Category Archives: Governance, Risk & Compliance

Tips for Good Corporate Governance

Posted on by

Maureen DeCicco of WithumSmith+Brown.

The following is a guest post for The Monitor written by Maureen DeCicco, CPA, partner in the New Brunswick office of the consulting and accounting firm WithumSmith+Brown. She has 18 years of public accounting experience and five years in private industry accounting and internal audit.

Whether your company is large or small, good corporate governance can be critical in establishing a positive organizational culture. Good corporate governance is evident by responsibility, accountability, consistency, fairness and transparency. It can financially benefit an organization, leading to higher profit margins, greater dividend yields and larger stock repurchases. Setting corporate governance procedures in place also enhances the organization’s reputation and builds integrity, making it more attractive to customers and investors.

The following are some simple tips for developing good corporate governance:

  • Document governance principles. When documenting a set of corporate governance principles, the roles and functions of the Board and its committees should be established.
  • Document committee charters. All committee charters should outline a committee’s authority as to decision making and their roles and responsibilities. This creates accountability.
  • Within charters, a well defined plan for dealing with governance issues and resolution of issues should be communicated.
  • An audit committee should monitor public accounting firm audit work, their independence, fees and level of services and scope of both audit and non audit services.
  • A compensation committee should address remuneration levels for executive officers, fringe benefit and incentive plans.
  • The corporate governance committee should make recommendations to the board for new members, and monitor the board performance.
  • The corporate governance committee should monitor committee and executive management performance.
  • Have independent members on the audit committee, including a financial expert.
  • Minutes should be taken at all meetings and committees should report formally to the board on a regular basis.
  • Employee code of conduct policy should be documented and provided to employees.
  • Board code of conduct policy for non-employee directors should be documented and provided to board members.
  • Formalize employee performance evaluations.
  • Employee complaint procedures should be made available to all employees. Employees should be made aware of non-retaliation policy and that they can be anonymous.

Following some of the basics of corporate governance demonstrates a good tone from the top, while creating transparency across all levels and in the firm’s operations. In light of the recent challenging economic times and the financial meltdown, exposing fraudulent activity is more important than ever. Good corporate governance will help to expose and correct any issues before becoming major problems.

A Surprising Study from the Economist Intelligence Unit

Posted on by

Just when you think the discipline of risk management is making headway in the boardrooms of large corporations across numerous industries, a report surfaces that makes you think otherwise.

I’m referring to a research report by the Economist Intelligence Unit (EIU) titled Ascending the Maturity Curve: Effective Management of Enterprise Risk and Compliance.

The report compares perception with reality, exposing the discrepancies between how executives view their risk mitigation capabilities and what they are actually doing.

online pharmacy flagyl with best prices today in the USA

The research is based on a worldwide survey of 385 senior executives from the finance, risk, compliance and legal functions, and a series of in-depth interviews with executives familiar with risk and compliance within their organizations.

Some of the key findings from the report:

1. Chief risk officers are not earning the respect they should

The appointment of a CRO has become more common in companies after the Basel Accord and Sarbanes-Oxley, and even more so after this latest recession. Though the awareness of CROs and their functions has been on the rise, their contributions are not recognized as they should be. Surprisingly, the EIU research finds that just 26% of those surveyed felt the CRO was “essential in terms of achieving business goals.”

2. Finance executives remain unaware of risks

According to the survey, “Compared to colleagues in legal, risk and compliance functions, finance professionals are far more likely to say that their organizations haven’t suffered from significant risk or compliance failures.” This is yet another surprising finding since the financial department is considered one of, if not the, most important department in an organization, considered the oxygen to the life of a company. If they are operating with the mindset that their company is perfect, either they’re not being true to themselves or they honestly cannot see failures. Both scenarios are scary.

3. Most executives wrongly assume they’re earning an “A”

It could be seen as confidence overload among top executives — almost half of those surveyed said their company’s practices are consistent with the best in the industry. The EIU references the Lake Woebegone effect — or when the vast majority of people think they’re above average.

online pharmacy clomiphene with best prices today in the USA

This is never a good attitude to have when practicing risk management, a discipline which, among other things, means thinking of everything that could go wrong, will, and working on a plan to mitigate such risks. Over-confidence is never a good attribute for risk management.

