Oversight Systems’
Financial Executive Survey Shows Enterprise
Risk Plagues Corporate America, Despite
Confidence in Risk Preparation
Study also finds financial
executives support regulations for executive
compensation, hedge funds
ATLANTA (June 26, 2006) - Companies are embracing the concept of
enterprise risk management but continue
to struggle with implementation according
to the findings in the 2006 Oversight
Systems Report on Risk Management.
The national survey of financial executives
released today also found room for improvement
in the way companies assess, manage and
prevent risk.
The report (available free at www.oversightsystems.com/survey)
indicates that nearly half of companies
surveyed (43 percent) report having faced
"significant operational surprises"
during the last year.
Executives recognize the value of enterprise
risk management with 58 percent of financial
executives reporting that their company
has an enterprise risk management approach
and philosophy that considers various interactions
among different types of risk. Identical
to the 2005 findings, this year 68 percent
of financial executives say their CEO is
placing greater emphasis on holistic management
of all types of risk. However, it appears
many critical elements of enterprise risk
management are still not in place in corporate
America.
"Clearly, executives see a need for
better risk management because companies
are getting burned on a regular basis,"
said Dana Hermanson, Dinos Eminent Scholar
Chair of Private Enterprise at Kennesaw
State University. Hermanson is also an advisor
to Oversight Systems. "We still see
a gap between top management believing that
their company employs enterprise risk management
and the reality that they are not pushing
ERM down through the organization with awareness
and training."
Only 33 percent of financial executives
say their company has formally trained executives
and business line managers to assess the
probability of various types of risk, down
from 35 percent last year. In addition,
41 percent of financial executives say their
company has a widely communicated definition
of risk, down from 45 percent in 2005.
"Financial executives and businesses
are beginning to embrace the concepts of
enterprise risk management, but implementation
and effectiveness are still in their infancy,"
said Mark S. Beasley, professor of accounting
and director of the Enterprise Risk Management
Initiative at North Carolina State University.
Beasley is also an advisor to Oversight
Systems. "While a majority say they
take a top-down approach to risk management,
many are not very sophisticated in their
risk management abilities."
Perhaps a cause for this drop in they way
organizations view risk management is an
apparent decreased pressure from key stakeholders
to manage risk. In 2005, 58 percent of respondents
reported they faced such pressures, while
in 2006 only 52 percent felt this way.
Enterprise Risk by Business
Function
A bright spot in the research study is that
financial executives polled reported across
the board increases in enterprise risk preparedness
during 2006 over 2005. In fact,
- 85 percent feel prepared for financial-reporting
risk, up from 78 percent in 2005
- 84 percent feel prepared for credit/market
risk, up from 68 percent in 2005
- 80 percent feel prepared for compliance
risk, up from 59 percent in 2005
- 77 percent feel prepared for strategic
risk, up from 54 percent in 2005
- 58 percent feel prepared for human
capital/labor risk, up from 56 percent in
2005
"After completing their exhaustive
work to comply with Sarbanes-Oxley, individuals
should feel confident in their controls
that address enterprise risk," Oversight
Systems CEO Patrick Taylor said. "However,
risk management must be implemented across
organizations, and forward-thinking executives
are examining the role of technology to
facilitate enterprise risk management in
their day-to-day operations."
Although more than a quarter of executives
(29 percent) say technology has no role
in their company’s overall risk management,
the majority see technology as helpful to
their risk management objectives. Nearly
a third (31 percent) say technology is used
in their organizations to identify existing
risk; 24 percent say technology is used
to identify existing risk and project future
risk; and 16 percent say they use technology
to identify existing risk, project future
risk and reduce risk.
Ownership of Enterprise
Risk
Ownership of risk is still clearly a C-Suite
job according to those surveyed. Eighty-six
percent identified a senior executive with
explicit responsibility for overseeing the
management of all risk across the enterprise.
The CFO was named by 44 percent, the CEO
by 20 percent and 8 percent said the Chief
Risk Officer.
