When the exams were handed back, the student was surprised at the professor’s comment.  “This was a test of short answers–not essays.  You wrote too much and I found it very difficult to read your multi-page answers to determine if you understood and were able to provide the key points from class.”

Likewise, board members may be tempted to scribble such a missive on an internal audit report: “Rather than giving us pages of details you learned during the dozens of audits performed, can you audit the key areas (i.e., risks) and give us the ‘short-answer format’ of what we, as board members, need to be concerned about?”

Indeed, it’s now nearly commonplace for “audit-overkill,” which dilutes the effectiveness of what is perhaps the one of the most important roles a board member can play.

There are a number of typical issues a board member must confront such as risk, governance, and controls. But while some sort of apparatus may be in place, there is no operating manual to which the board member can turn to that clearly identifies the potential risks and presents a set of solutions.

Rather than the conventional protocol of presenting a stack of excel spreadsheets informing the audit committee of the annual internal audit schedule and expecting nothing more than a perfunctory review and approval, (pardon me while I do an infomercial impersonation), what if I told you that your auditing schedule could be replaced with just 17 audits, that if executed properly, could provide even better oversight than the 100 or so you’ve been using?

Below I’ve outlined such a condensed schedule. Upon reviewing this list many GAs may seek to build out a host of additional audits to satisfy the “sufficient coverage” appetite simply through force of habit. However, they must resist this temptation.

To make the decisions that matter, boards must have information that cuts through to the core of the risk issue and provides a clear course of action for review.

In each of the following, the GA should determine the key risks (i.e., the top two to three risks per audit), the strength of governance designed to mitigate those risks, and if concomitant controls are operating as designed.

Here we go…

With so many recent corporate crises, it is clear that a great many corporate board members and executives are experiencing similar regret right now. Perhaps this could have been avoided if they, too, had practiced routine diagnostic check-ups. Like routinely submitting to a blood test in order to discover any problem areas and change behavior or routines if necessary, board members need to know the risks their company is facing, and as with any health risk, they also need to be able to mitigate those exposures.

Sounds great, but the devil’s in the details, right? Perhaps not.

As chief consultant for governance and risk at Audit Integrity, I’ve examined the worst U.S. companies from an “integrity” standpoint in order to help board members and general auditors see how their company’s health stacks up. Audit Integrity’s metrics have shown which companies are ten times more likely to face SEC actions; five times more likely to face class action litigation; and four times more likely to face bankruptcy.

Using Audit Integrity’s proprietary AGR (Accounting, Governance, and Risk) score, 196 companies were identified as laggards or high-risk companies. These companies have been proven to have higher odds of SEC actions and class action litigation, loss of shareholder value, and increased odds of material financial restatement and bankruptcy. All are North American, non-financial, publicly traded companies with more than $2 billion in market capitalization and an average-to-weak financial condition.

Next, I tested the 119 metrics that Audit Integrity flags and discovered that 15 of those metrics appeared consistently as identifiers of problematic companies; the first metric was prevalent in 65 percent of the 196 high-risk companies and the 11th evident in 40 percent of the companies. The other 8,000 companies thst were tested had low incidences of these same metrics.

A list–dubbed the “Risky Business Catalogue”–details the common metrics within high-risk companies. Board members, the C-suite, and general auditors should note if their company is a candidate for the RBC. The evidence is not saying that significant issues are imminent if a company has one of the RBCs, but a combination of RBC metrics indicates risk factors to the entity’s business model and strategy.

With so many recent corporate crises, it is plain it’s suffice to say that a great many corporate board members and executives are experiencing similar regret right now. Perhaps this could have been avoided if they too had practiced routine diagnostic check ups. Like an individual blood test, board members need to know the risks their company is facing, and as with any health risk, they also need to be able to mitigate those exposures.

Sounds great, but the devils in the details, right? Perhaps not.

As chief consultant for governance and risk at Audit Integrity, I’ve examined the worst U.S. companies from an “integrity” standpoint in order to help board members and general auditors see how their company’s health stacks up. Audit Integrity’s metrics have shown which companies are 10 times more likely to face SEC Actions; five times more likely to face class action litigation; and four times more likely to face bankruptcy.

Using Audit Integrity’s proprietary AGR (Accounting, Governance, and Risk) score, 196 companies were identified as laggards or high-risk companies. These companies have been proven to have higher odds of SEC actions and class action litigation, loss of shareholder value, and increased odds of material financial restatement and bankruptcy. All are North American, non-financial, publicly traded companies with over $2 billion in market capitalization with an average-to-weak financial condition.

Directors should no longer accept “no worries” explanations on regulatory matters. Compliance tests should be employed routinely and if regulatory action does occur, management needs to take action.

Next, I tested the 119 metrics that Audit Integrity flags and discovered that 15 of those metrics appeared consistently as identifiers of problematic companies; the first metric was prevalent in 65 percent of the 196 high-risk companies and the 11th evident in 40 percent. The other 8,000 companies tested had low incidences of these same metrics. A list – dubbed the Risky Business Catalogue – details the common metrics within high-risk companies. Board members, the C-suite, and general auditors should note if their company is a candidate for the RBC. The evidence is not saying that significant issues are imminent if a company has one of the RBCs, but a combination of RBC metrics indicate risk factors to the entity’s business model and strategy.

