Archive for the ‘Industry News’ Category
Posted on May 1st, 2008 by Julie Garland McLellan »Permalink
This is the most important aspect of board governance. The oversight function is the absolute minimum that investors and owners have a right to expect from boards. Some boards are too focused on simply providing the minimum.
Board members should, individually and collectively, have experience of business and community life that will enable them to add value to the organisation as well as to effectively monitor its operations. They add this value by the insights they bring.
Oversight is looking at a function and asking the compliance related questions:
• Should we be doing this?
• Are we doing this correctly?
• Are the right people doing this and do they have the right tools and training?
Insight comes when the board start ask questions about performance such as:
• Are these activities the best activities for generating the results we want?
• If they are the best activities, could we do them more effectively or efficiently?
• What would help our people to be more effective?
• Who does these activities better than we do and what could we learn from them?
An insightful board will challenge and support the President or CEO by helping to keep the organisation focused on outcomes rather than processes.
Foresight comes when the board can predict aspects of future performance by monitoring current KPIs. A board with foresight is able to look at the evolving corporate landscape and ask questions such as:
• What activities will be required in the future?
• What must we learn now to be more effective in the future?
• How will we track that our people are learning the required skills?
• When should we start to deploy new activities?
It is important to remember that the oversight role is the foundation for the insight role. No board can sensibly offer advice on improving performance if there is any doubt about the veracity of the information they are basing their insights upon. Similarly the board must have appropriate good quality data from their performance insight to be able to make any use of their instincts regarding foresight. Attempting to move to a higher level without the data from the lower levels is dangerous; it can leave a board exposed to making decisions that do not stand the test of later analysis.
Attempting to govern a successful company without progressing from oversight to foresight is also dangerous. The board can become trapped in old paradigm thinking and performance can deteriorate to a point where future options are limited by lack of resources. Boards must have confidence in their data to be able to move successfully through from oversight to insight and then to foresight so that their organisation moves from compliance to performance to sustained competitive advantage.
Tags: corporate boards, risk management, compliance
Posted on April 28th, 2008 by Audit Trail »Permalink
We just returned from a very busy week at COLLABORATE 08 and wanted to share some thoughts on what we saw and heard in Denver. The conference was very impressive – some 7,000 attendees, hundreds of vendors, and thousands of sessions.
It was clear to us early-on in the conference that interest in internal controls has grown well beyond simple user access. While user access and SOD are still priorities, the people we encountered were most interested in the ability to implement controls over things like systems settings and transactions – and in risk management, data privacy, and fraud prevention.
There also seemed to be a mad rush to upgrade to newer, more current versions of Oracle and PeopleSoft. We found ourselves talking a good bit about the need to set up controls appropriately within upgraded systems.
Our own sessions drew a healthy audiences – in fact, our session on strengthening data privacy in Peoplesoft (live-blogged here) ultimately got so full that folks were being turned away. While we’d like to credit our fabulous presentation skills, the truth is that more and more businesses are interesting in leveraging controls and compliance efforts for broader business goals, and data privacy is a top concern for many we encountered – regardless of role or business size.
We talked to everyone from business professionals, IT staff and controls/compliance and audit folks about this issue, from companies small and very, very large, and these issues were at the forefront for nearly all of them* as we discussed risk, controls, and compliance.
*We said “nearly” for a reason. Almost everyone wanted to talk about SOD, user access, data privacy or something related, but as happens at every event, several just wanted to talk about how they Love A Good Audit and take home an Approva or button or two. We even met one woman who’d made her own I Love a Good Audit button! Now that’s dedication.
Tags: COLLABORATE 08, Peoplesoft, Oracle, data privacy, controls intelligence
— Monica Elliott and Brian Groves
Brian Groves is Senior Director, Product Marketing, Oracle at Approva.
Monica Elliott is Manager, Product Marketing, PeopleSoft at Approva
Posted on April 24th, 2008 by Julie Garland McLellan »Permalink
Have you recently read any articles about what your board should be focused on? Was it bird-flu, Internet portals, Terrorism or some other fad?
I wish I had a dollar for every article on the latest buzz-word that every board should worry about. Or fifty cents for every list of twenty questions board members should ask about the craze. I would hate to be on a board that was so easily sidetracked from their real concern; running the company so that it achieves what it was set up to achieve.
In some great research from Australia, Neil Buck surveyed real company directors on what risks they thought most likely to impact their companies. His initiative revealed 16 categories of risk which, when read by company directors, were recognised as things they worry about.