"With Sarbanes-Oxley, we’ve
seen a big shift away from the finance-oriented
CFO and back toward the accountant CFO,
but this survey shows that your CFO can’t
just be a bean counter. Your CFO must also
understand risk management," Hermanson
said.
Risk Management &
Sarbanes-Oxley
The idea of risk management is also working
its way into Sarbanes-Oxley compliance.
Almost a third (30 percent) of financial
executives surveyed said their internal
controls audits – as required by Section
404 of Sarbanes-Oxley (SOX) – employed
more of a risk-based approach to evaluating
control effectiveness. However, 33 percent
said their company saw no significant change
during its second year of compliance with
the regulation. Eighteen percent said they
had a greater reliance on technology to
monitor the effectiveness of internal controls.
View on Executive Compensation
Control
When asked about the role of regulating
executive compensation, a clear majority
of financial executives (82 percent) were
in support of some kind of Securities and
Exchange Commission guidance. According
to financial executives surveyed:
- 64 percent say companies should
explicitly report post-employment agreement
on compensation (i.e., golden parachutes)
- 58 percent say companies should
explicitly report the dollar value of all
non-cash and non-stock compensation and
benefits greater than $10,000 (i.e., private
use of corporate jet, use of residential
real estate, etc.)
- 56 percent say companies should
explicitly report the dollar value of stock
grants and potential future stock grants
- 13 percent say no executive should
receive total compensation greater the a
set multiple of the company’s median
compensation
Hedging Personal Investment
Risk
Turning from corporate risk to personal
investment risk, the survey also asked financial
executives about their feelings on hedge
funds. Extremely popular today, hedge funds
now number more than 8,000. The growth of
these largely unregulated investment vehicles
has been considerable, more than quadrupling
their assets since 1999, today hedge funds
manage close to $1 trillion.
Nearly all respondents (92 percent) feel
leery about hedge funds, reporting they
do not have any of their personal funds
invested in hedge funds. Accordingly, 94
percent of respondents feel hedge funds
should be required to have a higher-level
of transparency. Respondents report that
hedge funds should annually be required
to report:
- Portfolio breakdown – by asset
type, market cap and industry allocations
(65 percent)
- Number of positions – the
percentage of the portfolio in each of the
top 10 positions and identification of these
holdings (53 percent)
- Leverage – both at the time
of the audit and the maximum amount used
at any point during the year (52 percent)
About the 2006 Oversight
Systems Financial Executive Report on Risk
A total of 230 financial executives participated
in this study, which was conducted at a
number of executive-level conferences during
March and April of 2006. Titles of those
surveyed included chief financial officer,
chief audit executive, controller, internal
audit director and treasurer.
This study follows the January release
of the 2006 Oversight Systems Financial
Executive Report on Sarbanes-Oxley,
which identified growing benefits of SOX
compliance and specific compliance goals
for 2006. Also recently released was the 2005 Oversight Systems Report on Corporate
Fraud, a survey of certified fraud
examiners which found most fraud examiners
view SOX as an effective tool in fraud identification,
though few think it will change the culture
of business leaders. All these research
studies can be downloaded for free by visiting www.oversightsystems.com/survey.
EDITOR’S NOTE:
Camera-ready charts and graphs of the findings
from the 2006 Oversight Systems Report
on Risk Management are available by
contacting Donna Askew
by phone at 770.984.4650
or by email at donna.askew@oversightsystems.com.
About Oversight Systems, Inc.
Oversight takes continuous monitoring to the next level by combining an audit data warehouse, advanced analytics and workflow into a single, integrated, application. By inspecting each step of individual transactions across systems, Oversight identifies errors, control violations and fraud to drive higher levels of performance and compliance. Oversight's platform automates the entire life cycle finding problems in business processes, fixing those problems and proving the problems were resolved. Oversight is the solution of choice for those CFO's, CIO's and CISO's serious about compliance and enhancing their financial performance. For more information, visit www.oversightsystems.com.
|
