Speaking of news that totally contradicts recent trend stories, Financial Week has the goods on noticeable declines in CEO pay this fiscal year — around 15%. It seems that long-term incentives are on the decline in these lean(er) economic times.

Finally, we just got word that California judge will be allowing a shareholder suit against Countrywide Financial, which is going to have to answer to accusations of insider trading and failure to monitor lending practices. Perhaps now would be a good time for a refresher on the importance of instituting integrated GRC policies that provide operational visibility, so that folks running businesses know just what’s going on inside them.

Tags: Big 4, accountant shortage, executive compensation, meltdown

Also interesting is this piece from SoxFirst, with thoughts from George Soros on who all shares the blame for what went down. Econ professors, you’re On Notice.

In cheerier news, we at Approva are the happy recipients of quite the industry award — for the second year running, we’ve been honored with The Service & Support Professionals Association’s (SSPA) STAR Award for Best Emerging Company Support. We’re honored by the recognition — and thrilled to have such a top-notch customer support operation.

Tags: subprime meltdown, credit crunch, George Soros, SSPA

Financial news in 2008 – from French bank Société Générale’s $7 bn loss to millions of write-downs at other major financial institutions amid hefty subprime losses – underscores the importance for financial institutions of implementing effective governance, risk and compliance (GRC) strategies.

But GRC is a complex challenge, and while many institutions may be tempted to throw more manpower toward the problem, that’s not necessarily the most efficient or effective means of addressing the issue. A recent Deloitte study in the banking sector highlights how dramatically compliance spending is growing – outpacing net income – 3.69% of net income in 2006 compared to 2.83% in 2002 – with 60% of that direct expenditure going to compensation of staff.

With compliance costs on the rise, financial institutions, like other companies, face the sometimes daunting challenge of achieving compliance, eliminating fraud, and managing overall risk — without draining their organizations of resources. Given the cost-consciousness, it’s little wonder that solutions that address broad GRC issues while delivering broader operational value to the business are especially in-demand.

Making the move to automation is a great first step in meeting these broad goals. Controls automation brings tangible and far-reaching benefits, from improved efficiency and elimination of unnecessary procedures to allowing for actionable reporting. Not to mention the advantages that automation offers the global enterprise, enabling data from differing business units, areas, and geographies to be combined for consolidated analysis.

Software solutions that go a step further to offer Controls Intelligence (such as Approva’s BizRights platform), provide even greater benefits, including the ability to continuously monitor critical transactions and processes so that companies have real-time visibility of their control and compliance performance and can manage risk in a proactive manner. This kind of visibility provides a crucial holistic view of controls across the company, so that businesses can address core control and compliance issues including segregation of duties, sensitive access controls or master data controls, across multiple applications – and prioritize high risk areas and exceptions, rather than wasting resources on repeatedly testing low risk controls.

Adopting an intelligent controls solution as the primary platform for compliance and control can result in a significant improvement in an organization’s ability to manage risk, prevent fraud and maintain compliance. Typical benefits in the financial services industry include:

• improved visibility of business risk
• less time preparing for audits
• reduced audit costs
• faster regulatory compliance
• reduced burden on IT staff

In addition to these direct improvements, most companies experience spin-off benefits through streamlined business processes, better quality of transactions, and a more secure operating environment.

A recent survey of bank executives found that 92% of respondents see regulations growing in complexity over the next three to five years. With this threat on the horizon, organizations in the financial services industry should think very seriously about leveraging automation to move their GRC strategies to the next level.

— Michael P. Cangemi is President and CEO of Financial Executives International and an Approva Advisory Board Member

Tags: financial controls, risk management, Controls iIntelligence

Speaking of supply and demand, low demand for the US Dollar — and higher demand for just about anything but the dollar (or the Zimbabwean Dollar — yikes), is impacting companies with large global operations (and clients who pay in Euros, Yen and the like). Financial Week warns, though, that gains may be fleeting as the dollar gains strength.

Elsewhere from Financial Week — check this out — an examination of how risk experts are working to account for human behavior in developing risk management policies. We’ll be interested to see where this discussion goes. We’ve talked before about the impossibility of legislating behavior, but planning for it might be something else entirely.