I have followed up on that research and interviewed 241 company directors on the big risks facing their company. Unsurprisingly the number one risk was financial but (sad news for the audit community) it was not financial statement misstatement or fraud, but simple cash flow risk that kept directors awake at night. Fixing this is a question of strengthening the business. Improving reporting or ticking boxes in the board room won’t help.
Directors the world over are focused (as they should be) on running businesses to generate wealth (or benefits in a not-for-profit context) in an environmentally and socially acceptable manner. If bird flu is important for the business they will focus on that. If not, they should focus on what is important for their business.
Directors can rely on their own judgement to help them to evaluate such things. They may get it wrong occasionally (all boards, when they are being honest, have a decision they regret in their history) but it rarely is so wrong that they can’t fix it. Unless, of course, they are rushing from one fad to the next without pause for thought.
Anyone who suggests that every possible risk should be a board focus is either totally inexperienced in the board room or hoping to sell your board something. For optimum results, focus your board on what is important for your organisation by holding an annual discussion of strategic aims and current targets. Forget the current fashion and just talk about what the organisation needs to achieve and what are the risks that threaten that achievement.
You will be amazed by the power that the board can generate and the value that they can add.
Tags: corporate boards, risk management
Julie Garland McLellan is a professional company director and corporate governance consultant. Her book “All Above Board” is a practical manual for government sector boards. Julie delivers practical boardroom training and performance assessments that empower boards to achieve results. Readers are invited to subscribe to her newsletter ‘The Director’s Dilemma” free of charge until 1 January 2009.
Posted on April 17th, 2008 by Julie Garland McLellan »Permalink
Governance relies on culture, and establishing an appropriate culture is one of the most important jobs for a board. Checking that the culture the board wanted is the culture they actually have is also important.
The board will get some idea of the culture within the organisation by observing the behaviours of the CEO and senior executives. Behaviours that are rewarded and recognised will be emulated and repeated and will eventually coalesce into ‘the way things get done round here’ or the basic culture of the organisation. Different departments will have slight variations on the basic culture but these must never stray so far from the norm that they become alien to the rest of the organisation.
A good indicator for boards is the relationship between the support and control functions and the line management within the core operations. If risk management, internal audit and human resources are generally welcomed as ‘people who help us get our jobs done’ then the culture is likely to be reasonably compliance focused. If there are strong tensions or a dramatic divide between “us” and “them” then the culture is probably not right. The board can find this out by seeking opportunities to meet staff from the support functions and asking these staff how they feel they are viewed by their colleagues in the line functions. This can happen in the boardroom.
First hand experience is better than any indicator. Boards should get out and about within the organisation as much as they can. Talking to staff about the control system and why it is important will reinforce the value of compliant behaviour and demonstrate that the board is genuinely interested in compliance.
There is a good reason that sayings such as “whatever interests my boss fascinates me” and “what gets measured gets done”; they are true! Boards need to show they are interested and measure compliant behaviour so that the staff are aware that their compliance is monitored.
Boards also need to pay attention to the mythology within the organisation. What are the things that make an employee a hero or heroine in the eyes of their colleagues? If gung ho risk taking and non-compliant behaviour are stuff that heroic reputations are built upon the board is not going to get much compliance from the best and brightest members of staff. Boards should be careful that they reward compliance as well as performance. Whilst many boards are wary of introducing complex reward systems if a company has a good controls system and monitors compliance it will be easy to pick an objective quantifiable indicator of good compliance and to build that in to the reward system.
Rewarding a manager, for example, on the reduction in non compliances by his or her direct reports will soon have managers focused on reinforcing the control system or changing it when it needs to be changed to support a better performance outcome. When the control system is viewed as something that prevents performance good managers will naturally try to find a way to operate outside the fetters the system imposes. When the system is designed to support performance and when rewards are attached to supporting and working within the system then the board can rest assured that the culture will have an adequate focus on compliance.
Julie Garland McLellan has over 20 years experience in strategic business development in resources, utilities and energy industries. She is currently a corporate governance consultant with Blackrock ITS, a leading Australian IT services and solutions firm. Previously, she served as associate director with McLennan Magasanik Associates, and a board member of the Victorian Minerals and Energy Council, the Victorian Energy Networks Corporation (VENCorp), the Melbourne University Engineering Foundation and City West Water. Julie has an honours degree in civil engineering from City University in London, an MBA from the leading Spanish Business School (Instituto de Empresa in Madrid) and is qualified in finance and corporate governance.
