Given these pressures—and the related risks—audit committees need to be particularly focused on the adequacy of their organization’s ethics and compliance program. Indeed, two thirds of the senior executives who took part in KPMG’s Fraud Survey 2009 identified inadequate internal controls or compliance programs at their organizations as “most enabling fraud and misconduct to occur.”

As a baseline, every organization should establish an ethics and compliance program that ensures comprehensive reporting, clear accountability, and full and effective oversight by the top decision makers. By focusing on six key elements, audit committees can help ensure that ethics and compliance programs hold up to the pressures of a turbulent business environment.

Establish the right tone at the top…and at the middle. An ethical culture, it is often said, starts with “tone at the top.” But equally important is “tone in the middle,” the influence of mid-level managers and supervisors who serve as the day-to-day role models for a majority of the organization. In addition to monitoring reports and employee survey results to get a sense of the “tone in the middle,” audit committees also should use executive sessions as an opportunity to obtain the views of internal and external auditors about the organization’s culture and tone.

Organize the business to support the program. The right organizational structure and tools must be in place to create an ethical culture that will drive an effective ethics and compliance program. This starts with a governance structure that gives the ethics and compliance program both independence and stature.

Independence is critical to guard against potential conflicts and to ensure that issues are treated objectively. And although a culture of ethics and compliance must be embedded across the organization, ensuring the independence of an ethics and compliance program may require a governance structure that separates ethics and compliance components from the operational components. Finally, a periodic ethics and compliance risk assessment is an essential part of any well-functioning governance structure of an organization.

Make the code of conduct clear and relevant. A key element of any ethics and compliance program is the code of conduct, which sets forth the organization’s core values, ethical standards, and expectations. The document should be practical, clearly demonstrating how the organization’s values apply in the everyday work environment for every person.

Maximize training opportunities. Instilling an ethical culture requires more than periodic training efforts. There are innumerable “touch points” that every organization has where it connects with its employees. Touch points can range from orientation to company-wide meetings, and from technical training to employee letters and publications.

Be prepared to respond effectively. The strength of an ethics and compliance program is measured, in large part, by how an organization responds to the reports of possible misconduct that inevitably arise. There are three fundamental elements for ensuring a successful response to ethics and compliance matters:

• Identification: Provide multiple channels of communication—including “whistle-blower’’ mechanisms that accept anonymous complaints or allegations—that enable individuals to raise ethics, fraud, and misconduct issues without fear of retaliation.

• Investigation: Ensure the consistent, fair, and thorough investigation of complaints. The audit committee should have a clear action plan in place for conducting an independent investigation.

• Remediation: For substantiated reports, ensure that appropriate disciplinary action is taken, and implement both specific and general remedial measures to mitigate the possibility of recurrence.

Re-evaluate and refine. Although it can be challenging to measure the effectiveness of an ethics and compliance program, surveys of personnel can be a good indicator of how well the program is doing. No program can be successful, however, without a process for continual re-evaluation and refinement.

Sven Erik Holmes is executive vice chair of Legal and Compliance at KPMG LLP.

“Despite some very high profile prosecutions and the pledges of rigorous enforcement by various government watchdogs, one of the country’s most troubled economic periods has created a perfect storm of increased pressures, new opportunities and dangerous rationalizations to allow business fraud and misconduct to occur,” said Richard H. Girgenti, national leader of Forensic for KPMG.

Executives’ expectations regarding changes in the incidence by type of fraud:

• Eight percent of respondents said fraudulent financial reporting would increase, while 66 percent said it would stay the same;
• One-quarter of respondents expected asset misappropriation to rise, and 60 percent said it would stay the same;
• 20 percent of those surveyed said they expected other illegal or unethical acts to rise, while 60 percent said they would remain the same.

The “volatile” mix of issues dominates the market as the turbulent economy pushes companies to make due with less resources–cutting payrolls, pushing employees to maintain output, and causing workers to do “whatever it takes” to achieve earnings goals. The government’s intense focus on illegal activity also seems to add to the pressure.

