Sacre Bleu!
January 25, 2008 | Filed Under Criminal Liability, Compliance
$7 billion buys a lot of compliance training and even more monitoring technology, n’est pas?
Here’s a slide to put in the deck:
And who says life doesn’t imitate art?
Jerome Kerviel, Societe Generale, 2008
Bud Fox, Wall Street, 1987
Sarbanes-Oxley, Three Years On
November 26, 2007 | Filed Under Compliance
The Financial Times reports the results of a Compliance Week study on Sarbanes-Oxley results.
The study finds that the number of “material weaknesses” in these companies – identified shortcomings in accounting controls – fell to 5.9 per cent from November 2006 to May this year, compared with 16.7 per cent in the 12 months to November 2005.
There’s also the hint of costs coming down:
When Sarbox was passed in 2002, it was estimated that it would cost the US economy about $1.6bn (£776m, €1.1bn). By 2004, estimates of compliance costs rose to $4m per listed company – or about $35bn.
However, costs have come down significantly at the largest companies which have developed systems for complying. Costs are expected to fall further after US regulators made it much easier to implement Section 404, the most contentious part of Sarbox that deals with internal controls over financial reporting.
That probably comes as news to most GCs and CFOs. While larger companies may have the systems and staff resources to realize efficiencies going forward, smaller companies may still be weighing the costs when they decide whether to go public. And where to go public.
What Makes an Ethical Executive?
October 16, 2007 | Filed Under Compliance, In the News
A trip to Shenandoah National Park in Virginia last week found me offline and unplugged for a period of time. Reading material was scarce, but I was able to secure a daily copy of USA Today by befriending the helpful staffer at the lodge front desk.
One article in McPaper caught my eye: a report about the background of former Enron “executive” Lynn Brewer. Ms. Brewer wrote a book, “Confessions of an Enron Executive: A Whistleblower’s Story,” which launched a career as a business speaker and advisor.
But according to the newspaper, Ms. Brewer’s executive status may not be as it seems; quoting two of her former supervisors, Mary Solmonson and David Gossett:
But her boss, Solmonson, says Brewer had no control over budget or salaries and that she herself, as a senior director, would not be considered an executive. Further, Brewer’s work had nothing to do with management. “What my group did was very much a clerical function,” says Solmonson, “an important clerical function, but it was clerical.”
Gossett, Brewer’s boss during her last months at the company, scoffs at the notion that she was an executive. He was a director at Enron, he says, and that didn’t qualify him as an executive. “There was no way she was an executive, not even with a little ‘e,’ ” he adds. “If she was an executive, she was in charge of nothing.”
The article also describes the circumstances of Ms. Brewer’s departure and weighs her claims of whistleblower status.
Senior corporate executives serious about compliance learn that people sometimes hear what you say, but they really watch what you do. They also learn that leadership is called for when dealing with two key management issues: responsibility and credit.
Responsibility is something you take.
Credit is something you give.
Data Security: IP Yes; Db No?
June 4, 2007 | Filed Under Technology, Compliance, General
A recent white paper prepared by Application Security and sponsored by the Ponemon Institute shows that organizations may be more focused on protecting their IP over various sensitive Dbs (databases). It’s a constant struggle trying to figure out how to protect data while allowing necessary access. Two key findings:
- Forty percent said their organizations don’t monitor their databases for suspicious activity, or don’t know if such monitoring occurs. Notably, more than half of these organizations have 500 or more databases – and the number of databases is growing.
- “Trusted” insiders’ ability to compromise critical data was cited as the most serious concern – with 57 percent perceiving inadequate protection against malicious insiders and 55 percent for “data loss” by internal entities.
We’ve previously seen the data security risks posed by departing employees. Law departments need to understand what their IT brethren are doing about this, knowing that some of the biggest potential risks are posed by the very people you are asking.
As Goes SOX?
May 31, 2007 | Filed Under Technology, Compliance
The financial gravy train ridden by auditing firms due to Sarbanes-Oxley compliance may be slowing down a bit.
ComputerWorld reports that average SOX compliance costs declined from $4.5 million in 2004 to $2.9 million in 2006. The main reason is not a surprise:
“Technology has a lot to do with the cost reduction,” said Sanjay Anand, chairperson of the Sarbanes-Oxley Institute. Public companies “are actually automating their controls. A good 20 to 30%, even as much 40%, of the cost reduction is actually coming from automated controls rather than manual controls.”
(A clear sign that SOX may be a bit over the top is that it has spawned its own institute.)
The experience that companies gained in automating processes due to Sarbanes-Oxley may now be extended to other areas of the enterprise. Lawyers know that a good deal of what constitutes ongoing legal services could be automated, or a least tracked better from a technology standpoint in the first instance.
That’s the start of any process improvement. Almost like magic, or like just adding water.
Update (1 June 07): One CEO writes in the Wall Street Journal that he doesn’t see Sarbox-related costs going down.
Search
Powered By
Links
| ||||
 | ||||
| ||||
| ||||
|
||||
