Video"Only you can prevent forest fires" was the cautionary message of a long-running risk management campaign. An accounting scandal may seem much less dramatic than a wildfire — but to your company, it could be just as devastating.
Roger Friedberger has certainly been keeping a lookout. Since 1996, when he became finance chief of ILOG — a software provider headquartered in Gentilly, France, and Mountain View, California — Friedberger has been keenly aware of the possibility of a revenue-recognition misstep. The temptation for salespeople to boost their compensation by booking revenues improperly, before they're fully earned, is famously strong in Silicon Valley.
The effects of overly aggressive accounting have a way of scaling the corporate ladder, leading to restatements and shareholder lawsuits — not to mention executive dismissals. "More software CFOs have bitten the dust because of rev-rec problems" than due to any other accounting issue, maintains Friedberger.
By putting preventive measures in place, however, Friedberger has helped ILOG steer clear of a restatement, or even so much as an adjustment by its auditors, since the company went public in 1997. That "safety first" approach has also found favor with many other finance chiefs, corporate risk managers, and internal auditors who guard against fraud, gamesmanship, and inattention, and keep accounting woes from their doors.
Spreading a responsible corporate culture, and using your powers of persuasion to keep employees and lower-level managers in line, has always been an essential practice. Today, finance executives are also launching enterprise-risk-management programs to take a comprehensive picture of corporate risk, and installing new software to get a clearer view of potential hot spots in even the most remote outposts of their organizations.
Sarbanes-Oxley compliance requirements have spurred these efforts, of course. But a look at how fast a company's fortunes can plummet in the first blush of bad accounting news might be motivation enough. Indeed, a tarnished reputation can deliver a lingering jolt to a company's finances, suggests a May 2003 study by Deloitte & Touche of a score of companies touched by corporate accounting scandal.
The companies — whose ranks included the usual suspects — suffered an average 50 percent drop in share price within 20 days after news of the scandal first broke, according to Rick Funston, national practice leader for governance and risk oversight at Deloitte & Touche.
At five of the companies, the share price fell by more than 90 percent. "Shareholder value is tried and [hanged] in the court of public opinion long before it gets to a court of law," says Funston — hence the need to prevent financial scandals entirely, and not to "go to trial" at all. But can you guard against corporate scandal just as you would guard against wildfires?
The View from On High
Start by taking a comprehensive view of potential problems across your entire organization, say advocates of enterprise risk management, and set your priorities.
Some companies have begun to link their internal-audit functions with broader corporatewide plans of managing risk. "Risk management and [internal audit] were never coupled in the past as they are today," says John Calkins, director of risk management at Masco Corp., a manufacturer of home-improvement and building products based in Troy, Michigan.
Risk management, the theory goes, can help widen the focus of internal auditors. At Zions Bancorporation in Salt Lake City, Utah, for instance, the auditors use risk-assessment software to "receive alerts about new risks and changing risk levels," David Stone, the company's senior vice president of risk management, recently wrote in FSA Times, a publication of the Institute of Internal Auditors.
Up until recently, though, ERM was rarely mentioned in the context of accounting perils. In its formative years, enterprise risk management was largely a dream in the minds of property-casualty underwriters, who saw comprehensive views of risk as a way to sell big-ticket insurance policies.
ERM may be ready for a growth spurt, however. In July, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), a private-sector group aimed at improving the quality of financial reporting, issued its proposal for a standardized ERM "framework." COSO members hope to set up a common ERM terminology for what has been largely a rag-bag of ideas — everything from the establishment of the title of "chief risk officer" to the use of derivatives. Slated for release in its final form early in 2004, the framework is already influencing risk management thinking and software design.
ERM proponents do acknowledge that even a systemic approach will have a tough time stopping outright fraud. Intentional deception, rather than a mere tweaking of the numbers to create an overly rosy impression, is difficult to prevent, says H. David Sherman, a professor of business administration at Northeastern University. To take a bite out of these crimes, Sherman suggests that internal auditors should make their spot checks less predictable and more detailed — an improvement that's been frequently suggested for external audits, too.
Reader Comments» Post a comment