“This survey also uncovered a need for improvements in corporate programs designed to prevent, detect and respond to wrongdoing,” said Girgenti:

• The executives surveyed said improvements were needed around communication and training (67 percent), technology-driven techniques, e.g., auditing and monitoring (65 percent), and fraud risk assessments (60 percent).

• About 27 percent of respondents reported that their organizations did not fully understand how to conduct investigations, and at what point the board of directors should be alerted to potential concerns. In addition, 33 percent said they lacked protocols on how to remedy control breakdowns.

As a result of the economic crisis, it is likely that further regulatory changes will take place. “Companies that strengthen their corporate controls and compliance programs to confront fraud and misconduct risks have a better chance of prospering as the market improves,” added Girgenti.

One of them was Dov Seidman, the ‘guru of good’ and author of How: Why How We Do Anything Means Everything in Business (and in Life) and the founder of LRN, a consulting firm that helps companies “outbehave the competition.” The other was Michael Beer, Harvard Business School professor and author of just published High Commitment, High Performance.

Both agree that the new organizational model is one where a transparent management inspires principled performance and creates a high-integrity work environment. These organizations, they argue, will be more efficient, more productive, and are more sustainable.

These ideas may sound Pollyannish, but both are convinced that organizations should be based on values rather than just value. High ethical standards and principles will outperform organizations who lack these fundamentals. What is new about their message is that it is not about doing the right thing because you should; or doing the right thing to avoid the penalties that come with doing wrong,; or even doing the right thing because there are profits to be made in areas that are considered social goods, such as alternative energy or green products; but simply this: ethical organizations perform better.

At the core of their argument is that a values driven organization motivates people. Employees and management are more committed and interact better. There is complete transparency and communications are streamlined. Compliance becomes integrated and requires less policing. The parts of the organization cooperate because they are committed to the whole.

At the board level, Beer says that directors need to re-frame their purpose from maximizing shareholder value to multi-stakeholders. This entails promoting a corporate culture that provides meaning to what people do and a brand that customers will be proud of. He says the companies he has studied that have outlasted their competitors tend to have a culture that is focused on a common mission.

They both see this as a logical evolution in management style from the old school command and control to an organization built on regulations and compliance (which is where most organizations are today), to one built on mutual trust and values.  In these companies, the spirit of the rules are instilled in people and there is an element of self-governance.

Seidman compares what he expects to be a boom in managing for responsibility, integrity, and social good, to the drive for quality in the 1980s. He says at the time, quality was considered a “soft” pursuit, until companies were able to build the mechanisms to measure it and manage for it. He says companies will start to internalize metrics and processes around integrity. They will hire, compensate, and measure for culture. Both cited Southwest Airlines as a company that is moving in this direction, but they say no one is truly there yet.

I can’t say that I’m convinced that companies that turn themselves into goody goodies will outperform those who are known to bend the rules a little now and then. But there are plenty of good lessons in their work, and in these times it does seem like we could all use a little more transparency and integrity in what we do. Nor do I believe that nice guys finish last. I’m just not so sure they finish first either.

As OCIE head, Richards managed the SEC’s examination and oversight programs for many market participants, including investment advisors, hedge fund managers, mutual funds, and credit ratings agencies.

Richards’ resume prior to her service at the OCIE includes a ten year stint with the SEC’s Los Angeles Enforcement Program, as well as a year spent as senior advisor to former SEC Chairman Arthur Levitt.

“Lori is known widely for her passionate and tireless service to the agency,” SEC Chairman Mary Schapiro said. “I’ve had the honor and privilege of knowing and working with Lori for many years, and have always appreciated her dedication, leadership and integrity. I respect her decision to leave the SEC and am grateful for her many years of public service.”

Richards will be replaced in the interim by OCIE Associate Director-Chief Counsel John Walsh.

Nine in 10 companies are performing formal ethics and compliance risk assessment, with more than half integrating it into other business risk assessments. Despite this growth, only half the companies surveyed indicated that their executive team or board become involved in the assessments.

