ATLANTA (Aug. 2, 2005) - Oversight Systems Inc. today announced the results of the 2005 Oversight Systems Financial Executive Report on Risk Management, a survey of U.S. financial executives. The Oversight Systems report shows the majority of financial executives surveyed say their CEO is very interested in risk management, but corporate America has yet to act to address this concern.

The survey reveals that 68 percent of financial executives say their CEO is placing greater emphasis on the management of all types of risk on a holistic basis. Three out of five (60 percent) say their company has an enterprise risk management approach and philosophy that considers various interactions among different types of risk.

"It's encouraging to see this level of interest from the C-suite in the management of corporate risk, but the challenge in the coming years will be for corporate America to transform that interest into action that leads to better management and an improved bottom line," said Patrick Taylor, CEO of Oversight Systems.

The survey shows that critical elements of risk management are not in place. Only 35 percent of financial executives say their company has formally trained executives and business line managers to assess the probability of various types of risk. Most (55 percent) companies do not have a member of senior management with explicit responsibilities to manage risk. Again the majority of those surveyed (55 percent) say their company does not have a widely communicated definition of risk.

"This survey indicates that corporate America faces a gap between the perception of risk management and the reality of an effective risk management program," said Dana Hermanson, Dinos Eminent Scholar Chair of Private Enterprise at Kennesaw State University. Hermanson is also an advisor to Oversight Systems. "CEOs are under pressure from shareholders, creditors and regulators such as the New York Stock Exchange to better manage enterprise risk, but executives are struggling to define exactly what that means for their companies."

The demand for better risk management may originate from recent history when companies were unprepared to manage unforeseen events that affected their sales, production costs or other aspects of their operations. More than half (54 percent) of those surveyed report having faced "significant operational surprises" during the last five years, and 52 percent say key stakeholders such as creditors and bond-rating agencies pressure them to manage all types of risk.

Enterprise Risk by Business Function
When asked, the majority of financial executives indicated their organizations were more prepared than not to assess and manage the risk associated with most business functions.

Companies are most prepared to assess and manage risk within financial reporting (78 percent); followed by credit/market risk (68 percent); legal risks (66 percent); reputation risk (64 percent); IT risk (63 percent); and operations risk (63 percent).

At the bottom of the list - but still breaking the halfway mark - is the ability to assess and manage the risk associated with compliance (59 percent); human capital (56 percent); and business strategy (54 percent).

"Clearly, regulations like Sarbanes-Oxley have forced some companies to take steps in the right direction by addressing financial reporting risk," said Mark S. Beasley, professor of accounting and director of the Enterprise Risk Management Initiative at North Carolina State University. Beasley is also an advisor to Oversight Systems. "Savvy leaders should use this experience to create a competitive advantage for their organizations by aggressively assessing and managing the risk found in other areas of their business."

The Role of Technology in Risk Management
Although more than a quarter of executives (28 percent) say technology has no role in their company's overall risk management, the majority see technology as helpful to their risk management objectives. A full quarter (25 percent) say they use technology to identify existing risk, project future risk and reduce risk; 32 percent say technology is used in their organizations to identify existing risk; and 15 percent say technology is used to identify existing risk and project future risk.

"The use of technology in risk management appears to be in its infancy, with only a quarter of companies using technology to identify existing risk, project future risk, and reduce risk. More than a quarter of the survey's respondents don't leverage technology to enhance risk management," Hermanson said. "As the practice and implementation of risk management mature, more executives will recognize and rely upon technology solutions to provide the infrastructure of risk management."

SOX 404 Compliance Year Two
When asked how they expect their external audits of internal controls to change in year two of complying with Sarbanes-Oxley's section 404, 42 percent of financial executives said they were focusing more on changes to controls as opposed to what was already documented in year one, and 40 percent said they would increase their use of a risk-based approach to auditing internal controls.

Twenty-three percent expect to have a greater reliance on technology to monitor the effectiveness of internal controls; 21 percent predict a greater reliance on internal auditors to test controls; and 21 percent plan to reduce the number of key control activities.

However, 21 percent of the financial executives surveyed are predicting no significant change in the role of external audits and internal controls in year two of SOX. Twenty-two percent are predicting less testing of internal controls that are not directly tied to financial reporting, and 15 percent say there will be less testing of automated controls due to the presence of good IT general controls.

"In the second year of SOX 404 compliance, auditors are moving toward audit efficiency by focusing on changes in controls and incorporating a risk-based approach to auditing internal controls. These changes are consistent with the theme of recent PCAOB guidance that suggests auditors went a little overboard in year one," Hermanson said.

About the 2005 Oversight Systems Financial Executive Report on Risk
This survey of financial executives was conducted at the FEI Summit 2005, a Financial Executive International conference held in May 2005 to explore the evolution of the role of financial executives from financial to policy. Titles of those surveyed included chief financial officer, chief audit executive, controller and treasurer.

This study follows the April release of the 2005 Oversight Systems Financial Executive Report on Sarbanes-Oxley, which found that nearly half of financial executives feel the biggest issue related to compliance is the need to maintain the morale of the employees responsible for compliance. The company also published the 2004 Oversight Systems Financial Executive Report On Sarbanes-Oxley, released in December 2004. This report showed that most financial executives were torn on the cost vs. benefits of Sarbanes-Oxley compliance, and it has been cited in the Public Company Accounting Oversight Board (PCAOB) Release No. 2005-009, a policy statement regarding implementation of auditing standards. Both reports can be downloaded for free at www.oversightsystems.com/survey.



EDITOR'S NOTE:
Camera-ready charts and graphs of the findings from the 2005 Oversight Systems Financial Executive Report On Sarbanes-Oxley Compliance are available by contacting Donna Askew by phone at 770.984.4650 or by email at donna.askew@oversightsystems.com.

About Oversight Systems, Inc.
Oversight takes continuous monitoring to the next level by combining an audit data warehouse, advanced analytics and workflow into a single, integrated, application. By inspecting each step of individual transactions across systems, Oversight identifies errors, control violations and fraud to drive higher levels of performance and compliance. Oversight's platform automates the entire life cycle finding problems in business processes, fixing those problems and proving the problems were resolved. Oversight is the solution of choice for those CFO's, CIO's and CISO's serious about compliance and enhancing their financial performance. For more information, visit www.oversightsystems.com.

Contact for Oversight Systems: Donna Askew sales@oversightsystems.com 770.984.4650

Press Contact Nathan F. Walch nathanw@connectpr.com 801.373.7888