Saturday, August 09, 2008

Gartner Magic Quadrant - GRC

Free report from Gartner on leading GRC applications, courtesy of MetricStream.

Labels: Gartner, grc, MetricStream

Tell us what you think. (0) comments.
Send to a friend:

Thursday, May 29, 2008

Survey: Enterprise risk management still a blind spot for insurance CFOs

The drumbeat for the use of enterprise risk management processes at major companies is getting louder thanks to the credit crisis.

Federal Reserve Chairman Ben Bernanke said yesterdayThursday that the credit crisis has exposed weaknesses in many financial firms’ risk-management practices. “For risks to be successfully managed, they must first be identified and measured,” Mr. Bernanke noted in a speech. “Recent events have revealed significant deficiencies in these areas.”

Apparently, those deficiencies exist at businesses which specialize in identifying and measuring risks. A new survey conducted by consulting firm Towers Perrin found CFOs at insurers are still woefully behind in weighing enterprise risk when making business decisions.

“Although many life companies have made progress in such areas as risk identification, prioritization and measurement, few are achieving the desired full potential of enterprise risk management (ERM) as a management tool,” concluded Towers Perrin, which surveyed CFOs at 38 large and midsize North American life insurance companies.

For example, 83% of those CFOs said their company lacked the tools necessary to measure value creation from ERM. More than 70% said they had not yet aligned ERM with performance incentives.

Survey: Enterprise risk management still a blind spot for insurance CFOs

Labels: ERM, life insurance companies, measuring risk, Towers Perrin survey

Tell us what you think. (0) comments.
Send to a friend:

Large-caps set high corporate governance standards, but independence still an issue for some

For those that have felt the corporate governance requirements under SOX were unreasonable, consider these findings in Austrailia regarding corporate governance practices. The themes sound all too familiar.

Australia’s largest publicly listed companies generally meet all aspects of best practice guidelines for corporate governance; however full independence still remains a key issue for some major companies.

The 2008 BDO Kendalls Large-Cap Corporate Governance Survey, released today, shows that while independence at the board level is not an issue for most (70%) of Australia’s top 20 listed companies, a number of large companies do not meet best practice guidelines in relation to their audit, remuneration or nomination committees.

The survey methodology used has been developed by BDO Kendalls over a number of years and in some cases sets a higher standard than the ASX best practice principles for corporate governance.

Areas highlighted included some companies having audit, remuneration or nomination committees that were either not made up of all independent directors or the chair was not independent. The survey findings are based on the 2007 annual report disclosures of the 20 largest Australian listed companies by market capitalisation as at 13 March, 2008.

Large-caps set high corporate governance standards, but independence still an issue for some

Labels: Austrailia, BDO Kendalls Large-Cap Corporate Governance Survey, corporate governance

Tell us what you think. (0) comments.
Send to a friend:

Lawsuits may expand Sarbanes-Oxley

Two lawsuits filed by former employees against Fidelity Investments may resolve a simmering dispute in the securities industry: Whether mutual fund employees are protected by a whistle-blower law adopted in the wake of corporate accounting scandals.

The Sarbanes-Oxley Act does not specifically apply to the Fidelity Investments chairman's firm and other privately held companies.

Congress gave whistle-blowers at public companies strong protections against retaliations when it passed the Sarbanes-Oxley Act in 2002 after the collapse of Enron Corp. and WorldCom. But the law does not specifically extend to privately held firms such as Fidelity that invest in public companies.

Lawsuits may expand Sarbanes-Oxley

Labels: employee lawsuit, Fidelity Investments, whistleblower

Tell us what you think. (0) comments.
Send to a friend:

Harsh internal IMF audit calls for 'major changes'

Internal auditors at the International Monetary Fund released a harshly critical report on governance Wednesday and urged "major changes" to maintain the embattled institution's relevance.

The Independent Evaluation Office of the IMF said that effectiveness had been the strongest aspect of the 185-nation institution's governance, "while accountability and voice have been the weakest."

"If left unaddressed, these weaknesses would likely undermine effectiveness over time," IEO director Thomas Bernes said in a statement.

Harsh internal IMF audit calls for 'major changes'

Labels: governance, IMF, internal audit

Tell us what you think. (0) comments.
Send to a friend:

Friday, April 25, 2008

Board Adopts New Ethics and Independence Rule Concerning Communications with Audit Committees and an Amendment to its Existing Tax Services Rule

The Board adopted Rule 3526 to enhance communication between audit committees and registered firms regarding the firm's independence. Rule 3526 will require a registered public accounting firm, before accepting an initial engagement pursuant to the standards of the PCAOB, to describe in writing to the audit committee all relationships between the firm or any of its affiliates and the issuer or persons in a financial reporting oversight role at the issuer that may reasonably be thought to bear on the firm's independence. Registered firms will also be required to discuss with the audit committee the potential effects of any such relationships on the firm’s independence. Rule 3526 will require firms to make a similar communication annually for continuing engagements. If approved by the Securities and Exchange Commission (SEC), Rule 3526 will supersede the Board's interim independence requirement, Independence Standards Board Standard No. 1, Independence Discussions with Audit Committees, and two related interpretations.

