Print this article | Return to Article | Return to CFO.com
A simple collusion between clerks ''can circumvent some of the most sophisticated systems,'' writes a reader. More letters to the editor: further steps on risk management; watch out for stereotyping; in praise of CMAs.
CFO Staff, CFO Magazine
October 1, 2004
CFO welcomes your letters. Send them to: The Editor, CFO, 253 Summer St., Boston, MA 02210.
E-mail us at JuliaHomer@cfo.com. You can also contact a specific author by clicking on his or her byline at the beginning of any article.
Please include your full name, title, company name, address, and telephone number. Letters are subject to editing for clarity and length.
After reading your interview with William J. McDonough, chairman of the Public Company Accounting Oversight Board ("The Enforcer," August), I was skeptical of his insistence that auditors should be able to detect fraud. Based on my 30-plus years in auditing and finance, I know that a simple collusion between an accounts-payable and a purchasing clerk can circumvent some of the most sophisticated systems.
From the article, it appeared that Mr. McDonough based his comments on his experience as president of the Federal Reserve Bank of New York, where he demonstrated his "tough love" philosophy as a supervisor of the "largest financial institutions in the United States." However, after reading your interview, I happened to read an August 24 article in the Wall Street Journal titled "Finance Sector Is Warned of the Threat Within." It stated that the Secret Service completed a study, "Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector," which found that the finance sector, including banking, has failed to take the most basic steps, such as employee background checks, to prevent fraud.
This "substantial" threat of fraud is posed "by virtue of [employees'] knowledge of and access to their employers' systems and/or databases, and their ability to bypass existing physical and electronic security measures through legitimate means." Perhaps after reading this study, Mr. McDonough will be more sympathetic to the auditors in their difficult job of detecting fraud.
From the interview I just read, it appears that Mr. McDonough's title should be changed from chairman of the PCAOB to simply Audit Czar. This man has a clear desire to play God and wield power like no other public official. The question is, who regulates the regulator?
McDonough claims to have the ability to give firms a gentle nudge or put them out of business. This level of arrogance is more befitting a communist dictator than anything in a democratic process. The worst part is his hypocrisy. McDonough claims to be working for the public interest, but as a former Fed president, he played a part in the world's largest organized engine of inflation, creating successive cycles of boom and bust. Was that also for the public good?
We need to get something straight: regulation does not make markets safe; it only increases the cost of doing business and eliminates competition. Of course, we can lay the blame for that at the feet of Mr. Sarbanes and Mr. Oxley.
Jim Johnson & Co.
Walla Walla, Washington
I appreciate your focus on enterprise risk management in "Watch Your Back" (August). It is a topic not nearly important enough in the eyes of executives.
I did want to point out one thing that does not come through clearly in your article: ERM and insurance risk management are not the same thing. The management of insurable risk such as natural disasters and employee safety is a subset of ERM. ERM deals with overall risks to a company, including business environment, governance, compliance, technological, financial, and operational risks.
ERM is focused on bringing the information gathered by the "risk" functions in an organization (including insurance risk management, legal, compliance, environmental, health and safety, and so on) together in an integrated fashion with management's assessment of the other risk areas mentioned above, so their information can benefit management as it develops its strategies and comprehensive risk profile.
Including an insurance risk manager at planning meetings, while a good first step at integration, does not constitute an ERM program.
Ernst & Young Via E-mail
In "Watch Your Back," only a part of the issue of risk avoidance is discussed. The involvement of the risk department in planning will certainly reduce risk if the department is fully knowledgeable about the company's capabilities and processes.
A potential cause of disaster, whether due to finance, production, or marketing, is, in most cases, known. The failure results from poor communication within the organization. If the right information reaches the decision makers in a manner that avoids political fallout, the risk can be assessed. Knowledge of the "unknown" risks related to current and planned projects exists in the collective knowledge of employees, vendors, and consultants.
Methods and tools exist today that can gather, rank, and assess the benefits, risks, and gaps of a given project by involving company employees in the planning process. Use of the tools results in faster planning, greater knowledge, and an organization that is prepared to meet risk and execute effectively. Failure to use what is available to gather the knowledge in your company compounds risk.
Partner and COO
Stop the Stereotyping
While I understand Ms. Wilson's frustration and disappointment at the continued discrimination and belittlement by customer-service individuals from another culture (Letters to the Editor, August), one might think she would extend the same courtesy and respect that she expects to automobile service station operators. Not all operators treat their customers disrespectfully, nor do they plaster pictures of naked women on their shop walls, as it is unlikely that all foreign customer-service representatives enjoy belittling women.
Ms. Wilson also states, "Women have worked too long and too hard to be respected in our professions." So have automobile service station operators, some of whom might find it ironic and offensive that disrespectful, belittling, and stereotypical statements about them are being used to make a point about disrespectful, belittling, and stereotypical statements about women. I am surprised CFO did not find this ironic also.
Let's Hear It for CMAs
Your article "CPA Ascendant" (Your Move, June) discusses the growing number of executive recruiters who insist that CFO candidates have the CPA credential. However, the article failed to consider the CMA (certified management accountant), another certification recognized as a requisite credential among accounting professionals, particularly CFOs.
The CMA is a globally recognized certification for managerial accounting and finance professionals. The CMA program was established by the Institute of Management Accountants (IMA) — an association for financial management and management accounting professionals — in 1972, and is administered by the Institute of Certified Management Accountants. Corporations around the world seek the CMA designation when hiring managerial finance and accounting professionals, and many are integrating the CMA into their management-training programs.
Today, more than 700 CFOs hold the CMA credential, more than 3,000 professionals who have earned their MBA have also earned their CMA, and nearly 6,000 CPAs are also CMAs or certified financial managers (CFMs).
Larry R. White
Institute of Management Accountants
As a result of a calculation error, the 2004 Working Capital Survey (September) incorrectly listed Delta Air Lines as third among the best working capital performers. In fact, Southwest should have been listed third. A corrected airline industry chart that includes working capital figures for Southwest is available with the online version of the article.