Finally, any NY-area readers might want to mark your calendars — it seems the S&P is holding a fair value accounting forum next Thursday, featuring FASB chairman Bob Herz and S&P’s chief accountant, among others.

Nothing like getting guidance straight from the experts, is there?

Tags: FASB, fair value, accounting industry, GRC, risk management

Elsewhere on Wall Street, reports that the FASB is about to get a good deal tougher on folks involved in the subprime mortgage meldtown, assembling a task force of assorted agencies to look into whether any of them committed mortgage fraud, insider trading and accounting fraud.” We’ll be watching this one closely.

Meanwhile, WebCPA has the goods on Interpublic’s deal with the SEC and the $12 million they had to cough up to settle charges of accounting fraud — without admitting or denying the charges.

Finally, in what has to be the best-headlined story we’ve read in ages, CFO’s got an interesting piece up this week on how accounting students are planning for the switch from GAAP to IFRS. It’s worth the read.

Tags: Yahoo!, Microsoft, GAAP, IFRS, FASB

Senator Menendez isn’t the only one calling for change. A senior official at the Treasury department is also advocating increased transparency in the marketplace, encouraging financial markets participants to adopt “voluntary measures to prevent abuses, reduce risk and boost transparency — or or face new rules requiring changes,” say the folks at Financial Week.

So we need improved transparency and fewer foxes guarding henhouses. Why does that sound so familiar, nearly six years after SOX?

Meanwhile, FierceSarbox picked up a study that CIO recently covered showing that more than 70% of security professionals list damage to brand as a top concern — more so even than avoiding regulatory violations or data breaches or ID theft. That level of awareness of the less tangible, but still serious damage that can come from compliance weaknesses is pretty enlightening. Looks like awareness of the importance of an enterprise-wide focus on GRC is really catching on . . .

Finally, because we’re not above tooting our own horns at Audit Trail, we thought our readers would be interested to hear that Approva has been named to the 2008 Red Herring Top 100 most innovative private technology companies headquartered in North America. You can read a little more about this here.

Tags: subprime meltdown, security officers, GRC, governance, risk and compliance, Red Herring 100

This is the most important aspect of board governance. The oversight function is the absolute minimum that investors and owners have a right to expect from boards. Some boards are too focused on simply providing the minimum.

Board members should, individually and collectively, have experience of business and community life that will enable them to add value to the organisation as well as to effectively monitor its operations. They add this value by the insights they bring.

Oversight is looking at a function and asking the compliance related questions:
• Should we be doing this?
• Are we doing this correctly?
• Are the right people doing this and do they have the right tools and training?

Insight comes when the board start ask questions about performance such as:
• Are these activities the best activities for generating the results we want?
• If they are the best activities, could we do them more effectively or efficiently?
• What would help our people to be more effective?
• Who does these activities better than we do and what could we learn from them?

An insightful board will challenge and support the President or CEO by helping to keep the organisation focused on outcomes rather than processes.

Foresight comes when the board can predict aspects of future performance by monitoring current KPIs. A board with foresight is able to look at the evolving corporate landscape and ask questions such as:
• What activities will be required in the future?
• What must we learn now to be more effective in the future?
• How will we track that our people are learning the required skills?
• When should we start to deploy new activities?

It is important to remember that the oversight role is the foundation for the insight role. No board can sensibly offer advice on improving performance if there is any doubt about the veracity of the information they are basing their insights upon. Similarly the board must have appropriate good quality data from their performance insight to be able to make any use of their instincts regarding foresight. Attempting to move to a higher level without the data from the lower levels is dangerous; it can leave a board exposed to making decisions that do not stand the test of later analysis.

Attempting to govern a successful company without progressing from oversight to foresight is also dangerous. The board can become trapped in old paradigm thinking and performance can deteriorate to a point where future options are limited by lack of resources. Boards must have confidence in their data to be able to move successfully through from oversight to insight and then to foresight so that their organisation moves from compliance to performance to sustained competitive advantage.

Tags: corporate boards, risk management, compliance

Meanwhile, risk seems to be the topic of the week. Financial Week examines how demand has soared for Chief Risk Officers (most recently at Washington Mutual).