Tags: corporate governance, compliance
Posted on April 4th, 2008 by Julie Garland McLellan »Permalink
I so often hear (from auditors) that boards don’t listen to their auditors or (from boards) that auditors don’t talk in a way boards can understand or use. It really is sad that such an important conversation so frequently leaves both participants unsatisfied.
The best way to get the conversation started, in my experience, is for the parties to come together to discuss what are the key strategic risks and then what are the likely best key performance indicators (KPIs) to monitor these risks. As a general rule directors are more interested in the strategic information that will affect future performance than in the financial information that depicts past performance. Unfortunately most of the information directors get given by auditors or risk managers seems to be past oriented and financial rather than future oriented and focussed on the activities that will cause the financial performance.
Starting the conversation as an inquiry with both sides suggesting things topics for investigation and KPIs that would provide a meaningful indication of likely future performance is far better than starting the conversation with one party reporting to the other.
It is healthy for the audit committee or board to meet with the auditors and internal auditors without management being present. This does not mean that the board distrust management just that the conversation is different when management is not present. Simple measures such as inviting the internal auditor to accompany the board when they make a visit to an operating site will help to build shared understanding and common values. It is imperative the board meet the internal auditor more than once a year and that each meeting is constructed to achieve specific outcomes rather than just to wade through specific reports.
Tags: auditors, corporate boards, KPIs
Julie Garland McLellan has over 20 years experience in strategic business development in resources, utilities and energy industries. She is currently a corporate governance consultant with Blackrock ITS, a leading Australian IT services and solutions firm. Previously, she served as associate director with McLennan Magasanik Associates, and a board member of the Victorian Minerals and Energy Council, the Victorian Energy Networks Corporation (VENCorp), the Melbourne University Engineering Foundation and City West Water. Julie has an honours degree in civil engineering from City University in London, an MBA from the leading Spanish Business School (Instituto de Empresa in Madrid) and is qualified in finance and corporate governance.
Posted on March 18th, 2008 by Julie Garland McLellan »Permalink
The main requirements for an audit committee are members that understand what they are auditing and that are independent enough to give an unbiased opinion of the results of their audit.
Most global corporate governance codes call for the audit committee to be comprised of a majority (and preferably entirely) of independent non-executive directors. In particular it is considered inauspicious if the CEO, President or Chairman is an audit committee member. Some codes call for the committee to be chaired by an independent financial expert and generally define this expertise as that of a person who regularly and recently has prepared or audited company financial statements.
These requirements can be hard for government agencies and smaller companies to meet. That does not mean that the audit committees in these companies are ineffective. Most are highly effective because they are comprised of ‘good’ people. However it is worth looking closely at the mechanisms that have been put in place to remedy the lack of independence in the structure. These must bear up well under detailed scrutiny if the board is to be able to take any assurance from the committee’s operations.
The most crucial issues are independence of mind, an understanding of both the business and the financial statements and a willingness to follow investigations through to their complete conclusion.
A good audit committee member will have an abundance of curiosity about how results were generated, what reporting processes were used and where the human intervention points could alter the results. With these attributes and good monitoring tools a committee can gain very valuable insights and can customise controls to optimise expected performance.
Tags: audit committee, independence, corporate governance
Posted on February 29th, 2008 by Priya Ramesh »Permalink
When it comes to financial scandals, all roads lead to bad accounting. During the peak of the post-Enron era in 2002, all fingers were rightly pointed at bad accounting as the culprit. In today’s most recent financial scandal – the subprime mortgage debacle – we have not seen much coverage tying this major problem back to bad accounting. Until now…check out this post from Jim Peterson’s blog that provides an in-depth look at this issue.
The most illuminating quote from Jim is this one: “So viewed, subprime and the credit market turmoil are all about the accounting, and nothing else. Fundamentally flawed assessments were made – whether out of venality or ignorance – about the quantification, timing and transferability of the risks associated with uniquely complex financial derivatives, and the collapse in their values as knowledge and experience eventually caught up.”
We welcome all thoughts, comments and feedback from Audit Trail readers on the topic of bad accounting and the subprime mortgage mess. And, happy Friday.
subprime mortgages, accounting
Posted on February 28th, 2008 by Julie Garland McLellan »Permalink
PV Boccasam caused a minor sensation when, during a visit to Australia, he likened controls to the brakes on a car and explained that you needed good controls if you wanted to go fast. In Australia at the time, the prevailing sentiment was that controls were more like seatbelts; all about restraint and nothing to do with performance.
Good controls, like good brakes, are essential, but you don’t want them fully on all the time. You just need to apply them at the critical moments.
For a board, or audit committee, understanding the controls environment can only occur if the members understand the business. It is important to know what are the key drivers of success and what, if done poorly, will prevent success; controls should then be focused on the activities that will make the most difference.
Although there are some areas, such as invoicing and cash handling, where good processes are necessary, in all companies there are others where lower controls will give higher performance.
A good case in point is a not-for-profit company that recently employed an excellent IT manager. The new manager came from a competitive environment where data security was a major issue. He immediately established controls to prevent data being removed from the company’s servers.
Unfortunately, this company relied on volunteers giving presentations to educate people about the risks of diseases. When the volunteers could not access the presentations because all the disk drives and USB ports had been disabled, the company’s operations were brought to a standstill and, worse, some volunteers used old, out-of-date presentations with incorrect information whilst waiting for the situation to be resolved.
This could all have been avoided if the IT manager had been properly briefed on the risks and sensitivities of this business and designed controls accordingly. Controls with an eye only toward restraint and not toward performance often end up slowing everyone down.
Tags: corporate governance, controls, compliance, audit committee
Julie Garland McLellan has over 20 years experience in strategic business development in resources, utilities and energy industries. She is currently a corporate governance consultant with Blackrock ITS, a leading Australian IT services and solutions firm. Previously, she served as associate director with McLennan Magasanik Associates, and a board member of the Victorian Minerals and Energy Council, the Victorian Energy Networks Corporation (VENCorp), the Melbourne University Engineering Foundation and City West Water. Julie has an honours degree in civil engineering from City University in London, an MBA from the leading Spanish Business School (Instituto de Empresa in Madrid) and is qualified in finance and corporate governance. We’ll let Julie take over from here.
Posted on February 21st, 2008 by Julie Garland McLellan »Permalink
Over the next couple of weeks, Audit Trail is pleased to be featuring contributions from a special guest blogger, Julie Garland McLellan. Julie is Australia’s leading expert on government sector governance and a member of Approva’s Advisory Board, and we’ve asked her to share her thoughts today on how cultural factors inform the way that companies are organized – and what this can mean for global governance standards. We’ll let Julie take over from here.
Boards are social networks; they develop their own shared culture. The board culture is influenced by the cultures of the people on the board and hence by the underlying business and community cultures that these people come from.
Global governance standards are at the mercy of individual and national board cultures. Although a company may have a board with a majority of independent directors, the processes and outcomes will be very different in:
• An Asian company where face-saving requires that directors not admit to misunderstanding anything
• A patriarchal society where younger members are expected to defer to their elders
• A male-dominated culture where women are expected not to contribute to the debate but to applaud the men
• A politicized society where the board member who is a member of the ruling party holds sway over the others
• A company that has a large family shareholding and a family member on the board
Different countries are likely to have typical board cultures that can be very different from those of US and European companies. Indeed the ‘European” board culture varies dramatically between the two-tier German system, the single tier British system, the employee representative systems in some countries and the majority of family businesses and political allies in others. In Norway, where the requirement for female board members has recently been legislated, the culture is very different from board culture in Spain, where the boardroom is still predominantly a male-dominated area.
The most important aspects of a board’s culture are a desire to ‘do the right thing’ and a healthy debate about the possible future strategies and their likely risks. No amount of legislation will protect a company if the people in the boardroom are either unethical or poorly engaged in developing and implementing the best possible strategies for the organization.
Julie Garland McLellan has over 20 years experience in strategic business development in resources, utilities and energy industries. She is currently a corporate governance consultant with Blackrock ITS, a leading Australian IT services and solutions firm. Previously, she served as associate director with McLennan Magasanik Associates, and a board member of the Victorian Minerals and Energy Council, the Victorian Energy Networks Corporation (VENCorp), the Melbourne University Engineering Foundation and City West Water. Julie has an honours degree in civil engineering from City University in London, an MBA from the leading Spanish Business School (Instituto de Empresa in Madrid) and is qualified in finance and corporate governance. We’ll let Julie take over from here.
Tags: global governance, corporate boards