The top two ethics and compliance risks for companies are compliance risks and electronic data privacy. Electronic data protection led the list and concerns for risk and data privacy was a close second. These concerns out ranked other risk factors such as sexual harassment, environmental safety and heath issues, anti-corruption, and bribery.

Companies remain challenged in engaging international locations and supply chains. Less than one-third of multinational companies are extending ethics and compliance efforts to parties that work closely with them, even though their violations could directly affect their company.

In terms of prevention, companies are making education a higher priority and are increasingly offering employees relevant education. Six in 10 companies admit to lack of resources as their biggest challenge in providing relevant education. More than four in 10 companies indicate making education relevant as their next most significant challenge, with engaging employees being a major concern.

Multinational companies are having trouble communicating with their regional management. Multinational firms gave themselves lower ratings for both accuracy and timeliness of their risk management efforts at their regional offices than at their headquarters. The further away from headquarters that a manager is located, the more difficult the company finds to to communicate risk management concerns.

CLICK HERE TO READ THE FULL REPORT

The survey, conducted by Grant Thornton, also found that 34 percent of public company respondents admitted their company is not fully compliant with Section 404(b) of Sarbanes-Oxley.

Grant Thornton,  a global accounting, tax, and business advisory practice, conducted the national survey from March 10 through March 28, 2008 with 222 chief financial officers and senior comptrollers.

]]> http://www.directorship.com/cfos-want-split-in-chairman-ceo/feed/ 0 http://www.directorship.com/non-public-firms-also-face-exposure/ http://www.directorship.com/non-public-firms-also-face-exposure/#comments Thu, 01 Jan 1970 00:00:00 +0000 Judy Warner http://www.directorship.com/?p=4160 Public company board directors dream of takingtheir company private to escape onerous regulation,the high cost of compliance, and the sometimesconflicting demands of different shareholdergroups.

Our recent Directorship Boardroom Roundtable,“Private Companies: Compliance and Liabilities,”convened a group of leading directors andexecutives to look into this issue and answer suchquestions as whether private companies would bewell served to remain private, especially in the currentenvironment. In the absence of shareholderlawsuits, what are the real liabilities for privatecompanies? What are the best practices public andprivate companies can learn from each other, andwhat types of issues should directors and advisersbe attuned to?

Leading the discussion was Brian Inselberg, whoserves as president of AIG Executive Liability’s CorporateAccounts and Private & Non-Profit divisions.He quickly listed the primary reasons forbecoming a publicly traded company: access tocapital, new forms of compensation for employees,a potentially higher profile and wider following, thediversification of personal holdings, among others.Inselberg noted that liability exposure remains afunction of size and structure and that being privatedoesn’t translate to reduced compliance risk.

While the risks are typically smaller for privatecompanies, he noted there are potential areas ofcompliance risk that private-company managementand board directors would be well advised to payparticular attention: data breach and data privacy;transparency and independence of board; regulatoryissues; and the Foreign Corrupt Practices Act(FCPA), which makes it unlawful for a U.S. personand certain foreign issuers of securities to bribe aforeign official for the purpose of attracting orretaining business. (For more information on theFCPA, go to www.usdoj.gov/criminal/fraud/fcpa.)

The Public/Private Debate

The decision to go public or stay private (or go privatevia a private-equity firm) comes with a set ofpros and cons. Robert La Blanc, a former partnerat Salomon Brothers, and now an active directoron multiple boards of public and private companies,was asked how going public changed theonce venerable Wall Street investment bank. “Themanagement committee at the time only had partnershipmoney and they were looking at the modelof a Citigroup which had a larger base ofclients…The desire to go public was access to capitalso that we could play among these big players.”Indeed, access to capital is usually first on the listof benefits to going public.

Georges Ugeux, chairman and CEO of GalileoGlobal Advisors and former head of the internationaldivision of the New York Stock Exchange,countered that going public doesn’t always have apositive effect. He said going public “completelychanged” the culture of Salomon, which was laterbought by Smith Barney, and eventually becamepart of the corporate structure its former managementhad aspired to emulate: Citigroup. “It changedfrom a culture where people worked for the good ofthe company to one where people worked for whatwas good for the individual. Within six months, itwas a totally different firm,” Ugeux asserted.

And companies that go private or stay private toavoid compliance and regulation headaches mightbe engaging in a bit of wishful thinking. “You arestill going to have regulatory exposure and you stillhave the need for a compliance program,” notedDirectorship Publisher Christopher Clark. Forexample, he said that any company that has $5million or more in government contracts needs tohave a compliance program. And in certain industries,he said, class actions and antitrust issues canbe as significant for private companies as they arefor public companies.

“What you’re saying then,” said Jeffrey M. Cunningham,chairman and CEO of NewsMarkets, theparent company of Directorship magazine andGlobal Proxy Watch, “is that there isn’t a huge differencein liability, but as a private-equity investor whatI need to carefully assess is the risk-control environmentfor private companies.”

Some Roundtable participants pointed out thatprivate companies and especially non-profits andfamily-owned businesses are often guilty of lessvigorousor even sloppy financial controls and bookkeeping,raising the specter of liability and risk.Joseph Fichera, the founder and CEO of Saber Partners,offered the contrasting view that from a riskstandpoint, private companies backed by venturecapital might actually be in a better position thanpublic companies.

“When they [the venture capitalists] interact withthe CEO and management, they’re armed withbetter information than the board…whereas publicboard members may lack the resources as well as theindependent judgment to view company data,”Fichera said. “We should ask, ‘Are you doing yourown analysis and, if not, are you getting all of yourinformation from management?’”

Murphy’s Law

“That’s a valid point,” Inselberg said. “You want tohave a process in place, as all risk-managementoriented companies should have, that assumes thatanything that could go wrong, will go wrong. Whenthe inevitable happens, your organization needs tobe able to limit its exposure.”

Some directors said they would not serve on a privateboard that did not offer directors’ and officers’(D&O) insurance. Even serving on the board of alocal nonprofit, whether a small charity or a largehospital, has risks that should not be underestimated.Case in point: A lawsuit brought against alocal hospital and its board raised questions abouthow profitable the nonprofit was, according to oneRoundtable participant, and left him feeling vulnerable,even though serving on the board seemed likean act of social mindedness.

One important instructional note: All companies,whether public, private, or nonprofit, should agreeto indemnify their executives and officers under apolicy of “mandatory advancement” (of legal fees)prior to the benefit of knowledge of guilt or innocence.The rationale for this is that the board willnot likely be able to assess guilt or innocence in anycase, but particularly not at the time the decision onwhether to cover legal costs needs to be made.

The further implication is that assuring adequatecoverage for directors and officers is of paramountimportance, as it is possible for one so-called “badactor” receiving legal fees to use up all the coverage.The bottom line: board directorships carryrisks, to be sure, but if properly understood and adequatelycovered, they should not stand in the wayof directors doing their job both independently andappropriately.

The Book, anannual benchmarking study that analyzes the efficiency and effectiveness of corporatefinance departments, found that after nearly a decade of cost reductions infinance, the average “global 1000” company spent 12 percent more last year onits finance function than three years ago, according to Financial Week. Compliance-relatedactivities were seen as the biggest driver of the increased cost.

“We expected costs to back off from where they were, butthey’re not coming down,” Bryan Hall, a managing director and practice leaderof the finance executive advisory program at Hackett, told Financial Week.

Additionally, the compliance cost-efficiency gap between “world-class”organizations – including the top 22 performers of the 220 companies studied –and the rest of the group is widening, according to Financial Week. Companieslike Alcoa Dow and General Electric on average spent 47 percent less onexternal audit fees than their peers, and operated with 44 percent fewercompliance staff.

Meanwhile, law firm Foley & Lardner’s fifth annualsurvey of the costs of being a public company found that fees paid to externalauditors for all sizes of companies in 2006 were four percent higher than in2005, and were an astonishing 271 percent higher than in 2001, the year before SOXwas passed, according to Financial Week.