Board Adopts New Ethics and Independence Rule Concerning Communications with Audit Committees and an Amendment to its Existing Tax Services Rule

Labels: audit committee, code of ethics, pcaob, tsx services rule

Tell us what you think. (0) comments.
Send to a friend:

Crunching the Words

When auditors seek evidence of fraud, they take a careful look at a company's financial statements. Maybe they should examine other statements, such as those uttered by company executives.

That's the theory behind new fraud-detection software developed by two professors at Virginia Tech, who say that the story a company crafts around its numbers often says much about whether those number are solid.

"We want to add another tool to the auditor's toolbox," says Greg Jenkins, associate professor at Virginia Tech and the program's co-developer. The idea is "to look at all the communications a company makes public [including MD&A disclosures, public statements, and a range of SEC filings] and see if there are patterns that are inconsistent with the company's performance, or with the performance of other companies in the industry," he says.

Crunching the Words

Labels: audit, fraud, MD and A disclosure

Tell us what you think. (0) comments.
Send to a friend:

Tuesday, April 22, 2008

SOX Life Blog: Knowledge Management and Corporate Governance

Knowledge Management (KM) is more than a buzz phrase running through organizations, so if you were hoping this discussion was going to abruptly end, think again.

With so many organizations facing labor shortages as the baby boomers look toward retirement, it becomes not only a staffing but a very practical governance conversation about addressing this talent gap. What would happen if all your senior talent left tomorrow?

I recently received an email from a researcher in Austrailia interested in organizational maturity of KM practices, and how this is viewed in association with corporate governance. I would invite you to participate as well (and ask consultants to consider a key client as well for whom this would be relevant).

Dear Colleagues,

I am Suzanne Zyngier, a Research Fellow at La Trobe University, Australia is conducting questionnaire research into knowledge management (KM) strategies and governance. This questionnaire is unique in investigating the governance of knowledge management which is defined as the implementation of authority to ensure the realization of benefits of KM strategy development and implementation.

This new research will overview conditions globally.This new research is important because it will enhance our understanding of the issues encountered in governance, development and implementation of KM programs. Practitioners and theoreticians need and want to find better solutions to these issues.This questionnaire comprises 20 questions about KM - some text based and some multiple choice, and a section on background information. The questionnaire takes approximately 15 minutes to complete.

SOX Life Blog: Knowledge Management and Corporate Governance

Labels: baby boomer, change management, corporate governance, knowledge management

Tell us what you think. (1) comments.
Send to a friend:

Thursday, April 17, 2008

SOX Life Blog: Reader Question - Understanding & Evaluating Segregation of Duties

I appreciate when readers share their challenges in applying issues and concepts, as invariably there are an additional dozen people also struggling with this same topic.

One professional writes:

I am new at this and need to understand about SOX and SOD, do you have any other resources? I am looking for Purchases Orders to Negotiations for credit terms, to who enters the new vendor and who signs and who does Accounts Payable all the way through to Fixed Assets? Can you help or recommend a book on SOD or an inexpensive software solution?

This reader had already come across a few past entries (Explaining Segregation of Duties, SOD Part II), and was still struggling with putting the concept into application. An additional entry that is less apparent was on the access management challenges that organizations face when cleaning up business practices - a highly correlated discussion.

My best recommendation for a quick overview and orientation to control practices...

SOX Life Blog: Reader Question - Understanding & Evaluating Segregation of Duties

Labels: access management, coso, fraud, segregation of duties, seperation of duties

Tell us what you think. (2) comments.
Send to a friend:

PCAOB Considers Adopting New Ethics and Independence Rule Concerning Communications with Audit Committees and Amending its Existing Tax Services Rule

The Public Company Accounting Oversight Board has scheduled an open meeting for Tuesday, April 22, at 9:30 a.m. in the Board's open meeting room at 1666 K St. NW, Washington, DC.

The Board will consider adopting Rule 3526, Communication with Audit Committees Concerning Independence, which would supersede the Board's interim independence requirement, Independence Standards Board Standard No. 1, Independence Discussions with Audit Committees. The rule would require a registered public accounting firm to communicate to an issuer's audit committee about any relationships between the firm or any of its affiliates and the issuer or persons in financial reporting oversight roles at the issuer that may reasonably be thought to bear on the firm's independence. The communication would be required both before the firm accepts a new engagement pursuant to the standards of the PCAOB and annually for continuing engagements.

