Communication: the overlooked component of effective risk management

Is your internal audit plan working at cross purposes with your company strategy? Missed communication opportunities may make it appear that way. I was drawn to that observation in Aligning Internal Audit: Are You on the Right Floor? a new PwC white paper that suggests that the role of internal auditors is changing as stakeholders increasingly appreciate their risk management contributions.

Internal auditors add value to their companies by identifying risks as business strategies evolve. That value is diminished if they’re unaware of key decisions taken on the top floor. The objective of a program audit will change if, for example, the company is divesting itself of the program. Bottom line? Seeking strategy intel is vital to earning respect for internal auditors.

Communication style is the other key to helping execs view internal auditors as team players. When reporting results, consider the audience. That means headlining findings for top brass. All the gnarly details should be readily available for anyone who wants to wade through them, but spend your face time (or devote your report cover memo to) identifying the items of concern and your recommendations for dealing with them.

Internal auditors typically have access to all areas of their company. That perspective means that occasionally you’ll have good news to share—for example, efficiencies that can be implemented. The tone with which you communicate this information is just as important as the tone you take in delivering news about potential risks. Buy-in for your suggestions has a lot to do with the way they’re delivered.

Like tone, timing is crucial to maintaining trust with the rest of the company. If you want your audience to become defensive and view you as an adversary, just try springing all your concerns at the end of an audit. As a general rule, keeping business owners and execs informed as you find issues makes for a relationship of respect. No one wants to be blindsided by a problem with no corrective plan in sight.

Finally, weigh your communication options. You may have noticed, as I have, that voice inflections don’t register in digital formats, so sending an email may not always be the best choice. Sometimes picking up the phone or meeting face-to-face enhances communication, and improving the lines of communication within your company is a key step in identifying the risks it faces.

/by
, ,

Where is SOX really headed?

The passage of the Sarbanes-Oxley Act 10 years ago dramatically improved corporate governance in U.S. companies, restoring investor confidence in U.S. capital markets in the wake of headline-making accounting blowups (Enron, WorldCom, et al). SOX instituted rules on the composition of audit committees, established the Public Company Accounting Oversight Board (PCAOB) to provide independent oversight of audit firms and spelled out civil and criminal penalties for CEOs and CFOs. But when SOX is mentioned, most people immediately think of Section 404 (internal controls over financial reporting), which continues to take heavy criticism—not always deservedly.

Initially, implementation of SOX 404 was difficult, cumbersome and expensive. Companies had to formalize their system of internal controls over financial reporting and invest resources in designing, documenting and testing the effectiveness of controls, even in areas that would not reasonably give rise to a misstatement of financial results. Over time, though, the rules were revised and both managers and auditors learned how to apply judgment to principals-based regulations and develop supportable positions. Companies incorporated internal controls into their normal workflow and created cost-effective programs to improve the integrity of their financial reporting. A November 2009 study published by Audit Analytics found that the rate of financial restatements was 46 percent higher for companies that did not comply with all of the SOX internal control provisions than for companies that did.

Some companies comply with the letter of the law, but do not embrace the spirit of SOX 404, viewing it as a check-the-box exercise. They use lower standards of evidence (for example, inquiry only rather than re-performance), and their SOX testing is neither meaningful nor insightful. That means their results are not informative. This approach would not pass muster under an independent audit, and since all but the smallest public companies (those with less than a $75 million public float) have been subject to audit attestation, most public companies have ended up with meaningful SOX results.

Now, recent developments are sending conflicting messages about the direction of SOX rules.

The JOBS Act granted a five-year exemption from SOX audit attestation for newly public companies with less than $1 billion in revenue—a huge swing in the direction of more leniency.

In the other direction, PCAOB reviews of Big Four audit firms have led auditors to ask for more robust documentation of internal controls and more thorough testing of the data used to support the effectiveness of controls. And COSO, which publishes the most widely used framework for designing and assessing internal controls, has issued an exposure draft of an updated internal control framework intended to address changing technology and globalization, as well as to provide greater clarity on designing and maintaining an effective system of internal controls. Given that the draft runs to more than 500 pages, reviewing, revising and implementing the guidance from the new framework is no small undertaking.

