Corporate Governance, Risk Management and Assessment: Does One Size Fit All

1
Corporate Governance, Risk Management and
Assessment Does One Size Fit All?

• Presented by
• Randy Hewitt, Partner, CPA, CBA
• Brett Schimanski,
• Sr. Managing Consultant, CRCM
• March 15, 2007

2
BKDs Presenters
Randy Hewitt
Brett Schimanski
3
Topics Well Cover

• History in Brief
• Definitional Dilemmas
• Key Governance Elements
• Roles and Responsibilities
• Risk Assessment Jungle
• What Size Fits Me?
• Resources
• Questions?

4
History in Brief

• 1977?Foreign Corrupt Practices Act (FCPA)
• Prohibit bribery of foreign official by US
  corporations
• Accurate books, records and accounts
• Issuers maintain a responsible internal control
  system
• Domestic corporations prohibited from bribing
  foreign official, political party or candidate

5
History in Brief

• Early 1980s
• Deregulation of SLs Garn-St. Germain
• ALM full court press
• 1985?Committee of Sponsoring Organizations of the
  Treadway Commission (COSO)
• National Commission on Fraudulent Financial
  Reporting
• Studied factors leading to financial reporting
  fraud
• Developed recommendations

6
History in Brief

• 1986?Money Laundering Control Act
• Teeth to 1970 BSA
• 1988?FCPA Amended
• Retained three basic requirements with some
  modification of definitions and penalties
• 1991?FDIC Improvement Act (FDICIA)
• Filings starting in1994

7
History in Brief

• Y2K
• 9/11
• 2001?Enron
• 2002?WorldCom
• 2002?Sarbanes-Oxley Act (SOX)
• Public Company Accounting Oversight Board
• Accelerated Filers

8
History in Brief

• 2005?SOX compliance date extended for
  non-accelerated filers
• 2006?SOX non-accelerated filers
• Management reporting extension
• Auditor attestation reporting extension

9
Definitional Dilemmas

• Corporate Governance
• Sometimes called Organizational Governance
• Achieving good results the right way
• Policies, procedures, rules processes
• Governing of relationships
• Shareholder/stakeholder
• BOD
• Management

10
Definitional Dilemmas

• Behavioral
• Cultural
• Regulator vs shareholder-led
• Risk
• Generically?A factor, thing, element or course
  involving uncertain danger
• Reflects personal and corporate roads traveled
• Intellectual and emotional

11
Key Governance Elements

• Designated ownership and accountability
• Established and understood framework
• Communication process
• Monitoring and measurement
• Reporting
• Training
• Active vs reactive

12
Roles and Responsibilities

• Board of Directors
• All roads lead to them
• Ultimate accountability to shareholders and
  regulators
• Oversight of governance activities
• No direct management
• Tone at the top

13
Roles and Responsibilities

• Executive/Senior Management
• Strategic direction
• Value system
• Model tone at the top
• Risk management
• Accountability to the Board

14
Roles and Responsibilities

• Operational Management
• Strategic deployment
• Enforcement
• Supervision
• Accountability to senior management

15
Roles and Responsibilities

• Internal Auditing
• Assessment
• Design of control system
• Control system operations
• Advice
• Independence
• Accountability to the Audit Committee

16
Roles and Responsibilities

• External Auditing
• Financial statement attestation
• For some, attestation on internal controls
• Independence
• Accountability to Board (audit committee),
  shareholders and regulators

17
Roles and Responsibilities

• Audit Committee
• Composition
• Membership
• Chairperson
• Industry knowledge
• Charter
• Approval
• Elements
• Compliance

18
Roles and Responsibilities

• Risk management oversight
• Understand risk
• Understand the monitoring process
• Oversight of monitoring process
• Assessment of results
• Financial reporting
• Accounting policy
• Review of financial results
• External auditors

19
Roles and Responsibilities

• Meet
• Ethics
• Code of Conduct
• Tone at the Top
• Training
• Whistleblower
• Self-evaluation

20
Risk Assessment Jungle

• Are we in risk assessment overload mode?
• Examples
• Internal audit risk assessment
• IT risk assessment
• BSA risk assessment
• Regulatory compliance risk assessment
• Information security risk assessment

21
Risk Assessment Jungle

• Operations risk assessment
• Insurance risk assessment
• Fiduciary risk assessment
• Enterprise, enterprise-wide, or entity-wide risk
  assessment
• How many risks are there to assess?
• Credit, environmental, operational, reputation

22
Risk Assessment Jungle

• Interest rate, liquidity, market, price,
  counter-party
• Strategic, compliance, fiduciary, legal
• Financial, foreign, political, security
• Risk management
• Avoid
• Transfer
• Manage

23
What Size Fits Me?

• What makes sense?
• Recognize that your organization is and is not
  unique
• Understand that this is not a solo sport
• Do some research
• Top down approach
• Strategic orientation
• Take an inventory

24
What Size Fits Me?

• Vested interest
• Consequential thinking
• Value

25
Resources

• www.sec.gov
• www.pcaobus.org
• www.coso.org
• www.theiia.org
• www.isaca.org
• www.aba.com
• www.icba.org

• www.fdic.gov
• www.ffiec.gov
• www.federalreserve.gov
• www.occ.treas.gov
• www.ots.treas.gov
• www.ncua.gov

26
How to Contact Us

• Randy Hewitt
• BKD, LLP
• 201 N. Illinois St.
• Indianapolis, IN 46244
• 317 383-4190
• rhewitt_at_bkd.com

• Brett Schimanski
• BKD, LLP
• 201 N. Illinois St.
• Indianapolis, IN 46244
• 317 383-4203
• bschimanski_at_bkd.com