Board to Consider Adopting New Ethics and Independence Rule Concerning Communications with Audit Committees and Amending its Existing Tax Services Rule

Labels: independence, pcaob, rule 3526, tax services

Tell us what you think. (0) comments.
Send to a friend:

Wednesday, April 16, 2008

Segregation of Duties Whitepaper: Minimizing the Cost and Complexity of Sarbanes-Oxley Compliance

Another resource available for those seeking to better understand and manage their SOD risks and issues.

Corporate and IT executives continue to feel the pressures of assuring
federal regulators, auditors, boards of directors, and stockholders that
corporate financial statements are accurate and precise. Additionally, they
must ensure that the personnel responsible for working with financial
information don't have inherent conflicts of interest. A critical element of
Sarbanes-Oxley compliance, known as avoiding Segregation of Duties conflicts
(SOD conflicts), will continue being a top concern. Furthermore, manual
management of SOD conflicts creates too high a risk – especially for global
businesses where hundreds of individuals are managing literally tens of
thousands of financial functions.

Labels: segregation of duties

Tell us what you think. (0) comments.
Send to a friend:

Changing Ethics Compliance Rules And Their Potential Impact On Government Contractors And Investors

Recently, the US Government implemented a new rule and proposed yet more rules regarding ethics and corporate compliance programs for government contractors. This marks a continuing shift towards adopting a more aggressive approach in addressing government contractor fraud, which is similar to the protocols applied to other sectors of US industry.

The enacted rule addresses requirements for contractor codes of business ethics and conduct ("CBE"), awareness programs and internal control systems. The newly proposed rules go much further, heightening the need for contractors to strengthen their ethics and compliance programs and for investors to focus on these issues during due diligence.

Changing Ethics Compliance Rules And Their Potential Impact On Government Contractors And Investors

Labels: CBE, ethics, fraud

Tell us what you think. (0) comments.
Send to a friend:

Cox Seeks $1B Boost from Congress

Securities and Exchange Commission chairman Christopher Cox asked Congress to approve his nearly $1 billion budget request for fiscal year 2009.

If lawmakers agree the SEC needs its first budget increase in three years, the commission will have realized a roughly 4 percent increase and be able to keep its staff levels the same as fiscal year 2007, Cox testified during an appropriations hearing before a House subcommittee on Wednesday. The SEC currently employs about 3,470 full-timers.

Cox Seeks $1B Boost from Congress

Labels: Christopher Cox, sec

Tell us what you think. (0) comments.
Send to a friend:

Friday, April 11, 2008

The Changing Atmospherics of Corporate Crime Sentencing in the Post Sarbanes-Oxley Act Era

The Sarbanes-Oxley Act of 2002 has been viewed as a watershed event in dealing with corporate fraud. In addition to its extensive provisions dealing with internal controls and corporate accounting procedures, the law adopted new crimes and pushed the United States Sentencing Commission to enhance the Federal Sentencing Guidelines provisions for fraud and related offenses. Even before the adoption of the Act, the Commission had increased the potential punishment for white collar crimes by amending the loss table for fraud offenses. These two steps played a key role in the increased sentences imposed on defendants convicted for their role in corporate crimes, such as Bernie Ebbers (twenty-five years) and John Rigas (fifteen years). The Sarbanes-Oxley Act maked a change in the sentencing atmospherics for corporate crime that propelled judges to give out sentences that were unthinkable even five years earlier.

This article considers how the Sarbanes-Oxley Act changed the approach to sentencing of white collar defendants involved in corporate crimes.

The Changing Atmospherics of Corporate Crime Sentencing in the Post Sarbanes-Oxley Act Era

Labels: corporate scandal, fraud, penalties, white-collar crime

Tell us what you think. (0) comments.
Send to a friend:

Thursday, April 10, 2008

SOX Life Blog: Flagging the "SEC's SOX for Small Business Reference"

Dreading your pending SOX initiative? Or the thoughts of IPO? Or how you might refine your implementation?

Hopefully, "Sarbanes-Oxley Section 404A Guide for Small Business" from the SEC takes some of the sting out of it. This incorporates much of the thinking and discussion in the last 18 months about "how much is enough" for small business. I also think it gives existing implementations an interesting viewpoint from which to re-assess their current environment.

SEC's SOX for Small Business Reference

Labels: coso, reference, sec, small business, SOX Life Blog

Tell us what you think. (0) comments.
Send to a friend:

How Long Should It Take to Restate?

Sometimes after announcing they need to restate their financials, companies go into shutdown mode. For up to two years, investors won't see a regulatory filing or hear a significant financial peep while a company tidies up its past.

