. We’re not sure what to say about the advisability of betting against your own engagement or promotion, but the author may be on to something when she talks about investing in areas that thrive when your other investments are tanking. Speaking of bet-hedging, or just making the most of a not-great situation, Financial Week say there’s an upside for some on Wall Street from the industry’s big-time job losses so far this year — lots of available talent for smaller firms. Oh, how we love a win-win.
Less cheery news this week about data privacy, which isn’t seeming so private after all amid some high profile incidences of big-time ID theft. Here’s hoping that the indictments issued in both cases drive home the importance of data privacy to businesses here and abroad. The risks are serious — in addition to the employees and customers whose private information is at stake, things like jail time and financial liability are nothing to sneeze at.
R Word, accounting industry, data privacy
| digg | del.ic.ious | reddit |
Posted on August 8th, 2008 by Priya Ramesh »Permalink
Our good friends at Compliance Week have announced some interesting results in their annual study on material weaknesses in financial reporting. The study looked at 2007 financial information from over 400 companies of the S&P 500. The report found a significant drop in the number of weaknesses reported in 2007 in comparison with 2006, with 14 weaknesses reported by 11 companies. The publication’s previous study in 2006 found that almost every company selected for the study reported at least one material weaknesses, bringing the group’s reported total to more than 800.
Editor in Chief of Compliance Week Matt Kelly credits SOX as the perpetuator of progress:
“After four years of hard learning and experience, we’re seeing proof that Sarbanes-Oxley does deliver benefits,” said Kelly. “This is Corporate America’s equivalent of going to the gym: a painful experience at first, but eventually that pain fades and your health improves enormously over the long haul.”
The study also found that restatements of financial results dropped for the first time in five years and notes a shift in what “material weaknesses” can now be defined as in a post-SOX world.
In other news, the PCAOB has adopted new rules that will ease the transition during M&A’s or other events involving some change in legal form to allow an audit firm to continue functioning during such events without affecting its registration status with the Board. And like any good rule, it must first be approved by the SEC. We’ve got a few things on watch over there.
Tags: Sarbanes-Oxley, PCAOB, SEC
| digg | del.ic.ious | reddit |
Posted on August 6th, 2008 by Priya Ramesh »Permalink
Ok, so that’s the world’s cheesiest headline, but we simply cannot resist puns at Audit Trail, and besides, it’s Wednesday, which has kind of traditionally been our opportunity to highlight oddities in the news. Today is certainly no exception — news from CFO about — get this — a port-potty (is port-a-toilet the formal form there?) scam. In addition to incorporating a phony “Mr. John” port-a-receptacle vendor, he pleaded guilty to altering and issuing checks to the tune of nearly $3 fraudulent million. Whoa.
Entertainment value aside, this is one of the clearest illustrations we’ve seen of a classic SOD problem. Why is one person — a project accountant, in this case — able to both create and pay a vendor? User Access isn’t just about SOX, of course. Fraud is fraud, and it’s bad for business. Sound user access policies are a must even beyond The Rules we all have to follow — unless folks want to get seriously bilked, that is.
fraud, separation of duties, user access controls
| digg | del.ic.ious | reddit |
Posted on August 5th, 2008 by Priya Ramesh »Permalink
Happy Tuesday, everyone. Looks like executive pay is in the news again — this time word from CFO about European efforts to rein in executive compensation. With 20% of European financial executives expressing concerns about exec comp, it’ll be interesting to see how this shakes out there — and closer to home.
Elsewhere, lots of fraud in the news. From data theft at Countrywide to theft from customers at JP Morgan and $142 million of a reconstruction contract wasted in Iraq, it’s all over the place.
As Stuart King writes,
According to the Kroll Global Fraud Report, during the past 3 years, 4 out of 5 firms have suffered from some form of corporate fraud. If you haven’t already done so then it’s time to start elevating the importance of this issue on your risk models and thinking about controls.
We could not agree more with that last part. Fraud is a major risk for businesses, and companies committed to mitigating their risk to safeguard their organizations are well-advised to get thinking about controls and how to implement and manage them.
