VideoCFO welcomes your letters. Send them to: The Editor, CFO, 253 Summer St., Boston, MA 02210.
E-mail us at JuliaHomer@cfo.com. You can also contact a specific author by clicking on his or her byline at the beginning of any article.
Please include your full name, title, company name, address, and telephone number. Letters are subject to editing for clarity and length.
After reading your interview with William J. McDonough, chairman of the Public Company Accounting Oversight Board ("The Enforcer," August), I was skeptical of his insistence that auditors should be able to detect fraud. Based on my 30-plus years in auditing and finance, I know that a simple collusion between an accounts-payable and a purchasing clerk can circumvent some of the most sophisticated systems.
From the article, it appeared that Mr. McDonough based his comments on his experience as president of the Federal Reserve Bank of New York, where he demonstrated his "tough love" philosophy as a supervisor of the "largest financial institutions in the United States." However, after reading your interview, I happened to read an August 24 article in the Wall Street Journal titled "Finance Sector Is Warned of the Threat Within." It stated that the Secret Service completed a study, "Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector," which found that the finance sector, including banking, has failed to take the most basic steps, such as employee background checks, to prevent fraud.
This "substantial" threat of fraud is posed "by virtue of [employees'] knowledge of and access to their employers' systems and/or databases, and their ability to bypass existing physical and electronic security measures through legitimate means." Perhaps after reading this study, Mr. McDonough will be more sympathetic to the auditors in their difficult job of detecting fraud.
Rick Land
Via E-mail
From the interview I just read, it appears that Mr. McDonough's title should be changed from chairman of the PCAOB to simply Audit Czar. This man has a clear desire to play God and wield power like no other public official. The question is, who regulates the regulator?
McDonough claims to have the ability to give firms a gentle nudge or put them out of business. This level of arrogance is more befitting a communist dictator than anything in a democratic process. The worst part is his hypocrisy. McDonough claims to be working for the public interest, but as a former Fed president, he played a part in the world's largest organized engine of inflation, creating successive cycles of boom and bust. Was that also for the public good?
We need to get something straight: regulation does not make markets safe; it only increases the cost of doing business and eliminates competition. Of course, we can lay the blame for that at the feet of Mr. Sarbanes and Mr. Oxley.
Dale Schwartzenhauer
Tax Manager
Jim Johnson & Co.
Walla Walla, Washington
Risky Comments
I appreciate your focus on enterprise risk management in "Watch Your Back" (August). It is a topic not nearly important enough in the eyes of executives.
I did want to point out one thing that does not come through clearly in your article: ERM and insurance risk management are not the same thing. The management of insurable risk such as natural disasters and employee safety is a subset of ERM. ERM deals with overall risks to a company, including business environment, governance, compliance, technological, financial, and operational risks.
ERM is focused on bringing the information gathered by the "risk" functions in an organization (including insurance risk management, legal, compliance, environmental, health and safety, and so on) together in an integrated fashion with management's assessment of the other risk areas mentioned above, so their information can benefit management as it develops its strategies and comprehensive risk profile.
Including an insurance risk manager at planning meetings, while a good first step at integration, does not constitute an ERM program.
Jeanette York
Ernst & Young
Via E-mail
In "Watch Your Back," only a part of the issue of risk avoidance is discussed. The involvement of the risk department in planning will certainly reduce risk if the department is fully knowledgeable about the company's capabilities and processes.
Reader Comments» Post a comment