The Securities and Exchange Commission's Advisory Committee on Improvements to Financial Reporting (CIFR) hopes to reduce the frequency of these so-called dark periods. During a panel held by the Center for Audit Quality (CAQ) on Tuesday, CIFR chairman Robert Pozen suggested that some of these restatements could be resolved more easily through an 8-K filing that corrects an error but spares the company from having to go through all of its old financials with a jeweler's loupe.

How Long Should It Take to Restate?

Labels: 8-k, CIFR, restatement, sec

Tell us what you think. (0) comments.
Send to a friend:

Wednesday, April 09, 2008

US company restatements soared 1997 to 2006--study

The frequency of financial restatements by U.S. public companies began to increase before the Sarbanes-Oxley corporate reform law was passed in 2002, according to a study commissioned by the U.S. Treasury Department and released on Wednesday.

But restatements associated with fraud and revenue declined after 2001, said the report authored by Susan Scholz, a University of Kansas professor of accounting.

Restatements jumped to 1,577 in 2006 from 90 in 1997, although much of the increase came from small companies that are not traded on major stock exchanges, the report said.
Scholz found fraud was a factor in 29 percent of all 1997 restatements, but only in 2 percent of 2006 restatements.

US company restatements soared 1997 to 2006--study

Labels: fraud, restatement studies, sox, Susan Scholz, US Treasury

Tell us what you think. (0) comments.
Send to a friend:

Blame for restatements may need a rethinking

The growing number of companies restating their financial results has been cited as a reason to ease U.S. accounting standards by the Securities and Exchange Commission and Treasury Department. But the restatement problem may not be the big bad wolf it was originally thought to be.

Two studies released recently indicate that not only have restatements begun to decline, but they may be caused more by basic company errors than by complex accounting standards that companies have a hard time applying. Although proponents of reducing accounting complexity still think restatements are a problem, the studies could provide ammo for those looking to preserve the current regime.

According to one of the studies, released in February by Audit Analytics, an independent research firm in Sutton, Mass., restatements declined last year for the first time since 2001, with only 1,237 restatements disclosed. That was the lowest level in three years and marked a 30% drop from the 1,801 restatements that public companies disclosed in 2006. It was also lower than the 1,545 restatements in 2005, but higher than the 1,029 restatements in 2004.

...the move toward converging U.S. generally accepted accounting standards with international financial reporting standards may result in the need for more management judgment. And, since management judgment is a big, though not overwhelming, cause of restatements, more judgment could mean more restatements.

Blame for restatements may need a rethinking

Labels: Audit Analytics, management judgement, restatement studies, SEC (Securities and Exchange Commission)

Tell us what you think. (0) comments.
Send to a friend:

In Justice Shift, Corporate Deals Replace Trials

In 2005, federal authorities concluded that a Monsanto consultant had visited the home of an Indonesian official and, with the approval of a senior company executive, handed over an envelope stuffed with hundred-dollar bills. The money was meant as a bribe to win looser environmental regulations for Monsanto’s cotton crops, according to a court document. Monsanto was also caught concealing the bribe with fake invoices.

A few years earlier, in the age of Enron, these kinds of charges would probably have resulted in a criminal indictment. Instead, Monsanto was allowed to pay $1 million and avoid criminal prosecution by entering into a monitoring agreement with the Justice Department.

In a major shift of policy, the Justice Department, once known for taking down giant corporations, including the accounting firm Arthur Andersen, has put off prosecuting more than 50 companies suspected of wrongdoing over the last three years.

Instead, many companies, from boutique outfits to immense corporations like American Express, have avoided the cost and stigma of defending themselves against criminal charges with a so-called deferred prosecution agreement, which allows the government to collect fines and appoint an outside monitor to impose internal reforms without going through a trial. In many cases, the name of the monitor and the details of the agreement are kept secret.

In Justice Shift, Corporate Deals Replace Trials

Labels: criminal charges, deferred prosecution agreement, fraud, outside monitor, prosecution

Tell us what you think. (0) comments.
Send to a friend:

Tuesday, April 08, 2008

Standard and Poor's - Use of ERM in Credit Rating

Maybe so much of the Sarbanes Oxley legistlation has been to simply bring US filers up to par with governance and risk management practices that have been maturing around the globe.

Standard and Poor's, one of the leading credit rating agencies for capital markets, has begun their analysis of incorporating enterprise risk management (ERM) practices into credit rating - in Australian and New Zealand companies (with one of the longest lived bodies of risk management practice, dating back to 1995).

Though the comment period is now closed, the S&P ERM Criteria as issued for comment in November 2007 (period closed Feb 1, 2008).

editor note: I could not find conclusions on the comments on the S&P website, originally scheduled to be published around March 1, 2008. Please share if you happen upon it.

Labels: credit rating, enterprise risk management, ERM, Standard and Poors

Tell us what you think. (0) comments.
Send to a friend: