New SEC Rules Require Enhanced Risk Management Disclosure

This week, the U.S. Securities and Exchange Commission ("SEC") issued new disclosure rules that will have a significant impact on corporate governance and risk management practices at all U.S. public companies.  The rules become effective February 28, 2010 and require enhanced public disclosure of the following:

• The relationship of a company's compensation policies and practices to risk management.


• The background and qualifications of directors and nominees.


• Legal actions involving a company's executive officers, directors and nominees.


• The consideration of diversity in the process by which candidates for director are considered for nomination.


• Board leadership structure and the board's role in risk oversight.


• Stock and option awards to company executives and directors.


• Potential conflicts of interests of compensation consultants.

For some companies, these new rules will have minimal impact based on their enhanced risk management practices.  However, for others, it may mean a great deal of work must be completed in the next several months.  If your company needs assistance implementing cost-effective, practical risk management solutions, email us at NavigateSuccessfully@WheelhouseAdvisors.com or visit www.WheelhouseAdvisors.com to learn more.

Maximize Your GRC Technology Investment

As we move into a new year, more companies are looking to integrate their risk management initiatives to simplify and streamline how they address risk and compliance activities.  In a recent article by Forrester Research, analyst Chris McClean discusses how Governance, Risk and Compliance ("GRC") software solutions can help companies in their pursuit of integration.  Here are the three primary benefits that companies have realized from their investment in technology.

1. Greater process efficiency -- Compliance requirements continue to swell, and the risk landscape is getting more complex. Above all else, customers cited process automation as the core value of their GRC platform implementations. Workflow management capabilities help keep everyone on task, and centralized content management and reporting reduce the need to jump back and forth between different systems. In addition, ongoing improvements in automated controls and control-testing functionality generate even greater efficiency gains. The manager of corporate compliance for a large pharmaceutical company told Forrester: "Managing all GRC initiatives in one platform saves time, resources and money. The ability to build a solid foundation for our compliance program in a relatively short time frame allows us to focus on the acute compliance issues facing our industry."

2. Convergence of GRC efforts -- As well as increasing efficiency, converging the various efforts relevant to governance, risk and compliance fosters cooperation between business functions and improves overall GRC insight. Comparing exposure across different categories of risk or using risk assessments to generate audit scopes are just two examples of GRC convergence benefits. An operational risk management director for a large financial services company said that one of the biggest benefits of implementing a GRC platform was the ability to "integrate the risk disciplines, including internal audit, ORM [operational risk management], SOX and compliance."

3. Consistency of processes and methodologies -- Getting different functions to work with each other is one thing, but getting them to use the same processes and methodologies is much harder. GRC platforms allow organizations to create standard templates for documenting and assessing risks, controls, incidents and other elements of GRC. Consistency also leads to convergence and efficiency and is often an initial driver for the development of a GRC program. The director of risk and compliance for a top high-tech company succinctly explained to Forrester that one of the most important values of GRC technology was the creation of a "consistent way to manage compliance, operational and ERM [enterprise risk management] projects." Pay close attention to this aspect of GRC value. As risk and compliance become more complex, consistency will quickly become a necessity.

Wheelhouse Advisors can help your company identify the right technology solution and implement a program that will maximize the benefit of your technology investment.  Visit www.WheelhouseAdvisors.com to learn more.

The Role of IT and Risk Management in the Financial Crisis

Information Technology (IT) continues to play an ever larger role in the overall risk profile for major corporations across the globe.  A recent article in The Economist discusses the role IT played in the recent financial crisis.  While the financial services industry invests massive amounts in IT, the industry still does not invest enough in risk management tools that will help avert future crises.  Here is what the article noted.

No industry spends more on information technology than financial services: about $500 billion globally, more than a fifth of the total (see chart below). Many of the world’s computers, networking and storage systems live in the huge data centres run by banks. “Banks are essentially technology firms,” says Hugo Banziger, chief risk officer at Deutsche Bank. Yet most in the industry agree that its woeful IT systems have, in Mr Banziger’s words, “exacerbated the crisis”. The industry spent billions on being able to trade faster and make more money, but not nearly enough on creating the necessary transparency. “Banks had lots of tools to create leverage, but not many to manage risk,” says Roger Portnoy of Daylight Venture Partners, a venture-capital firm that invests in risk-management start-ups.

Wheelhouse Advisors provides solutions to financial services companies looking to strengthen their risk management practices with better information technology tools.  Together with our strategic partners, Wheelhouse Advisors can deliver cost-effective solutions that can be easily implemented within a complex environment.  Visit www.WheelhouseAdvisors.com, to learn more about our services and our strategic partners.

Just Keep Swimming

Children and parents familiar with the movie "Finding Nemo" may remember the lovable character Dory who possessed an enduring level of optimism, but a bad case of short-term memory loss.  As we continue to emerge from the financial crisis, many people are developing this "Dory Syndrome" in anticipation of good economic times ahead. However, the risks that we faced last year have not yet been fully resolved.  Here is what was reported in today's Wall Street Journal.

While policy makers breathe a collective sigh of relief, they're making little progress in addressing deeper flaws that the crisis laid bare: an unwieldy banking system, unreliable financial plumbing and a global economy that encourages and depends on heavy borrowing by the U.S.

Bankers and regulators say that fixes require careful consideration. But as the darkest days of the crisis fade from memory and the world's biggest banks get back on their feet, political impetus for reform may be waning. "We're wasting the crisis," said economist Richard Portes of the London Business School.

Our collective short-term memory seems to be failing us as we heed Dory's advice from the movie - "Just keep swimming!"  While certainly good advice to those looking to simply survive a crisis, we cannot deny the looming risks that remain ever-present.

Do As I Say, Not As I Do

Last week, the Government Accountability Office ("GAO") released the results of its annual audit of the Securities and Exchange Commission ("SEC").  In the audit report, the GAO identified six significant deficiencies in the SEC's internal control over financial reporting.  The collection of these deficiencies amounted to a material weakness in the SEC's internal control over financial reporting.  For those who are not familiar with the term "material weakness", it represents a reportable event that must be disclosed by U.S. public companies as a result of the Sarbanes-Oxley Act of 2002.  Here is what the GAO detailed in their report.

During this year’s audit, we identified six significant deficiencies that collectively represent a material weakness in SEC’s internal control over financial reporting. The significant deficiencies involve SEC’s internal control over (1) information security, (2) financial reporting process, (3) fund balance with Treasury, (4) registrant deposits, (5) budgetary resources, and (6) risk assessment and monitoring processes. These internal control weaknesses give rise to significant management challenges that have reduced assurance that data processed by SEC’s information systems are reliable and appropriately protected; impaired management’s ability to prepare its financial statements without extensive compensating manual procedures; and resulted in unsupported entries and errors in the general ledger.

As the primary enforcement agency for accurate financial reporting by U.S. public companies, the SEC should be leading by example in creating processes that provide reliable financial information.  Sadly, this is not the case and has not been for the past several years.  Let's hope SEC Chairwoman Mary Shapiro does a better job than former SEC Chairman Christopher Cox and can effect the necessary change within the agency.

New Task Force Established to Combat Financial Fraud

Yesterday, the Obama Administration announced the creation of a new task force dedicated to rooting out individuals who participated in fraudulent activities that led to the great financial meltdown of 2008.  The new organization is aptly named the Financial Fraud Enforcement Task Force and is composed of members from over 24 federal agencies.  It will be chaired by Attorney General Eric Holder.  Here is more on the task force from a Securities & Exchange Commission press release.

The task force, which replaces the Corporate Fraud Task Force established in 2002, will build upon efforts already underway to combat mortgage, securities and corporate fraud by increasing coordination and fully utilizing the resources and expertise of the government's law enforcement and regulatory apparatus. The attorney general will convene the first meeting of the Task Force in the next 30 days.

"This task force's mission is not just to hold accountable those who helped bring about the last financial meltdown, but to prevent another meltdown from happening," Attorney General Eric Holder said. "We will be relentless in our investigation of corporate and financial wrongdoing, and will not hesitate to bring charges, where appropriate, for criminal misconduct on the part of businesses and business executives."

While noble in its intent, this new task force faces several challenges.  First, its membership is quite large and politically unwieldy.  Second, it is made up of agencies that were charged with enforcing laws and regulations that were intended to prevent fraudulent activity from occurring in the first place.  Third, its creation falls on the heels of an unsuccessful prosecution of hedge fund managers that brought Bear Stearns to its knees.  Only time will tell if the task force can successfully achieve its mission.

Financial Risk Management in the 21st Century

Last week, an article in InformationWeek magazine profiled the current issues with the financial industry's risk management practices and offered some solutions.  The article compared the approaches to risk management in the financial industry to the design and production of computer chips.  Both are highly complex exercises.  However, risk management to date lacks the standardization and control found in chip manufacturing.  Here is what the article suggests as a solution.

The industry's kludge-filled, error-prone, and unsafe financial engineering needs to be replaced with a more secure financial infrastructure that's been tested and debugged to the level of a major chip release. Regulatory oversight won't be simple, but it doesn't have to be. It just has to work, every single day and for every single transaction. That's the type of change with the potential to jump-start a global economy.

Through stronger controls over data collection, improved networking among industry participants, and greater use of standards across a wider range of financial instruments, the future of the financial services industry can be assured in a way that enables a bright future for the rest of the economy. It's high time for the industry's circuits to get an upgrade.

The article provides a unique perspective on a major problem.  The solution is fairly obvious, but the task is massive and will require a significant investment to successfully implement.  However, our global economy and the financial services industry as a whole will suffer additional crisis situations in the 21st century without this sort of change.

Global Solutions for a Global Problem

Last week, the Wall Street Journal in the United Kingdom published an article featuring the views of Britain's Financial Services Authority Chairman Adair Turner.  Given the continued debate and relative inaction from the U.S. Congress, the thoughts from Lord Turner are particularly refreshing.  Here's what he had to say:

One, finance got too big. "We must be more willing to ask...whether the financial system is delivering its vital economic functions as efficiently as possible, or whether parts of it can, and before the crisis did, swell beyond their economically efficient size," he said in a recent speech.

Two, there was too much debt in the system. "There is a huge bias in the tax system towards debt," he said, largely because companies can deduct interest payments before computing taxable profits. "If we can't change that, then the regulatory approach needs to lean against that."

Three, regulators failed to curb excesses, but politicians hardly encouraged aggressive regulation. The cry for "better regulation" meant less regulation, both in the U.K. and U.S. The diagnosis of Britain's economic woes was that regulation was stifling entrepreneurship, he said.

Four, erecting a wall between ordinary deposit-taking and lending, on one hand, and trading on the other is impractical and unwise. Economies benefit when banks turn loans into securities or hedge their positions -- to a point. But by forcing banks to hold capital in the trading operations to provide thicker cushions to absorb losses -- he calls it "a bias towards conservatism" in trading beyond what is necessary for ordinary banking -- speculative trading will migrate away from banks toward hedge funds and the like, a change Lord Turner welcomes.

Five, for all the angst about the slow pace of post-crisis repair of the financial system, global regulators are making surprising progress toward consensus on a new regulatory regime. "We are attempting in 18 months to do changes far more radical than we did in Basel II that took between 12 and 15 years and dealt with some of the areas which proved to be less important," Lord Turner said, referring to the pact regulators reached in the Basel Committee on Banking Supervision that didn't avoid the crisis. Pushed by the newly empowered Financial Stability Board, the process, he said, "has worked better than I would have expected," he said.

Since the crisis was global in both cause and impact, it is encouraging that some are working towards global solutions to the problem.  As the regulatory reform effort unfolds, the U.S. must ensure that our reforms are aligned with our global partners.

Regulatory Reform "Doublethink"

What has happened to the promise of transparency and accountability?  According to a recent article in the New York Times, it has become a real-world example of "doublethink" - a term coined by George Orwell, the author of the famous novel 1984.  On the heels of one of the most serious financial crises of the past 100 years, the U.S. Congress is working against providing greater transparency and accountability.  Here is what the Times reported.

It took just five weeks after the WorldCom accounting scandal erupted in 2002 for Congress to pass, and President George W. Bush to sign, the Sarbanes-Oxley Act. That law required public companies to make sure their internal controls against fraud were not full of holes. It took three more years for Bernard Ebbers, the man who built WorldCom into a giant, to be sentenced to 25 years in prison for his role in the fraud.

Mr. Ebbers will be 85 years old before he is eligible for release from prison. He may be freed, however, before the law is ever enforced on the vast majority of American companies. A Congressional committee voted this week to repeal a crucial part of the law. Other parts are also under attack. Sarbanes-Oxley was passed, almost unanimously, by a Republican-controlled House and a Democratic-controlled Senate. Now a Democratic Congress is gutting it with the apparent approval of the Obama administration.

The House Financial Services Committee this week approved an amendment to the Investor Protection Act of 2009 — a name George Orwell would appreciate — to allow most companies to never comply with the law, and mandating a study to see whether it would be a good idea to exempt additional ones as well. Some veterans of past reform efforts were left sputtering with rage. “That the Democratic Party is the vehicle for overturning the most pro-investor legislation in the past 25 years is deeply disturbing,” said Arthur Levitt, a Democrat who was chairman of the Securities and Exchange Commission under President Bill Clinton. “Anyone who votes for this will bear the investors’ mark of Cain.”

Restoring investor confidence in the financial system is the most effective path towards long-term economic recovery. These actions may remove a short-term burden from some companies, but the long-term impact to investor confidence will be severe - just ask the former stockholders of WorldCom.

Leaders Fail to Recognize Risks

A new book detailing the events leading up to the recent global financial crisis hit the shelves this week and it is a compelling read.  Entitled "The Sellout", the book provides an inside look within the largest financial institutions that contributed to the massive meltdown.  Author Charlie Gasparino provides a candid view of the leaders at these organizations as the Wall Street Journal reports below.

Mr. Gasparino chronicles how, across Wall Street in the years before the 2008 crisis, managers with a healthy fear of risk lost corporate power struggles to men more likely to ignore it. Stanley O'Neal, who climbed to the top at Merrill Lynch, would use the company helicopter to visit his favorite golf courses but never found time to learn about his firm's multi-billion-dollar "warehouse" of collateralized debt obligations. Even after Mr. O'Neal was fired in late 2007, Merrill's board somehow decided against hiring Lawrence Fink, a mortgage-market expert, and instead hired John Thain as CEO. During the interview process, Mr. Gasparino reports, Mr. Thain never even asked to see details on the assets that were generating billions of dollars in losses. A spokesman for Mr. Thain denies this account.

While many factors played a role in the crisis, it is apparent through Mr. Gasparino's book that a large portion of the blame rests on the failure of  leadership to understand and appreciate the risks they were taking.  This is a primary reason that leaders must demand strong enterprise risk management practices at their companies.

Sarbanes-Oxley Deja Vu

Last week, the U.S. House of Representatives proposed amendments to the Investor Protection Act of 2009 that will in essence seek to roll back some of the reforms implemented as a result of the Sarbanes-Oxley Act of 2002.  Specifically, Representatives Carolyn Maloney and Scott Garrett are seeking to exempt public companies with a market capitalization of less than $75 million from the requirement to have their internal controls audited by an external firm.

Their approach is to request the SEC to perform a study on the costs of compliance for these firms and then, determine the need for the requirement. While this may be a reasonable request, it has already been made and the SEC completed a similar study this year.  As a result, the SEC confirmed the need for the external audit and announced it will be required of all companies next year.  The Huffington Post reported that several investor advocate groups as well as a former SEC chairman were outraged by the proposed amendment.  Read more at: http://www.huffingtonpost.com/2009/10/27/house-democrats-john-adle_n_334876.html

Rude Lesson in Risk Management

A leading risk management expert and chief risk officer at a major U.S. financial institution offered his insight on risk management practices last week in the Columbus Business First Journal.  His views are candid and becoming more common as the dust begins to settle from the recent financial crisis.  Here is what he had to say.

Kevin Blakely, senior executive vice president of Huntington Bancshares Inc. in Columbus and its chief risk officer said years ago, things were relatively simple. “Most of our risk was centered in credit risk – lending to individuals and companies, and gauging our ability to get that money back,” he said. Until this past summer, Blakely had been president of the Philadelphia-based Risk Management Association. But as companies got bigger and financial products got more complex, financial institutions developed mathematical models to measure risk. They worked well, he said, but by the mid-1990s banks were depending on them too much. “We began to view them as the answer, rather than as one more input before you get to the answer,” Blakely said. “That was one of the rude lessons we learned over the last couple of years. As an industry, we weren’t as smart in the business of risk management as we thought we were.”

The false sense of security placed in risk management was certainly a rude lesson for many companies as they focused on quantitative models that told them what they wanted to believe.  A balanced view of both quantitative and qualitative factors is critical to an effective enterprise risk management program.

JP Morgan Chase CEO Discusses Risk Management

Yesterday, JP Morgan Chase CEO Jamie Dimon shared his views on the financial crisis with Charlie Rose at the Securities Industry and Financial Markets Association annual meeting in New York.  In the interview, Mr. Dimon reflected on risk management approaches taken by many financial institutions leading up to the crisis.  He stated, "You should never rely solely on VaR, Basel I or Basel II for risk management practices.  If you did, it was a mistake."   He went on to explain that sound risk management practices require both quantitative analysis and management judgment to be effective.  He also noted that there are legitimate failures in the application of the Basel II Capital Accord that left many institutions with insufficient capital positions.   His full remarks can be viewed in the video web link below.

Jamie Dimon speaks with Charlie Rose at SIFMA Annual Meeting

Regulators Stepping-up ERM Examinations

Yesterday, an article by FinCriAdvisor highlighted how regulators are stepping-up their reviews of enterprise risk management ("ERM") programs at both large and small financial institutions.  As they have been calling for stronger enterprise risk management practices, regulators have also been working on new ERM guidance that banks will need to follow in the future.  Here is a portion of what was reported.

Regulators have begun to focus more heavily on the way banks handle risk assessment, urging in recent testimony and regulatory updates - as well as in examinations - that institutions move toward an "enterprise risk management" model.  "There is an increasing interest with the regulators, no doubt, and a lot of risk management guidance in the works," adds Bernard Mason, regulatory relations liaison with the Risk Management Association (RMA) in Washington, D.C. He cites new commercial real estate credit concentration rules that lean heavily on risk management, pending rules on liquidity risk management that would tie U.S. guidelines with those of COSO and Basel, and new September guidance on correspondent risk management.  "Clearly, regulators are asking banks to identify risk appetite," agrees Mark Zmiewski, head of research at the RMA in Philadelphia. "That reaches a higher level of importance today under governance issues." This includes the role of the board in establishing the bank's risk appetite (the amount of risk it is willing to accept to increase earnings), how well-versed senior management is in carrying out that plan, and how well risk is measured and monitored, he says.

Is your company prepared for the greater ERM scrutiny?  If not, Wheelhouse Advisors can provide cost-effective solutions.  Visit www.WheelhouseAdvisors.com to learn more.

Fair Warning to Improve Risk Management

This week, a report was published by the Senior Supervisors Group ("SSG") regarding risk management lessons learned from the 2008 financial crisis.  For those who do not know, the SSG is a group of central regulatory agencies from seven nations including the United States.  The report highlights the following deficiencies in risk management practices at major corporations across the globe.

Some of the highlighted areas of greatest need, such as board and management oversight, articulation of risk appetite, and compensation practices, are potentially a result of the aforementioned imbalance between the stature and resources allocated to firms’ revenue-generating businesses and those afforded to the reporting and control functions. Other areas, such as risk aggregation and concentration identification, stress testing, and credit and counterparty risk management, can also be attributed to the weak condition of many firms’ IT infrastructure. While considered central to sound firm governance and risk management, the areas of continued improvement addressed here are not exhaustive.

In highlighting the areas where firms must make further progress, we seek to raise awareness of the continuing weaknesses in risk management practice across the industry and to evaluate critically firms’ efforts to address these weaknesses. Moreover, the observations in this report support the ongoing efforts of supervisory agencies to define policies that enhance financial institution resilience and promote global financial stability.

This report serves as fair warning for financial institutions to proactively strengthen their own risk management practices before the regulatory authorities are compelled to force necessary changes.  If your company is looking for cost-effective solutions, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Winds of Corporate Governance Change Are Blowing

Yesterday, the U.S. Government announced major pay reductions for executives at companies recently aided by taxpayer funded capital infusions.  In addition, the Wall Street Journal reported that these same companies will be forced to make some significant changes in their governance structure and risk management practices.  Here is what one prominent corporate governance expert had to say about the demands.

The government's move "is a seismic shift,'' said Espen Eckbo, director of the Center for Corporate Governance at Dartmouth College's Tuck School of Business. But the broader impact will be "much more significant from the governance side,'' he added. Mr. Eckbo anticipates increased shareholder pressure on companies without federal bailouts to create board risk committees and split the roles of chairman and CEO. There likely will be more non-binding stockholder resolutions next year calling for such changes, he predicted. In particular, "risk committees are a no brainer.''

As more companies establish board risk committees, Enterprise Risk Management ("ERM") programs will come under greater scrutiny and need to be more robust.  Wheelhouse Advisors can help strengthen your ERM program.  Visit www.WheelhouseAdvisors.com to learn more.

IT Organizations Adjust to "New Normal"

The "new normal" is taking hold as businesses emerge from the economic recession and look to 2010 and beyond. Greater emphasis on disciplined decision making supported by a complete understanding of associated risks will become part of the norm.  To that end, one of the major Information Technology ("IT") market intelligence firms, IDC, recently published a report on what IT organizations should be doing to adjust to the "new normal".  Here is what IDC suggests as priorities for IT organizations.

1. Cost and Funding Management: IT organizations will increasingly be forced to develop cost profiles, including the business value of solutions, to support investment decisions. This will not be an easy or pleasant task, and has been a requirement that has dogged IT organizations for years.


2. Sourcing and Platform Strategies: As new options become available to achieve an IT or business objective, IT organizations will have more room to experiment, innovate, and change, but will also have to justify their choices more conclusively.


3. Equipment Leasing and Software Financing: Commercial organizations will return to IT leasing and financing as a means of bolstering their access to IT resources.


4. Life Cycle Management: IT organizations have already extended the planned deployment of many major systems, but they still need to develop the tools and management processes to quantify the underlying cost implications of these longer asset lifecycle models.


5. IT Financial Management Tools: As IT platforms and business processes increasingly move toward a mix of in-house and third-party provision, the need for IT financial management software, tools, and best practices to better enable IT organization operational decision-making will become apparent.

Does your IT organization have the necessary tools and supporting business practices to operate in this new environment?  If not, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Building Trust to Support Growth in 2010

This week, Information Technology ("IT") executives from around the globe have gathered in Orlando at the Gartner Symposium/ITxpo.  A big focus of the event is how IT can become more transparent and accountable in order to support business growth in 2010.  The key is balancing risk management with performance management.  Here is what Gartner analysts have to say on the subject.

Risk management is about accepting that IT organizations cannot protect the company from everything, so they will have to make conscious decisions about what they will do to protect themselves, and what they will not do. They must learn to balance risk and performance. People need IT organizations to share information, so that they can trust them. IT leaders should accommodate letting outside information in, and sharing inside information appropriately. CIOs shouldn`t think they can shut down the two-way flow of information because they can`t stop it.

Gartner analysts said that the quality of data underpinning metrics such as measuring business productivity, profits, value, and efficiency of services delivered is inadequate. This stems from siloed and inconsistent business data, and from an over reliance on spreadsheets. Even where there have been investments in business intelligence, it`s not giving the business what it needs. The challenge for IT leaders is getting the information that everyone can believe in, and that everyone in the organization will trust. "IT leaders need robust information architectures and governance, coupled with data quality and integration capabilities to create an enterprise view across these silos," said Nigel Rayner, research vice president at Gartner. "You will need to rationalize and link performance measures across the business in an enterprise metrics framework. When the data is consistent, and everyone believes it, then you have built trust."

Wheelhouse Advisors recently partnered with Apptio, the leading provider of IT Financial Management solutions, to help companies achieve a balanced risk and performance management approach. Apptio’s on-demand IT Financial Management solutions provide greater visibility into the cost, utilization and operations of IT products and services so that businesses can identify ways to reduce IT costs, make better IT decisions and provide the business with a true Bill of IT. World class companies such as Blue Cross Blue Shield of Kansas, BNP Paribas, EMD Chemical and Starbucks use Apptio’s IT cost analysis capabilities to reduce cost and achieve greater visibility into their IT costs and cost drivers. For more information, please visit www.apptio.com.

The Spread of Risk Management Functionitis

While many in corporate America are working to reduce the impact of the H1N1 virus on their workforce, another virus has been infecting corporations for years.  As Jack Bergstrand, Founder of Brand Velocity, Inc., explains in his recent highly regarded book, Reinvent Your Enterprise, corporations of all sizes have been suffering from what he calls "functionitis".  Mr. Bergstrand examines how this virus has spread as more companies employ knowledge workers rather than manual workers. Knowledge workers typically organize into specialty areas within corporations based on their subject matter expertise.  This, in turn, can lead to a very bad case of "functionitis".  Here is Mr. Bergstrand's explanation of the virus and its possible cure.

"Functionitis" is a term for when functions become separated from the Enterprises they are supposed to support.  Functionitis is also an Enterprise example of where bad systems create bad behaviors.  It sometimes generates outright conflict.  More often, it generates less visible cross-functional productivity breakdowns driven by incompatible priorities and preferences.  A clear sign that functionitis has taken over is when one function considers itself an internal customer for another function.  With knowledge work, reducing moving parts at the top can systematically resolve many of the functionitis issues in and of itself.  It can also systematically improve the allocation of resources and accelerate Enterprise reinvention in rapidly changing markets.

Functionitis is at the core of the need for Enterprise Risk Management programs.  Not only does it impact the productivity of risk professionals across an enterprise, but also the ability for an enterprise to understand its true risk profile.  Is your company suffering from risk management functionitis and looking for a cure?  If so, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

S&P Struggles with ERM Ratings

Yesterday, Compliance Week Magazine reported that Standard & Poor's ("S&P") is struggling to incorporate Enterprise Risk Management ("ERM") into its ratings methodology.  Evidently, the analysts at S&P are finding the challenge of reviewing risk management practices at non-financial companies to be more daunting than originally planned. Financial companies have had their ERM practices reviewed by S&P for years, but the task is easier since practices are more mature and standard across the industry. In addition to this challenge, S&P has also been distracted by the ratings debacle that led to the securitization meltdown late last year.  However, here is what Compliance Week reported about S&P's future plans for ERM evaluations.

S&P has no plans to abandon its ERM evaluations, but neither will it split out ERM as a separate component of a company’s overall rating score. Rather, ERM reviews for non-financial companies will be based primarily on information provided by issuers in public disclosures and through discussions with S&P. Following are the seven primary questions that analysts have been asking management teams concerning ERM:

• What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?


• What is management doing about top risks?


• What size quarterly operating or cash loss have management and the board agreed is tolerable?


• Describe the staff responsible for risk-management programs and their place in the organization chart. How do you measure success of risk management activities?


• How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?


• Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.


• Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.

Is your company prepared to answer these questions?  If not, Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.

A Risk & Financial Management Balancing Act

Information Technology ("IT") is quickly becoming one of the primary areas within a company that is not only laden with risk, but also regulatory complexity.  At the same time, IT is one of the first areas to which companies look for cost reduction in an economic recession.  The combination of these factors demands better decision making and priority-setting by IT risk professionals and finance managers to meet the needs of the business while properly managing risk. In this month's issue of Information Security Magazine, an IT risk professional at credit information provider Equifax shares his view of this challenge.

Let's face it, we are entering an era of tighter statutory requirements and rapidly changing regulations. But focusing solely on statute requirements can lead to a disjointed strategy that is neither comprehensive nor aligned with business goals. While compliance mandates are often used to drive security investments, compliance by itself does not ensure a company's security posture.

Instead, businesses must look beyond their technology and compliance needs and understand the challenges of ensuring their company's security posture. Achieving this level of transparency requires the right mix of innovation, talent and technology underscored by a strategy that addresses risk at the broadest level. This is where relationships with business partners and vendors can play a valuable role. By joining forces with industry-leading third-party providers, companies gain access to new thinking and innovation to address key needs and challenges. With the right strategy and technology partnerships, businesses can drive a consistent and global set of security practices focused on risk reduction and information security.

Wheelhouse Advisors is uniquely positioned to help companies address their risk and security challenges while meeting the financial demands of the businesses they support.  To learn more, email us at NavigateSuccessfully@WheelhouseAdvisors.com or visit our website at www.WheelhouseAdvisors.com.

Back to the Drawing Board on Derivatives Regulation

U.S. House Financial Services Committee Chairman Barney Frank (D-MA) distributed a proposal for derivatives regulation this week and it was the subject of a hearing by the committee yesterday.  A major part of the discussion centered on a potential loophole that would allow many corporations, if not all, to avoid the new regulation altogether. Here is what Bloomberg.com reported about the hearing and draft legislation prepared by Chairman Frank.

A plan offered by the Obama administration would subject all swaps dealers and “major market participants” to new regulations for capital, business conduct, record-keeping and reporting. Frank’s version would exempt corporations from that definition if they use derivatives for “risk management” purposes.

While Frank’s proposal is a “step in the right direction,” its “ambiguous” definition of risk management may leave a large number of corporations unregulated, Henry T.C. Hu, director of the SEC’s new division of risk, strategy and financial innovation, told the committee.

“As just about all swaps could be defined as being used for risk management purposes, we’re concerned that unintentionally the category of ‘major swap participant’ could have been narrowed so significantly, or even to a null set,” CFTC Chairman Gary Gensler told reporters after the hearing.

“Major hedge funds” may be excluded from oversight, as may the mortgage-finance companies Fannie Mae and Freddie Mac “because of course the government-supported enterprises use swaps for risk management purposes,” Gensler said.

It looks like Chairman Frank may need to re-educate himself on the use of derivatives and go back to the drawing board on this proposal.

Improving Executive Compensation Oversight and Pay Processes

In light of the increased risks associated with executive compensation programs, The Conference Board recently established a task force to develop guidance for companies looking to improve their pay processes and oversight.  The guidance has been published and centers on five principles that companies should strive to achieve.  Here are the five principles.

Principle One—Paying for the right things and paying for performance

Compensation programs should be designed to drive a company’s business strategy and objectives and create shareholder value, consistent with an acceptable risk profile and through legal and ethical means. To that end, a significant portion of pay should be incentive compensation, with payouts demonstrably tied to performance and paid only when performance can be reasonably assessed.

Principle Two—The “right” total compensation

Total compensation should be attractive to executives, affordable for the company, proportional to the executive’s contribution, and fair to shareholders and employees, while providing payouts clearly aligned with actual performance.

Principle Three—Avoid controversial pay practices

Companies should avoid controversial pay practices, unless special justification is present.

Principle Four—Credible board oversight of executive compensation

Compensation committees should demonstrate credible oversight of executive compensation. To effectively fulfill this role, compensation committees should be independent, experienced, and knowledgeable about the company’s business.

Principle Five—Transparent communications and increased dialogue with shareholders

Compensation should be transparent, understandable, and effectively communicated to shareholders. When questions arise, boards and shareholders should have meaningful dialogue about executive compensation.

These guiding principles seem to provide what many may say is simply common sense advice.  However, given the environment that we find ourselves in today, common sense such as this may not be as common as one might think.

The Sarbanes-Oxley Countdown is Extended for a Final Time

The U.S. Securities and Exchange Commission ("SEC") announced last week that the deadline for full compliance with Section 404 of Sarbanes-Oxley Act for small companies has been extended for an additional and final nine months.  The primary reason for this final extension is the delayed publication of the formal study on the impact of changes to the compliance requirements made in 2007.  Here is the formal release from the SEC.

This extension of time will expire beginning with the annual reports of companies with fiscal years ending on or after June 15, 2010. This expiration date previously had been for fiscal years ending on or after Dec. 15, 2009. The extension was granted so that the SEC’s Office of Economic Analysis could complete a study of whether additional guidance provided to company managers and auditors in 2007 was effective in reducing the costs of compliance. Because the study was published less than three months before the December 15 deadline, the Commission determined that additional time is appropriate and reasonable so that small public companies and their auditors can better plan for the required auditor attestation.

“Since there will be no further Commission extensions, it is important for all public companies and their auditors to act with deliberate speed to move toward full Section 404 compliance,” said SEC Chairman Mary L. Schapiro.

So, the final clock is ticking.  Does your company need help implementing a cost-effective compliance program?  If so, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Senate Banking Committee Chairman Presses Reform

Yesterday, the U.S. Senate Banking Committee conducted a hearing to discuss ideas for financial regulatory reform.  Senator Christopher Dodd, chairman of the committee, argued the case for streamlining the governmental agencies that currently oversee the nation's largest financial institutions.  In his remarks, he pressed the need for the creation of a new, single regulatory agency that will consolidate the handful of agencies that provide oversight today.  Here's what he had to say.

“I have heard from many who have argued that I should not push for a single bank regulator.  The most common argument is not that it’s a bad idea – it’s that consolidation is too politically difficult.  That argument doesn’t work for me,” said Dodd. “We must eliminate the overlaps, redundancies, and additional red tape created by the current alphabet soup of regulators.”  Dodd went on to detail priorities in bank regulation.  “We need to preserve our dual banking system.  And I feel just as strongly on that point as I do the earlier point.  State banks have been a source of innovation and a source of strength, a source of tremendous strength, in their communities.   A single federal bank regulator can work with the 50 state bank regulators.” The chairman also recognized the important role played by community banks.  “Community banks did not cause this crisis and they should not have to bear the cost or burden of increased regulation necessitated by others.  Regulation should be based on risk - community banks do not present the same type of supervisory challenges their large counterparts do.”

Streamlining oversight in this way will not only strengthen the regulatory framework, it will also eliminate much of the excess governmental spending and bureaucracy that currently exists.

ERM Approaches in Dire Need of Repair

This week, Forbes magazine reported results from the 2009 Global Risk Management Study sponsored by Accenture. The detailed report demonstrates the need for significant improvement in enterprise risk management approaches at major corporations across the globe. Here's a summary of the findings.

A snapshot of the results of the survey of 260 chief financial officers, chief risk officers and others responsible for corporate risk in 21 countries suggests just how much surgery may be needed to repair risk management. By huge margins, the respondents identified the following major problems:

• Ineffective integration of risk, return and capital issues in decision making: 85%


• Lack of alignment between a company's strategy and its risk appetite: 85%


• Insufficient management understanding of risk exposure types, and lack of agreement on how to mitigate such risks: 82%


• Inadequate availability of timely risk, finance and business data: 80%


• Lack of company-wide processes that could provide a complete picture of the impact of risk exposure: 78%


• Ambiguous divisions of responsibility concerning risk between corporate and business units: 78%

Following the last big downturn, in 2002, businesses attempted to adjust their risk exposure by strengthening their internal controls and improving their financial transparency. Today's world, however, requires much stronger fixes than just tweaking finance and accounting practices. In fact, businesses must fundamentally change their core risk processes.

If your company is searching for cost-effective solutions to challenges such as these, Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com or email us at NavigateSuccessfully@WheelhouseAdvisors.com, to learn more.

Financial Regulatory Reform Debate Begins

Today, the U.S. House Financial Services Committee will welcome several experts to debate financial regulatory reform approaches.  Paul Volcker, former Federal Reserve Chairman and current Head of the President's Economic Recovery Advisory Board, will testify first by offering his views on how reforms should be enacted.   Here is an excerpt from his prepared testimony.

Important parts of the Administration’s proposed reforms can be – and some are being – implemented and enforced under existing authority. The Treasury has set out principles for capital and liquidity standards. Other prudential approaches are under consideration. Most notably risk management practices, for banks and certain other regulated institutions have been placed under urgent review. At the supervisors’ initiative, useful and needed steps are being taken to encourage more prudent compensation practices.

These are needed steps toward a stronger reformed financial system. However, I want to emphasize two inter-related issues of fundamental importance that run across the more particular elements of reform. One is a matter of broad regulatory practice: how to deal with the insidious, potentially risk-enhancing, spread of “moral hazard”, the presumption that systemically important institutions may be protected in the face of imminent failure. The overlapping question is one of administrative responsibility: in particular the appropriate role of the central bank (the Federal Reserve) in regulation, supervision and oversight of the financial system.

Mr. Volcker has defined the problem very well.  The answer lies in the need to decelerate the consolidation of financial institutions and accelerate the consolidation of regulatory oversight.  Just the opposite has occurred over the past few decades and led us to the brink of financial collapse.

The Need for ERM Becomes More Evident

In this month's issue of the Journal of Accountancy, Enterprise Risk Management ("ERM") is profiled as a management discipline that has much room for improvement in many companies today.  The authors of the article note that few companies have adopted a true ERM approach and a large number of companies have yet to see the value of implementing an ERM program.  However, with the complexity and interconnection of risks increasing, many senior executives and board members are realizing the need for a solid ERM program in their company.  Here is what the authors have to say.

Much of the shift in thinking about risk oversight has centered on ever-growing calls for boards and senior executives to embrace the business paradigm widely known as enterprise risk management (ERM). ERM is championed as an effective approach to identifying, assessing and monitoring risks across organizations and establishing communication protocols to efficiently share this risk information quickly across the entity. The ERM approach emphasizes a top-down, holistic view of the inventory of key risk exposures potentially affecting an enterprise’s ability to achieve its objectives. Proponents argue that a comprehensive ERM process helps to ensure that significant risks are given adequate consideration by senior management and boards of directors in the strategic planning process. Boards and senior executives use this inventory of risks with the goal of preserving and enhancing stakeholder value.

Is your company contemplating an ERM implementation?  If so, Wheelhouse Advisors can help. To learn more, visit www.WheelhouseAdvisors.com.

Risk and Pay Regulations Demand Strong ERM Programs

The debate about the Federal Reserve's plan to regulate pay practices at financial institutions is heating up.  Reports in the Wall Street Journal indicate that views on the matter are highly polarized.  In addition, experts are suggesting that the new regulations could mean that boards of directors will need to work harder to understand their company's risk profile and compensation systems.  Here is an excerpt from the WSJ.

The Federal Reserve's new push to regulate pay at U.S. banks will make things more difficult for boards and their compensation committees, already under fire for controversial pay practices. The planned Fed move could increase time demands, recruitment challenges and legal exposure for boards, predict directors and pay consultants. "You're going to have to make sure the whole board is involved in risk issues," says Robert E. Denham, a Los Angeles attorney and former chief executive of Salomon Inc. Mr. Denham is co-chairman of an executive-pay task force created by the Conference Board, a New York business group.

Companies and board members will need to rely more than ever on their enterprise risk management ("ERM") programs to provide timely information to support compensation related decisions.  In addition, greater regulatory scrutiny will demand the implementation of strong ERM programs.  Wheelhouse Advisors can help your company design and implement a cost-effective ERM program.  Visit www.WheelhouseAdvisors.com to learn more.

Federal Reserve Plans to Manage Risk by Regulating Pay

The Wall Street Journal reported today that the Federal Reserve is planning to begin regulating pay practices at financial institutions that it oversees currently.  The intent of the Federal Reserve is to limit short-term compensation that rewards excessive risk taking.  Here is what the Journal says about the plan.

Details of the Fed's plan aren't final, but the central bank will propose to review pay packages for tens of thousands of bankers to guard against the encouragement of excessive risk, and to allow banks to "claw back" compensation in certain cases. In essence, the Fed is moving to greatly broaden the kind of scrutiny that Obama administration pay czar Kenneth Feinberg has applied to seven firms receiving large amounts of federal aid.

The Fed's move is the latest, and potentially most sweeping, of several efforts to curb risk-taking in the wake of the financial crisis. Congress approved provisions in both the bank-bailout bill last year and the economic-stimulus package in February to restrict some pay. Treasury Secretary Timothy Geithner also addressed the issue in the administration's proposed regulatory overhaul in June.

All of these efforts have had to confront a difficult truth: The relationship between risk-taking and compensation is neither simple nor well understood. Moreover, bankers and many others say it is important to encourage some risk-taking.

Since details of the plan have not yet been released, it is too soon to offer opinions on the effectiveness or impact of such oversight.  However, the Federal Reserve must be careful to avoid micromanaging pay and usurping the authority that is placed in the hands of the Board of Directors at these institutions.

SEC Borrows a Page from the ERM Playbook

In an acknowledgement of the need for improvement in their risk management practices, the U.S. Securities & Exchange Commission ("SEC") has created a new division for risk and strategy.  The SEC is following a similar path that many corporations are taking by creating an enterprise risk management program that will integrate silos of risk practices across the agency.  Here is what was reported by the Associated Press yesterday.

The Securities and Exchange Commission has merged several offices and functions to create a division of risk, strategy and financial innovation.  The new division will be headed by Henry T.C. Hu, a professor of banking and finance law at the University of Texas, the agency announced Wednesday. The division combines the SEC's Office of Economic Analysis, Office of Risk Assessment and other functions. It will assume those areas as well as strategic and long-term analysis, identification of new trends in financial markets, and risk to the financial system.

This is certainly a step in the right direction for an agency that is battling to regain its reputation for sound oversight and enforcement.  In addition, the goal of linking their risk assessment to long-term, strategic analysis will prove to be useful by proactively addressing problem areas before they become massive like the Madoff Ponzi debacle.

Financial Regulatory Reform Takes Back Seat

As we are emerging from the financial crisis, the debate on Capitol Hill is firmly focused on health-care rather than financial regulatory reform.  It seems as though Congress can only single thread major legislation and, as a result, financial regulatory reform has taken a back seat.  However, the American Banker reported this week that the president is still intent on passing meaningful regulatory reform this year.  Here is what they had to say.

With much of the political world focused on health-care reform, the president appeared to signal that a financial services overhaul is still a priority for him. He reiterated that he hopes Congress will act this year — an increasingly unrealistic timeline by most estimates — and warned that bankers and other lenders cannot return to business as usual now that the crisis appears to be passing.

"The growing stability resulting from these interventions means we are beginning to return to normalcy," President Obama said in a speech at Federal Hall in the heart of New York's financial district. "But what I want to emphasize is this: Normalcy cannot lead to complacency. … We will not go back to the days of reckless behavior and unchecked excess at the heart of this crisis, where too many were motivated only by the appetite for quick kills and bloated bonuses."

Unfortunately, a well conceived plan to reform our financial regulatory structure has not been put forth. Without a clear plan, action will come later rather than sooner. Let's hope the bail-out band-aids hold long enough to see meaningful reform.

Looking Back to Navigate Forward

Today's post marks a significant milestone for The ERM Current™.  This is the 200th post to the blog since it was launched a year ago.  As we all know, the past year has been a remarkable one for the global economy and the practice of risk management.  Given the milestone, it is certainly appropriate to look back to evaluate the role of Enterprise Risk Management ("ERM") in the financial crisis that erupted at the same time this blog was launched.  In today's issue of Business Insurance Magazine, the following assessment of ERM was made.

Some observers have questioned whether enterprise risk management was to blame for the financial crisis, as the industry where ERM is most widely practiced is financial services. Others say ERM was not the problem; the real culprit was companies' failure to use ERM.

I agree with the latter view. Enterprise risk management makes both theoretical and practical sense, but what many people misunderstand is that there is no one-size-fits-all approach to managing risks, be they hazard risks or business risks.

Traditional risk management is concerned with hazard risk—that is, the effects of accidental loss. ERM encompasses hazard risk as well as business risk, which holds the possibility of loss, no loss or gain. ERM also is about maximizing organizational value, which requires viewing risk as both possibility of loss and opportunity.

One of the lessons from the financial crisis is that companies must take a strategic view of risk and manage it so that they can avoid disaster and position themselves to create opportunities, or at least take advantage of ones that arise.

This is a spot-on assessment that many companies and risk professionals should take to heart.  As we emerge from the crisis, some may become too focused on the hazard risks and miss out on exceptional business opportunities.  On the flip side, others may be emboldened by the fact that they survived the crisis and ignore potential risks.  A comprehensive ERM program is crucial to navigate through the myriad of risks successfully. Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.

Basel Committee Announces Major Changes

This week, the Basel Committee on Bank Supervision released a statement regarding proposed changes to the Basel II Capital Accord that will significantly impact the capital requirements for financial institutions across the globe.  The intent of the proposal is to increase transparency into the capital reserves as well as reduce risk across a number of categories.  The following changes are slated to be assessed and implemented throughout 2010.

• Raise the quality, consistency and transparency of the Tier 1 capital base. The predominant form of Tier 1 capital must be common shares and retained earnings. Appropriate principles will be developed for non-joint stock companies to ensure they hold comparable levels of high quality Tier 1 capital. Moreover, deductions and prudential filters will be harmonised internationally and generally applied at the level of common equity or its equivalent in the case of non-joint stock companies. Finally, all components of the capital base will be fully disclosed.


• Introduce a leverage ratio as a supplementary measure to the Basel II risk-based framework with a view to migrating to a Pillar 1 treatment based on appropriate review and calibration. To ensure comparability, the details of the leverage ratio will be harmonised internationally, fully adjusting for differences in accounting.


• Introduce a minimum global standard for funding liquidity that includes a stressed liquidity coverage ratio requirement, underpinned by a longer-term structural liquidity ratio.


• Introduce a framework for countercyclical capital buffers above the minimum requirement. The framework will include capital conservation measures such as constraints on capital distributions. The Basel Committee will review an appropriate set of indicators, such as earnings and credit-based variables, as a way to condition the build up and release of capital buffers. In addition, the Committee will promote more forward-looking provisions based on expected losses.


• Issue recommendations to reduce the systemic risk associated with the resolution of cross-border banks.


• Assess the need for a capital surcharge to mitigate the risk of systemic banks.

These changes will have a sizeable impact on the way financial institutions manage and disclose risk in the coming years.  However, given the complexity and interconnectivity of our financial markets, it is certainly the prudent course to take.

Corporate Boards Struggle With ERM

Corporate Board Member Magazine recently profiled the seven hot buttons for corporate boards today.  Not suprisingly, risk management was at the top of the list.  However, the article points out that many in the boardroom are having a difficult time not only addressing risk, but also understanding the best way to govern risk throughout the organization.  Here's an excerpt from the article.

The word risk has a broad range of meaning, and the term is bandied about in corporate America as much as healthcare is in Middle America. Yet, risk shouldn’t be a reduced to a buzzword or a single committee, but rather it should be considered as a managed process that is discussed yearlong. “Directors are asking, ‘What’s my job? How do I get my arms around risk, and what’s management doing to mitigate risk?’” Keith Higgins, partner, Ropes & Gray LLP, tells Corporate Board Member. “Directors have to talk to the CEO and get the CEO to put risk analysis on every agenda. All the math whizzes built great risk models and they were not maybe as predictive as people thought.”

Moreover, risk management should not be viewed in and of itself. Bernard C. Bailey, chairman, LaserCard Corp., a secure ID provider, and director on the boards of EF Johnson Technologies, Telos Corp., and Spectrum Control, doesn’t look at risk management as something you put into a separate box. “It permeates every function within the enterprise—legal, operational, financial, liquidity, marketplace, fraud,” he says, emphasizing that the risk conversation has to be expanded to the whole board.

As the gentlemen quoted in the article point out, effective enterprise risk management is not a simple or easy task.  It is a process that must be woven into the very culture and operation of the entire business - from the boardroom to the mailroom.

Implementing ERM: What Boards Must Consider

The Committee of Sponsoring Organizations of the Treadway Commission ("COSO") recently released a white paper discussing the role of the Board of Directors in an effective Enterprise Risk Management ("ERM") program.  It provides an overview of the key drivers for implementing ERM today and what Boards must consider during the implementation.  Here is what they suggest.

In the aftermath of the financial crisis, executives and their boards realize that ad hoc risk management is no longer tolerable and that current processes may be inadequate in today’s rapidly evolving business world. Boards, along with other parties, are under increased focus due to the widely-held perception that organizations encountered risks during the crisis for which they were not adequately prepared. Increasingly, boards and management teams are embracing the concept of enterprise risk management (ERM) to better connect their risk oversight with the creation and protection of stakeholder value.

While ERM is not a panacea for all the turmoil experienced in the markets in recent years, robust engagement by the board in enterprise risk oversight strengthens an organization’s resilience to significant risk exposures. ERM can help provide a path of greater awareness of the risks the organization faces and their inter-related nature, more proactive management of those risks, and more transparent decision making around risk/reward trade-offs, which can contribute toward greater likelihood of the achievement of objectives.

If your company is considering implementation of an ERM program or simply looking to enhance your current ERM program, Wheelhouse Advisors can help.  To learn more, visit www.WheelhouseAdvisors.com.

Enabling Cost-Effective ERM with GRC Software

Governance, Risk & Compliance ("GRC") software has become a hot topic in the world of risk management over the past several years.  Many business people often ask what is GRC software and what is its purpose?  GRC software is akin to Enterprise Resource Planning ("ERP") software in that it is intended to provide a single repository for disparate information in order to enable better analysis and decision making.  However, while ERP software is focused on integrating financial and operations management activities, GRC software is focused primarily on integrating risk management activities.  An article in the September 2009 issue of Insurance Networking News provides additional insight into the evolution of GRC software and its usefulness in the aftermath of the recent financial meltdown.

Much as the Greek goddess Athena emerged from the forehead of Zeus, the marketplace for governance, risk and compliance (GRC) software was birthed in an epic headache. The accounting scandals and subsequent bankruptcies of Enron and WorldCom prompted the creation of the Sarbanes-Oxley Act (SOX) and GRC software soon emerged to help companies comply with the regulations.

"If you look at the genesis of the GRC market, it was brought on by the passage of SOX in 2002," says Tom Eid, VP research, at Stamford, Conn.-based Gartner Inc. "The first GRC solutions emerged in 2004, and at that point the focus was really on the finance and audit function."

Five years and one credit crisis later, the risk management component of GRC seems poised for a similar boom. While no legislation has yet passed as a direct result of the financial services meltdown, few expect this to persist for too much longer. Bills intended to rewrite the regulation of financial services in general, and insurance in particular, are winding through both houses of Congress. Leaving aside the diverging opinions on the merits of the bills, a broad consensus exists that more regulations-and a larger emphasis on risk management by regulators-are inevitable.

"The administration continues to make the case that they need some sort of consolidated oversight over insurance and financial services at the federal level," says Gary Bhojwani, president & CEO of Minneapolis-based Allianz Life. "They are talking about true regulatory oversight, whether they get it is a whole other discussion." While the industry awaits development in Washington, rules propagated by standards bodies such as the Financial Accounting Standards Board are already being enacted, and rating agencies are putting a renewed emphasis on risk.

With so many different regulatory bodies and agencies placing new demands on businesses as well as the ever-increasing complexity of business transactions, the need to integrate risk management activities in a cost-effective manner is very real.  Wheelhouse Advisors is equipped to help companies build enterprise risk management programs and implement GRC software to enable the integration.  To learn more, visit www.WheelhouseAdvisors.com.

Did Calamity Jerome Commit a Crime?

According to a report in today's UK Guardian, the infamous rogue trader from Societe Generale will stand trial next year to face criminal charges associated with his bad bets.  Jerome Kerviel almost brought down one of the largest financial institutions in the world by conducting a series of trades that led to losses of over $7 billion.  He argues that his actions were not criminal because the bank knew about and encouraged his trading activity until the losses began to mount.  Here is what the Guardian reports about the ongoing investigations.

The independent investigations and the bank's own internal inquiries into the scandal have found that its managers and control systems failed to operate properly and ignored warnings. A report by PricewaterhouseCoopers blamed the "culture" at the trading desk, describing it as "overheated". France's central bank has fined SocGen €4m for "serious shortcomings" in its internal controls that led to the trading losses. Kerviel's legal team is trying to go further and prove that the bank knew what was actually happening.

Employed at the bank since 2000, Kerviel worked his way up from a desk that monitors traders to a job on the futures desk, where he invested the bank's money by making huge bets on the future direction of European stock exchange prices. He is accused of causing five times the financial damage inflicted by Nick Leeson, the rogue trader who sparked the collapse of Barings Bank in 1995 with losses of £800m.

At the very least, the bank lacked the controls necessary to prohibit unauthorized trading activity as well as limit authorized trading activity.  As financial institutions and the trading operations they support become more complex, opportunities for fraud and abuse will continue to increase.  Investments in controls and monitoring technology are crucial to prevent future calamities such as this.

Looming IFRS Risks Pose Significant Challenges

More and more companies are beginning to examine the potential impact of the imminent conversion from U.S. Generally Accepted Accounting Principles ("GAAP") to the International Financial Reporting Standards ("IFRS").  The big difference between the two sets of standards is the fact that GAAP is primarily "rules-based", while IFRS is "principles-based".  The nature of a more principles-based set of standards adds to the amount of interpretation and risk in financial reporting.   Here is what an article in September 2009 issue of the Journal of Accountancy recently noted on the emerging risks from IFRS implementation.

Conversion to IFRS will be far more than a technical accounting exercise. Implementing IFRS will impact many, if not all, aspects of your business operations. It may bring companywide changes that will spawn new risks. These include system changes, modifications to processes impacting employees’ day-to-day duties, and new accounting policies.

Companies will also need to evaluate the impact these differences may have on their accounting policies, as well as the underlying information technology systems that support the company’s financial reporting structure. Changes to policies and systems on this scale will invariably give rise to additional risks that your organization may need to monitor and control.

The move to IFRS represents a huge opportunity for global companies to streamline their financial reporting, while at the same time poses major risks in the quality of implementation across the organization.  Wheelhouse Advisors can help your company analyze the IFRS related risks and provide solid expertise to support a successful implementation. Visit www.WheelhouseAdvisors.com to learn more.

Common Objectives of the Chief Risk Officer & Chief Audit Executive

John A. Wheeler of Wheelhouse Advisors delivered a presentation this week at the 2009 Institute of Internal Auditors Conference in San Diego, California.  His presentation focused on the common objectives of the Chief Risk Officer and the Chief Audit Executive in today's perilous global economy.  Key discussion topics included:

1. Learning about the evolving role of the Chief Risk Officer (“CRO”) both before and during the current global economic crisis


2. Developing an understanding of the complementary aspects of the CRO and Chief Audit Executive (“CAE”) roles, as well as the potential conflicts to avoid


3. Discovering strategies and critical success factors for an effective CRO & CAE partnership

Given the increase in both complexity and interrelationships of risks across corporations, an effective relationship between these two executive roles and their organizations is vital.  Wheelhouse Advisors provides cost-effective solutions to enable strong relationships in support of robust ERM programs.  To learn more, visit www.WheelhouseAdvisors.com.

Looking to Satisfy Risk Management Demand

Companies are now beginning to shore up their risk management practices and are hiring more risk management professionals as a result.  An article in the New York Times this week discusses the increase in demand for risk management skills and how prominent business schools are preparing graduates for the field.

Among the hot areas now are positions related to minimizing risk, as firms try to mitigate the chances of another financial crisis. Risk in general is a relatively new focus, and the openings range from business, credit and operational risk to product and technology risk. “Risk is everywhere,” said Jeanne E. Branthover, head of the global financial services practice at Boyden Global Executive Search.

This year, the Stern School of Business at New York University started offering an executive master’s in risk management in partnership with the Amsterdam Institute of Finance. During the program, which lasts a year and costs 42,000 euros, or about $60,000, students meet 10 times for multi-day sessions and study subjects including risk metrics, credit risk and liquidity risk. The course covers about 75 percent of what one is required to know for the professional risk manager certification, said Ingo Walter, a professor of finance at Stern.

Stern also offers a less technical three-day executive education session on integrated risk management. Columbia Business School and the Kellogg School of Management at Northwestern University are among other institutions that offer similar programs, which range in cost from $3,750 to $10,000.

As more business school graduates with a foundation in risk management enter the corporate world, corporations will certainly benefit from having these skills proliferate throughout the organization.