Complete Compliance Week 2007 Coverage
Every session at Compliance Week 2007 was covered by a member of Compliance Week's editorial staff. That coverage can be found below; in some cases, audio clips and transcripts are available:
KEYNOTE ADDRESSES
SEC’s White Talks 404, IFRS, Executive Pay
The SEC's John White
|
In the opening keynote speech for Compliance Week 2007, John White, director of the Division of Corporation Finance at the SEC, told attendees that the Commission will not proceed with any new rulemaking on disclosure of executive compensation this year, but companies should take that pause to keep perfecting the new disclosures they had to start making with this year’s proxy statements. White also said proposals due later this year to allow U.S. companies to file financial statements using International Financial Reporting Statements should be a “a wake-up call that this has become an important topic for U.S. domestic issuers and financial reporting generally.”
Olson: Guidance Coming To Implement AS5
The PCAOB's Mark Olson
|
PCAOB Chairman Mark Olson promised Thursday that implementation guidance for Auditing Standard No. 5 is coming later this year, which auditing firms and companies will be able to use as they go through Section 404 compliance under the new standard. Noting that the Board’s work around implementation of the new standard is “far form over,” Olson said the PCAOB in the coming months will work to communicate to audit firms its expectations on implementation of the new standard. The Board’s inspection program will also be adjusted to be consistent with the new standard. More of Olson’s comments, plus a downloadable MP3 recording of his speech, is inside.
Top Fraud Prosecutor Talks Criminal Probes
One of the Justice Department’s top fraud prosecutors had tough words for attendees at Compliance Week 2007 last week: If you think the cost of having an effective compliance program is expensive, try seeing how much the company will pay for having an ineffective one. “If you don’t have a good compliance program and we find out, we will give you a compliance program. I guarantee it will be something not to your liking,” said John Roth, chief of the fraud and public corruption section of the U.S. Attorney’s office for the District of Columbia. Roth gave a wide-ranging speech on how to cooperate with authorities during a criminal probe, and complete coverage is inside.
Best Practices For Managing e-Discovery Rules
Judge Lee Rosenthal
|
Federal District Court Judge Lee Rosenthal, instrumental in crafting the new rules for civil procedure in litigation, gave a host of recommendations Thursday on how companies can manage their legal legwork in the age of electronic discovery. Foremost, she said, the rules require “increased planning, increased preparation, and increased management at a level of detail that is much greater than was true for conventional discovery. Those demands apply to every player in the process,” including potential and actual litigants and in-house and outside lawyers and judges. Rosenthal’s tips on document retention, document destruction, meeting with opposing counsel, and more is inside.
Harvey Pitt On Why Bad Things Happen To Good Companies
Former SEC Chairman (and current Compliance Week columnist) Harvey Pitt closed out the Compliance Week 2007 conference with his Top 10 list of suggestions for corporate crisis management—or, as he put it, “when bad things happen to good companies.” Some of his more important points: always have contingency funds available to launch independent investigations, and be ready to hire someone other than your usual outside advisers; approach regulators as soon as you know of a problem and disclose it completely, before they find out the news from elsewhere; heed the governance responsibilities of outside directors, since directors surprised by scandal will turn against a CEO instantly. More of Pitt’s tips are inside.
CONFERENCE SESSIONS
Applying A Risk-Based Approach To SOX
Colleen Cunningham (far left) discusses risk-based approaches with some of her panelists.
|
Four top audit executives at large companies shared their thoughts Wednesday afternoon at Compliance Week 2007 on how their organizations embraced a more risk-based approach to auditing their internal controls for financial reporting. Foremost on their minds: effective risk assessments, strong processes to certify risks and controls, and how to reduce the menial testing of controls that might not be truly relevant to the accuracy of financial statements. Colleen Cunningham, former president of Financial Executives International and moderator for the discussion, said new SEC and PCAOB guidance will help, but “[It’s] harder than it sounds. There’s a lot of confusion out there.” War stories from Sun Microsystems, Boeing, Cardinal Health and Circuit City are inside.
Overcoming Adversity: HP, Fannie Mae Tales
Not long ago, Hewlett-Packard and Fannie Mae were poster children for sloppy corporate governance, garnering headlines about improper boardroom behavior (HP) and accounting scandals (Fannie Mae). How to recover from such crises? HP made major changes to its compliance function, such as assigning one outside director to oversee all investigations and creating a compliance council from its executive ranks, said Jon Hoak, chief ethics and compliance officer at HP. Fannie Mae’s chief compliance officer, Bill Senhauser, cultivated close relationships with Fannie Mae’s chief regulator. More of their tales on recovering governance credibility are inside.
Implementing ERM Efforts Successfully
Richard Steinberg discusses ERM
|
Richard Steinberg, founder of Steinberg Governance Advisors and a Compliance Week columnist, says there’s a difference between risk assessment and enterprise risk management—and that understanding this difference is key to being successful at the latter. “Risk assessment is a snapshot; ERM is ongoing,” he said. “ERM means identifying, assessing, and managing risk on an ongoing basis.” Companies do need the support of the board if they ever hope to implement ERM with any success, but the board must also understand its proper role and not delve too deeply into the minutiae of risk controls. More of Steinberg’s suggestions for ERM are inside.
