Print this article | Return to Article | Return to CFO.com
Readers write to say that most executives lack the courage to admit that most data breaches are the fault of insiders; that Standard & Poor's new enterprise risk management rating effort should have been launched long ago; and more.
CFO Staff, CFO Magazine
June 1, 2008
CFO welcomes your letters. Send them to: The Editor, CFO, 253 Summer St., Boston, MA 02210
E-mail us at JuliaHomer@cfo.com, or contact a specific author by clicking on his or her byline. You can also post a comment directly on CFO.com by clicking on the appropriate link at the end of any article.
Please include your full name, title, company name, address, and telephone number. Letters are subject to editing for clarity and length.
Being prepared for the audit should not require a pre-audit, but the reality of the business world is that it frequently does ("Auditor Angst," May). Throughout the year, companies should be thinking about the audit. Large companies accomplish this by having the auditors on site all the time. Smaller companies, however, may not be able to afford that.
It is cheaper and more satisfying to be prepared for the audit. We have seen over and over that companies that prepare for audits get the rewards by going through shorter audits, obtaining better results, and enjoying better relationships with their auditors.
Room for a View
Jerry Boerner and the AT&T team discovered measurable value of integrated corporate data as they prepared for the Apple iPhone launch ("General Ledger vs. Major Opportunity," Topline, May). It is not uncommon for companies that have created a centralized view of the enterprise to realize continued ROI through data integration versus use of independent data marts. AT&T could not have achieved measurable business value without a single view of the business enabling rapid integration of detailed customer transaction and financial data, then making it available to end users in near real time to support the iPhone strategic launch.
The Truth about Security
"Firewall of Silence" (InTech, April) highlights some of the unspoken truths about the current climate of data breaches and security incidents. Like the fact that employers are constantly blaming hackers because they don't want customers, journalists, or class-action lawyers focusing on the reality that the majority of data breaches are the fault of employees.
This fault exists because few executives understand the need for a "culture of security," where security is embraced as a core business function and brand protector.
The most recent report from the Identity Theft Resource Center found that of the 167 reported data breaches in the first quarter of this year, only about 13 percent were the result of outside hackers.
Admitting that most of your data breaches have been the fault of insiders who [often] didn't know any better is a leap most executives don't have the courage to make. Which is why, until executives are held personally responsible for security breaches, things will just get worse.
The French Connection
The French government requires that a set of books be kept in the government-dictated chart of accounts. Will international financial reporting standards simplify the international situation ("Goodbye GAAP" April)? Not if countries don't go along with it.
Keep On Not Truckin'
The different approach to transportation costs discussed in "Sucking It Up" (April) reminded me of when I was an accountant with a chemical subsidiary of Union Oil Co. of California in the 1960s. The company sold many of its products to customers in Northern California, while other chemical companies located in Northern California had customers in Southern California. Since both produced identical products, each would ship these products to the other's customers under an "exchange agreement," accounting for the units shipped during the year, with reconciliation at the end of the year for a settlement in dollars for any balances owing. This system had been used for many years and was quite successful.
Gerald S. Werby
Chief Financial Officer
Straight Talk Clinic
Hiding in the [Sar]box
The process that is laid out in Standard & Poor's draft on assessing companies' enterprise risk management ("No Cakewalk," Topline, March) should accomplish what it is intended to do — provide visibility into a company's ERM efforts.
The fact that executives have trouble defining — much less practicing — ERM will become readily apparent to S&P, and that will end up reflecting negatively on a company's overall rating. Perhaps it will provide incentive for the executive management team, the board, and senior management to spend the time needed to articulate the company's risk appetite and tolerances, create a proper risk-management charter, and understand clearly the processes by which major business risks are identified, as well as what monitoring processes are in place.
For too long, executives have been hiding under the mantle of Sarbanes-Oxley. I would argue that had ERM been mandated by the rating agencies several years earlier in the way it is [now] being envisioned in the S&P draft, much money and effort would have been saved.
Arnold H. Schanfield
Fort Lee, New Jersey
Encouraging Companies to Stay
The U.S. government definitely must take more regulatory action on the outsourcing of American jobs ("Offshoring Spreads Its Wings," March). It's a fine balancing act keeping our global cost competitiveness, but, by the same token, I have seen U.S. companies with no foreign competition still eagerly outsource as many jobs as they can overseas.
There are three areas in which I think the government needs to take more regulatory action:
1.) Fixing the U.S. Tax Code. U.S. corporations are encouraged by the Tax Code to spend their money on overseas jobs rather than bringing the cash back home for jobs in America, where they will incur a corporate tax hit.
2.) Establishing national health care. High health-care costs borne by U.S. corporations are just another incentive for them to ship jobs out of the country.
3.) Increasing "onshoring" in lower-cost U.S. regions. There are many areas in the United States with lower labor costs that could become onshoring job areas. Many typical offshoring countries (such as India) are experiencing extreme wage increases and job turnover. With the right advertising and incentives, many U.S. corporations could be encouraged to establish work functions right here.
As the practice of offshoring grows and the economic impact in the United States spreads, the quality of life will continue to be degraded, and this will add to the drain on the purchasing power of U.S. middle-class and upper-middle-class workers. Companies that escalate this practice should be prepared for a backlash, but it may come in the form of reduced revenues rather than social disorder.