So where are we headed? My fear is that we are taking a big step backward. By exempting some companies from SOX audit attestation, we turn a blind eye to ineffective internal controls and erode investor confidence in financial statements. At the same time, the updated COSO framework and requirements for more robust SOX documentation seem to be pushing nonexempt companies back to the difficult, cumbersome and expensive path, without any increase in financial statement integrity. Neither of these directions is in the best interest of companies or investors.

/by
, , , , ,

Will your equity compensation strategy take you from start-up to exit?

RoseRyan, along with the Melita Group, is presenting a free breakfast seminar, “Equity compensation: end-to-end strategies for private companies,” on October 30 in Palo Alto.

Your equity compensation plan’s design and execution affects your ability to retain employees, your readiness for exit and your market valuation, as well as other areas of the business. How do you set yourself up for success? If you don’t have an equity compensation plan for an M&A deal or IPO, now is the time to develop one.

“Equity compensation: end-to-end strategies for private companies,” will give you tips on:

  • Real-world (not pie-in-the-sky) equity comp strategies
  • Choosing the right equity comp vehicles
  • Avoiding common stock comp pitfalls
  • Preparing for—and making the most of—a liquidity event

For this seminar, we tapped some of the Bay Area’s savviest equity experts.

Alexander Cwirko-Godycki, senior manager, Radford: Alex supports Radford’s compensation consulting practice by creating new intellectual property and data-driven content. He is co-creator of Radford’s pre-IPO/venture-backed company online portal.

Kelley Wall, Technical Accounting Group, RoseRyan: Kelley leads RoseRyan’s Technical Accounting Group, advising clients on complex accounting matters and assisting with strategic business transactions such as IPOs, mergers and acquisitions, joint ventures and divestitures.

Ellen Sueda, senior counsel, Seyfarth Shaw LLP: Ellen works in Seyfarth Shaw’s Employee Benefits and Executive Compensation department, advising employers on tax, securities and employment law matters.

Carrie Kovac, director of finance, Symantec: Carrie is responsible for all company operations related to equity, including ASC 718, SOX, SEC reporting, global stock programs and the annual proxy statement.

The seminar takes place 8–10 a.m. at the Westin Palo Alto in Palo Alto. Get details and register here.

/by

New consultants beef up compliance, emerging growth services

RoseRyan has two new gurus to introduce: Cedric Armstrong and Sharon Knestrick.

Cedric is an IT compliance specialist who likes nothing better than to assess systems for risk and develop policies and procedures for IT security and computer operations; he’s also got SOX IT down. He has abbreviations like CISA, CISSP, CTGA and CFE following his name, so you’d think he’d be, well, geeky. He isn’t. Cedric has lived in eight countries, and he was with EY, then Deloitte, before he became a consultant some years back.

Sharon’s background is in accounting manager and controller roles at emerging growth companies, so she’s been instrumental in helping businesses get off the ground, she thrives on change and she understands how everything works together. She also has a strong systems background, so she can tackle just about any software known to accounting. The Financial Literacy Project for teenagers sponsored by the American Society of Women Accountants in San Francisco is near to her heart.

/by
, ,

The view from Mission Bay: the future of biotech looks pretty bright

I was fortunate to attend “Winning Strategies in Life Sciences: Pursuing Success in Today’s Changing Environment,” an all-day conference held October 5 at the University of California, San Francisco’s beautiful new Mission Bay campus. It was sponsored by Foley & Lardner LLP, Silicon Valley Bank, BayBio, QB3 and RoseRyan. The focus areas covered maximizing growth potential, designing models for the wireless health care industry, ensuring global intellectual property and big-pharma mergers and acquisitions. Part of my quest was to answer a burning question: why isn’t biotech doing better, since the baby boomers’ demographic trends indicate that people are living longer, with a higher quality of life?