RBC’s metrics include:

1. The company has entered into a merger within the last 12 months.
While there is certainly nothing wrong with corporate M&A activity, it’s common for policies to be revised and system integrations to be rushed. Company directors need to caution general auditors to be extra vigilant post merger and increase testing of balance sheet accounts.

2. The CEO and CFO’s compensation is more highly weighted toward incentive compensation than base compensation.
This situation can cause negative motivations and earnings to be increased more creatively to ensure a larger portion of executive pay packages. Close attention should be paid to revenue recognition.

3. The Board Chairman is also the CEO.
An age-old debate, but indispuditedly conflicts of interest invariably result when a company CEO is also its Chairman. Separate the roles to improve governance and reduce compromised oversight.Compromised reliability exists because the very architecture of governance has a built in conflict when the Chairman is also CEO.

4. The company has undergone a restructuring in the last 12 months.
Restructuring may be completely valid, but also can be employed to conceal the lack of sustainable earnings growth. Directors, by role definition, should be intimately involved in restructuring procedures decisions and promised outcomes.

5. The company has encountered a public regulatory action in the last 12 months.
Many corporate stakeholders hold true to the statement that where there’s smoke, there’s fire. Directors should no longer accept “no worries” explanations on regulatory matters. Compliance tests should be employed routinely and if regulatory action does occur, management needs to take action.

6. The amount of goodwill carried on the balance sheet, when compared to total assets, is high.
When intangible assets such as goodwill grow, boards should ask more probing questions about how the business model generated these assets and about concomitant valuation protocols. General Auditors should confirm that models are comprehensively back tested and impairment procedures are adhered to assiduously.

7. The ratio of the CEO’s total compensation to that of the CFO is high.
If a CEO is awarded a much larger paycheck than anyone else (particularly particularally the CFO), it increases governance risk and leads to a top-directed culture, thus limiting collaboration. Boards need to be involved in all executive compensation issues including that which drives pay packages for the CFO, Chief Risk Officer, as well as internal auditors,. etc.

8. Operating revenue is high when compared to operating expenses.
Riskier companies have revenue recognition in excess of what is expected based on operating revenues. Directors should fully understand revenue recognition policies and instruct management to test them to be sure they are not aggressive.

9. A Divestiture(s) has occurred in the last 12 months.
Data shows that riskier companies have more divestures, usually because it is an opportunity for more aggressive accounting activity. Board members should inquire as to how this action fits the strategy.

10. Debt to equity ratio is high.
When a business relies too heavily on debt it reveals that markets are not independently funding the business model or strategy. Boards should know why the markets are not investing in their entity and therefore why debt is so heavily relied upon. Board members should also be knowledgeable on the quality of their equity and not just the amount. Lastly, they should understand management’s funding overall funding strategy and the strength of contingent funding plans.

11. A repurchase of company stock has taken place in the last 12 months.
A repurchase of stock is usually presented to investors as an avenue to increase market demand for the stock, thereby elevating overall shareholder value. Management must provide reasoning for why there are no other ways to invest excess funds. Boards should also request the general auditor to review insider sales during the period of share repurchase programs.

12. Inventory valuations to total revenue is increasing.
When inventory increases in relation to revenue it should raise control questions about inventory valuation. It could indicate changing consumer preferences, which should spur an analysis of a corporation’s business model.

13. Accounts receivables to sales is increasing.
This situation can typically be indicative of relaxed credit standards. Directors should ask whether sales are decreasing due to market conditions and instruct the general auditor to probe receivables to determine their viability.

14. Asset turnover has slowed when compared to industry peers.
If assets are increasing and sales are not flowing it could indicate less productive assets are being brought, or retained, on the balance sheet. Conversely, if sales are decreasing, executives and auditors will again want to analyze changing customer preferences.

15. Assets driven by financial models make up a larger portion of balance sheet.
A collection of other accounting metrics indicates that boards, the C-suite, and general auditors should pay special attention to the controls, assumptions, and governance surrounding assets whose valuations are model driven. This is particularly true if assets that are valued by financial models make up a larger portion of the entities balance sheet.

To be sure, any one of these in isolation as an indicator of accounting and governance risk can be debated. Company divestitures and M&A can be a healthy indicator. But if a corporation fails more than a few of these metrics, board members need to take action.

It is easy to dismiss any one of these metrics when you find it is an issue in your company. Human nature is quick to retort – maybe for others but not for us. However, like time and tide, the numbers too, wait for no one. So, if you have any of these AGR metrics, you need to begin confronting these risk characteristics today to improve your corporate health and avoid the much more drastic financial equivalent of cardiovascular surgery tomorrow.

Walter Smiechewicz is chief consultant for governance and risk at Audit Integrity, a research firm that provides accounting and governance risk analysis