Tags: executive compensation, fraud, Controls Intelligence
| digg | del.ic.ious | reddit |
Posted on August 1st, 2008 by Monica Elliott »Permalink
For the past 8 years, companies have been focusing a good deal of time and resources on ensuring compliance with complex requirements from numerous regulations including Sarbanes-Oxley, HIPAA, and Payment Card Industry Standards to name just a few. Automating compliance and controls systems has helped companies attain and demonstrate compliance – in many cases, with benefits to the overall business in terms of increased efficiency and effectiveness.
We are on the cusp of another important series of regulations – this time with a heavy focus on data privacy, or the responsibilities that companies have to protect personal employee information and sensitive customer information. The stakes for companies are high, both in terms of litigation and liability, as well as risks to corporate reputation that arise from a data breach. (Would you want to be the company whose data breach leaked Justice Breyer’s personal information?) The growing web of complex regulations governing how personal data should be protected complicates things even further.
Data Privacy is fairly unique in the world of compliance because, unlike Sarbanes-Oxley and other similar regulations, regulations come from varied bodies, rather than a single governing entity. In the U.S., companies must consider both state and federal regulations concerning data privacy – as well as international regulations in any foreign countries where the company does business. Add on various industry regulations and regulations from governing bodies like the EU (where each of the 26 member countries has its own data privacy regulations), and things get downright complicated.
This is where GAPP (Generally Accepted Privacy Principles) comes in – the accounting industry’s attempt to help organizations to address privacy concerns in a streamlined way. GAPP has been developed to serve as a basis for auditors to use when conducting customer audits, and while it has yet to achieve official sanctioning by any auditing body, it is becoming more widely adopted as more companies work to meet these complex privacy regulations.
According to a December 2007 ComputerWorld article, “If you haven’t heard of [GAPP], take stock: They’re likely to become the most important new source of requirements for your IT projects since Y2k and Sarbanes-Oxley… GAPP is the best international framework for assessing the privacy health of an organization.”
Fortunately for compliance folks, there is a common thread in data privacy regulations – representing as much as 20% of them - monitoring user access. In the privacy world, monitoring access to sensitive information is called sensitive access, and it requires the same kind of diligence as separation of duties concerns under Sarbanes-Oxley. The terminology is different in the world of data privacy, but the work is the same. With studies showing more than 70% of data breaches come from people inside a corporation, monitoring sensitive access becomes a crucial part of data privacy regulation and compliance.
Fortunately for veterans of SOX and other compliance challenges, data privacy can be addressed in much the same ways as previous regulatory requirements – and automation and continuous monitoring can make the job a good deal easier. Controls Intelligence, deployed correctly, can both minimize the risk of data breaches and ensure compliance to the complex data privacy regulations that seem to be multiplying daily. From monitoring transactions and users to spot-checks on user access permissions, to database monitoring to ensure users cannot manipulate access from outside an application, this approach gives management improved capabilities for monitoring, assessing, and mitigating risks to data privacy – and the organization as a whole.
One last note – for an idea of how prevalent data breaches are, check out the Chronology of Data Breaches at PrivacyRights.org. To date, more than 230 million records including sensitive information have been involved in data breaches, and that’s just since 2005.
Tags: data privacy, continuous privacy monitoring, Generally Accepted Privacy Principles
— Monica Nelmes Elliott, Manager, Product Marketing, Approva
| digg | del.ic.ious | reddit |
Posted on July 31st, 2008 by Priya Ramesh »Permalink
Now this is some forward thinking. WebCPA has the low-down on the more than 70 CPA firms and state CPA societies who are contributing $15 million to finance the education of accounting professors, to address the shortage of accounting doctorates.
WebCPA’s coverage of this week’s planned round-table at the SEC is also worth a read. The roundtable is set to compare the performance IFRS standards and GAAP principles in the subprime market meltdown. This amid concerns in the US that moving to IFRS might make for less transparency in loss statements . . .
Speaking of the SEC, they’re cracking down on some smaller CPA firms for conducting audits but failing to register with the PCAOB. Penalties seem to range from “censuring” to ordering to cease and desist. Anyone with knowledge of what that actually means, feel free to weigh in in the comments. What was that we read raising questions about the SEC’s enforcement division?
Tags: accountant shortage, IFRS, GAAP, SEC
| digg | del.ic.ious | reddit |