The sessions were a little more upbeat than the biotech news has been over the past two years—the industry has taken a beating as venture capitalists have focused on hot new social media and technology start-ups at the expense of the sometimes-capital-intensive biotech industry. One area of intense pride is the new QB3 incubator on UCSF’s Mission Bay campus. It is now full of start-ups (more than 40) that are given access to tools, money and networking opportunities, and find it easier to get from start-up mode to their first and second round of funding. Housed on the Mission Bay campus with other aspiring entrepreneurs, they can share ideas and contacts that can help accelerate their progress. Also, the QB3 center provides a concentrated area of experts that venture capitalists and other companies find attractive. QB3 has partnerships with outside venture partners (as well as service providers) that have poured more than $10M into the start-ups and is in the middle of raising an additional $10M to put into new companies. This is a little known success story outside of the biotech industry!

Some insights from the sessions included:

  • The FDA has gotten better with providing clearer direction, but still has a ways to go.
  • Angel investors like health care IT, because there are fewer regulatory hurdles to jump over.
  • The health care IT sector has had rapid growth due to ARRA’s funding for electronic health records, which provides $45,000 for providers who are “meaningful users” of the technology. This is a clear edict that should provide rapid automation (and hoped-for cost savings) over the next five to 10 years.
  • Investors are frightened by the large numbers of patents that are expiring over the next three to five years, because generics radically drive down the cost of pharmaceuticals.
  • Capital efficiency is key for companies that must deal with a difficult regulatory environment.
  • Many companies continue to go outside of the U.S. to accelerate their testing requirements.
  • The JOBS Act will not have a great influence on whether companies file to go public or not.
  • Wireless is a booming area of biotech growth, as companies are rushing to build applications that focus on personalized medicine and the improving relationships between doctors and health care providers. One wireless private network provider has analyzed more than 25,000 applications.
  • Mergers and acquisitions continue to far outweigh IPO exits. It is imperative for companies to plan for potential exits one to two years in advance.
  • More M&A events are focused on changing the landscape of drug/device combinations, building infrastructure in noncore areas and growing holistic end-to-end solutions.

Although the economy is still muddling along, biotech is holding its own in the Bay Area. I didn’t get my answer to why biotech isn’t booming now, but with the baby boomers aging, Obamacare coming and the pace of innovation increasing, the future looks pretty bright.

/by
,

CFOs take note: the triple bottom line is the future

For people, a sustainable life is all about reducing clutter, lessening your carbon footprint, recycling, conserving energy and water, and the like. For corporations, the quest for sustainability usually starts with a business transformation that not only will benefit the planet but also can reduce costs and improve competitiveness and reputation. Indeed, studies such as PwC’s 2011 Carbon Disclosure Project Global 500 report suggest a strong correlation between financial and sustainability performance.

Increasingly, macro forces such as technology innovation, globalization, resource constraints, climate change, regulation and biodiversity issues are exerting pressure on companies and their stakeholders. As a result, we are witnessing a paradigm shift in sustainability, from an environmental and social program to an integrated core business strategy and culture that looks beyond the single bottom line of profit to include key stakeholder requirements—often characterized as the “triple bottom line” of people, planet and profit. In this model, a company’s success is assessed and measured in the eyes of its beholders: suppliers, vendors, consumers and the community.

Integrated reporting: adding the triple bottom line

The future of corporate reporting is integrated reporting, which links the single bottom line of financial results to the triple bottom line of environmental, social and governance performance (ESG). The International Integrated Reporting Council (IIRC) is addressing those challenges, as is the brand-new Sustainability Accounting Standards Board (SASB). Integrated reporting is also being addressed by the Global Reporting Initiative (GRI), which provides the industry-standard Sustainability Reporting Framework that guides companies on how to identify material sustainability measurements.

Until recently, sustainability reporting has been voluntary, covering ESG performance measures such as reduction of energy, water and waste use, supply chain management, workplace safety, human and labor rights, and environmental practices. Now there is increasing demand from stock exchanges, regulators and investors to deliver transparent metrics and integrate sustainability practices into their core business strategy. For example, the NASDAQ recommends reporting on greenhouse gas emissions, water use and gender equality, and the London Stock Exchange will mandate reporting on greenhouse gas emissions effective April 1, 2013. Recently, the SEC mandated the disclosure of conflict minerals beginning in 2014. California has enacted legislation requiring disclosure of a company’s efforts to address risks related to slavery and human trafficking in its supply chains. According to Ernst & Young’s report on leading corporate sustainability issues in the 2012 proxy season, environmental and social proposals continue to dominate compared to other shareholder resolutions on U.S. proxy ballots. In April 2012, the GRI and Deloitte launched a new XBRL taxonomy that will help reveal sustainability data more quickly and easily.

CFOs add sustainability to their plate

The CFO’s responsibilities are ever increasing, from overseeing IT, facilities and procurement to corporate counsel, investor relations, HR and now sustainability. “Traditionally, sustainability issues have fallen outside the jurisdiction of the CFO. CFOs ran the numbers, letting others handle soft issues such as social responsibility and corporate citizenship,” notes a report on “How sustainability has expanded the CFO’s role” from Ernst & Young. “Sustainability issues and financial performance have begun to intertwine,” the report observes. “CFOs are getting involved in the management, measurement and reporting of the companies’ sustainability activities. This involvement has expanded the CFO’s role in ways that would have been hard to imagine even a few years ago.”

The bottom line: sustainability is here to stay. The E&Y report recommends a few actions CFO can take now to enhance their companies’ value through social and environmental programs. Companies that do not report sustainability data should consider how to measure and report on ESG performance. Companies who do should consider third-party assurance to enhance disclosures and their reputation with key stakeholders. The CFO’s organization should leverage and build its accounting system to measure and report sustainability metrics, align tax and risk management initiatives to incorporate sustainability, develop communication strategies, monitor the regulatory and risk compliance landscape and collaborate with their stakeholders: executives, employees, suppliers, customers and investors. CFOs might also consider using performance goals and other nonfinancial metrics to link company goals and social/environmental strategy.

CFOs and corporate boards, take note: it won’t be long before sustainability key performance indicators are incorporated into the Form 10-K. Take action and don’t be left in the dark.

We hope to continue exploring these issues in future posts.

/by

Work-life balance: fact or myth?

The subject of juggling a career and personal life is becoming more prevalent with women like Marissa Mayer of Yahoo in the spotlight. According to the U.S. Department of Labor, nearly 71 percent of women with children under 18 years old were in the labor force or looking for work in 2011. Working mothers (and many fathers) encounter a common dilemma—a typical job in Silicon Valley involves long hours, a stressful commute and little flexibility. Parents are faced with daycare challenges, classroom involvement and a multitude of kid-related sports and activities. Multiply this by two or three children, and parenthood becomes a part-time job. Mix it all up in a pot and you’ve got a recipe for gray hair, lack of sleep and a feeling that you are failing your employer, spouse and children all at the same time.

Two years ago, I was laid off from my part-time accounting job during maternity leave with my second child. Panic set in—how could I find a role that would allow me to successfully manage both my professional and personal life as a mother of two small children? I had experienced the Silicon Valley grind for 18 years and knew that hectic lifestyle would no longer work for me and my family.

Little did I know that my situation was actually a blessing in disguise. I landed at RoseRyan and never looked back. The position gave me part-time employment, a flexible schedule and the option to work from home. The job was challenging and fulfilling, and it provided the intellectual stimuli that I longed for as a mother of young children. I soon discovered that consulting is a virtual utopia for parents or anyone who desires that elusive work-life balance.

Working at RoseRyan has given me the best of both worlds—a rewarding career and involved parenting, and my family is happier because of it. I recently decided that it was time for me to recapture a fragment of my life before kids (a very distant memory!), so I signed up for a triathlon and started training. This would never have been possible if it weren’t for the flexibility of my job. We parents tend to focus all of our energy externally, but it is important to take the time to fulfill ourselves as well.

RoseRyan is a woman-owned and managed business that provides a challenging work environment while encouraging a balance between business and family. They have been there and they get it. Sound too good to be true? It’s not—if you are interested, check out our jobs page.

/by