The report also covers the lack of consistent policies on business practices, learning from failures, knowing a company’s risk appetite and which two functions are most averse to risk.

Though not a very optimistic report, we must not let such research bring us down. Rather, we should use them for insight, instruction and inspiration.

online pharmacy ciprodex with best prices today in the USA

Cloud Computing: Convenience Versus Confidence

Posted on by

Cloud computing has become a convenient and cost efficient way for companies to store data while using remote, shared servers located in the “cloud.” But what is cheap and easy, isn’t always safe.

Take Amazon.com, for example. The company branched out into the cloud computing business five years ago and has since offered computing resources to thousands of businesses — most of them small with a low likelhood of having data backup and recovery services (bad risk management!).

Last week, that lapse in risk management was felt after Amazon.com’s cloud services crashed, disrupting web services for companies as large as Pfizer and as small as FourSquare.

The Amazon interruption, said Lew Moorman, chief strategy officer of Rackspace, a specialist in data center services, was the computing equivalent of an airplane crash.

online pharmacy arava with best prices today in the USA

It is a major episode with widespread damage. But airline travel, he noted, is still safer than traveling in a car — analogous to cloud computing being safer than data centers run by individual companies.

online pharmacy azithromycin with best prices today in the USA

As of this morning, many of the affected sites are back online, though “some historical data might be missing,” according to Chartbeat, a company that monitors the online presence of websites.

The risks of cloud computing is not a new topic among business owners, CIOs and risk managers — far from it. For years, talk has circled regarding privacy, compliance and legal issues. One recent article in PC World examines the risks of cloud computing. It covers topics such as who accesses your data, regulatory compliance and (probably most importantly) data loss and recovery.

online pharmacy zoloft with best prices today in the USA

Corporate cloud computing is expected to grow rapidly, by more than 25% a year, to $55.5 billion by 2014, according to International Data Corporation estimates. And as the popularity of cloud computing grows, so will the potential risks. With that in mind, companies are wise to evaluate such perils and plan for what could go wrong with such a modern technology marvel.

ERM on the Rise

Posted on by

An uprising in Egypt or a catastrophic natural disaster in Japan can make a company stop and think about how that event impacts their business. And events like these are helping to spur companies to fully embrace enterprise risk management (ERM).

This is a good thing. And, according to some, it’s only going to get better.

James Lam, president of risk-management consulting firm James Lam & Associates, has high expectations for the future of ERM, telling CFO magazine that “We’re going to make more progress in ERM implementations and its standardization in the next couple of years than we did in the last dozen.” According to his research, almost 90% of global organizations with more than $1 billion in revenue are either putting an ERM program in place or, in 25% of those cases, already have a program up and running.

Russ Banham, a contributing editor of CFO magazine, also has some great insight into the present state and future situation of the risk management movement. He penned quite an interesting ERM article that was published today. In it, Banham states that it’s not just black swan events that are to credit for the spike in ERM popularity, three trends have also caused an increase in interest.

  1. Corporate boards are under regulatory pressure to address risk management explicitly.
  2. Proponents of ERM are making progress in having it acknowledged as a best practice for overall risk management.
  3. New technologies are enhancing companies’ ability to evaluate, measure, and prioritize risks, and to test and report on their potential impact.

Banham points to the Dodd-Frank Act, the fact ratings agencies factor in ERM criteria into their ratings process, COSO II (the Committee of Sponsoring Organizations) and the SEC’s sharpened stance on risk management as why some companies, especially larger ones, have no option other than the fully implement an ERM program.

Governance issues aside, ERM would get a major boost if it were widely regarded as an industry standard for best practices. “We are not talking about a one-size-fits-all standard, since risk management is part art and part science, and organizations differ by geographies, markets, business lines, and organizational structure,” Lam says. “It can, however, be an industry-by-industry standard, customized by companies within a given industry.”

Optimism aside, most companies still have a long way to go in terms of developing a comprehensive, efficient and successful ERM strategy. As we see by the second graphic below, more than half of companies still have little or no common risk management processes implemented.

Let’s hope Lam’s predictions come to fruition.