As the Financial Week article linked above says, “The credit crunch has pushed risk management to the top of corporate directors’ list of concerns.” No telling how much farther it will climb amid increasingly grim financial news, like Morgan Stanley’s warning that problems for big banks have only just begun. But according to company CFOs, economic forecasts are indeed grim — just not for their own companies. Hmmm. So is this just a high-profile case of cognitive dissonance, or do they know something we (and the Fed) don’t?

Tags: PCAOB, risk management, conflict disclosure, credit crunch

It was clear to us early-on in the conference that interest in internal controls has grown well beyond simple user access. While user access and SOD are still priorities, the people we encountered were most interested in the ability to implement controls over things like systems settings and transactions – and in risk management, data privacy, and fraud prevention.

There also seemed to be a mad rush to upgrade to newer, more current versions of Oracle and PeopleSoft. We found ourselves talking a good bit about the need to set up controls appropriately within upgraded systems.
Our own sessions drew a healthy audiences – in fact, our session on strengthening data privacy in Peoplesoft (live-blogged here) ultimately got so full that folks were being turned away. While we’d like to credit our fabulous presentation skills, the truth is that more and more businesses are interesting in leveraging controls and compliance efforts for broader business goals, and data privacy is a top concern for many we encountered – regardless of role or business size.

We talked to everyone from business professionals, IT staff and controls/compliance and audit folks about this issue, from companies small and very, very large, and these issues were at the forefront for nearly all of them* as we discussed risk, controls, and compliance.

*We said “nearly” for a reason. Almost everyone wanted to talk about SOD, user access, data privacy or something related, but as happens at every event, several just wanted to talk about how they Love A Good Audit and take home an Approva or button or two. We even met one woman who’d made her own I Love a Good Audit button! Now that’s dedication.

Tags: COLLABORATE 08, Peoplesoft, Oracle, data privacy, controls intelligence

— Monica Elliott and Brian Groves

Brian Groves is Senior Director, Product Marketing, Oracle at Approva.

Monica Elliott is Manager, Product Marketing, PeopleSoft at Approva

Have you recently read any articles about what your board should be focused on? Was it bird-flu, Internet portals, Terrorism or some other fad?

I wish I had a dollar for every article on the latest buzz-word that every board should worry about. Or fifty cents for every list of twenty questions board members should ask about the craze. I would hate to be on a board that was so easily sidetracked from their real concern; running the company so that it achieves what it was set up to achieve.

In some great research from Australia, Neil Buck surveyed real company directors on what risks they thought most likely to impact their companies. His initiative revealed 16 categories of risk which, when read by company directors, were recognised as things they worry about.

I have followed up on that research and interviewed 241 company directors on the big risks facing their company. Unsurprisingly the number one risk was financial but (sad news for the audit community) it was not financial statement misstatement or fraud, but simple cash flow risk that kept directors awake at night. Fixing this is a question of strengthening the business. Improving reporting or ticking boxes in the board room won’t help.

Directors the world over are focused (as they should be) on running businesses to generate wealth (or benefits in a not-for-profit context) in an environmentally and socially acceptable manner. If bird flu is important for the business they will focus on that. If not, they should focus on what is important for their business.

Directors can rely on their own judgement to help them to evaluate such things. They may get it wrong occasionally (all boards, when they are being honest, have a decision they regret in their history) but it rarely is so wrong that they can’t fix it. Unless, of course, they are rushing from one fad to the next without pause for thought.

Anyone who suggests that every possible risk should be a board focus is either totally inexperienced in the board room or hoping to sell your board something. For optimum results, focus your board on what is important for your organisation by holding an annual discussion of strategic aims and current targets. Forget the current fashion and just talk about what the organisation needs to achieve and what are the risks that threaten that achievement.

You will be amazed by the power that the board can generate and the value that they can add.

Tags: corporate boards, risk management

Julie Garland McLellan is a professional company director and corporate governance consultant. Her book “All Above Board” is a practical manual for government sector boards. Julie delivers practical boardroom training and performance assessments that empower boards to achieve results. Readers are invited to subscribe to her newsletter ‘The Director’s Dilemma” free of charge until 1 January 2009.