Appearing At Congressional Investigations
If ever Congress tells you to do your civic duty and testify at one of its investigations, always remember: Your first business duty should be to try to get out of it. Executives often misunderstand the gravity of appearing before Congress, a Compliance Week 2007 panel said, and should try to avoid an appearance rather than testify and risk catching the interest of the Justice Department or other interested regulators. “The congressional hearing is only the tip of the iceberg,” said Joshua Hochberg, a partner at the law firm McKenna Long & Aldridge. “The more serious problem is the criminal investigation going on at the same time, or as a result of, the congressional investigation.” More advice is inside.
Smaller Companies Biting The Bullet On Section 404 Of SOX
Former Tenet Corp. CEO Janet Dolan discusses small company compliance.
|
Non-accelerated filers preparing for their first year of compliance with Section 404 need not panic … assuming they have already begun planning for the work. If not, expect a lot of heavy lifting in the next six to nine months. Former Tenet Corp. chief executive Janet Dolan, who served on the SEC’s Smaller Public Company Advisory Committee, warned: “Unless people are very thoughtful in the way they go about it and do everything they can to plan upfront to minimize wasted effort, it’s going to be a dramatic burden on them.” Other speakers at a Compliance Week panel on non-accelerated filers gave similar recommendations; complete coverage is inside.
The Conundrum Of Global Ethics Compliance
Enforcing compliance with corporate policies and government regulation can be difficult enough within the United States; add a dizzying array of cultural differences and regulatory jurisdictions that global corporations face, and compliance can seem impossible. At a panel on Thursday, compliance officers at several global businesses offered their tips on how to manage the challenge. David Golden, director of global business conduct and corporate audit services for Eastman Chemical, tells employees to ask themselves three questions: (1) How does it feel inside? (2) Have you told your supervisor? and (3) What would it look like on the front page of the local paper? “If after [number] three you’re still not sure, give me a call,” he said.
Principles For Unifying GRC Efforts
PricewaterhouseCoopers' Miles Everson
|
Since the early 1990s, some 125,000 new rules and regulations have piled up on American businesses, Miles Everson, a partner with PwC Advisory told attendees at Compliance Week 2007. That has led to duplicative, ad hoc compliance efforts to respond to individual risks—when companies should be adopting a principles-based approach to governance, risk and compliance just as their accounting functions do with Sarbanes-Oxley compliance, he said. “If we’re not ready to establish new models and thinking in the way we deal with these problems, we’re not going to win this game,” Everson said. His suggestions on how to structure a comprehensive, and affordable, GRC program are inside.
True, Successful ERM Must Go Beyond Financial Risks
If you only consider “risks” to be those of the financial type, you are only confronting the most easily identifiable of threats—and you’re missing many more risks that should be addressed, according to a panel of risk-management experts at Compliance Week 2007. Speakers from Xerox, Altria, Aquila and Eli Lilly all shared their tips and insights on managing risks, including more elusive concepts such as threats to company reputation. Companies can use Sarbanes-Oxley’s focus on financial reporting risks as a starting point, said Lynn Fountain, vice president risk assessment and audit at Aquila, but “then you realize there is just more there.” More is inside.
Experts Say Proxy Issues To Return With Vengeance in 2008
Nell Minow of The Corporate Liberary
|
Shareholder votes on executive compensation, majority-vote requirements for director elections, shareholder access to the proxy statement: expect all those annual meeting headaches of 2007 to return again, in force, in 2008. A panel of experts spoke about the surging tide in favor of more shareholder power over corporate policy and boards of directors, and all expect shareholders to get only more aggressive in 2008. Nell Minow, founder of The Corporate Library, said advisory votes on executive pay—popularly known as “say on pay” votes—will be “is pretty much a done deal. I think it will either become law or be universally adopted.” More insights about the complex times ahead for shareholders, boards, and annual meetings are inside.
Local Knowledge Key To Global Compliance
Coca-Cola CCO Mark Snyderman
|
There are no magic bullets in globalizing compliance efforts. But representatives from some of the planet’s more cosmopolitan companies—Coca-Cola and McDonalds among them—suggest hiring good local lawyers and getting on a plane as good places to start. Too often, a Compliance Week 2007 panel said, companies push compliance training onto local subsidiaries and consider the problem solved. Not effective, according to Mark Snyderman, Coca Cola’s chief ethics and compliance officer. “You've go to get on a plane. There’s no substitute for getting out there and understanding what those people are facing,” he said. More on managing compliance efforts globally is inside.
Building Sustainable 404 Compliance
Prudential Financial's Colm Keogh contributed to the panel on sustainable 404 practices.
|
Two panels Thursday morning tackled the elusive goal of how to make compliance with Section 404 of Sarbanes-Oxley sustainable for the long haul. The first session warned that treating Section 404 as a massive, standalone project might have seemed logical when it first arrived in 2004, but companies now must internalize the discipline 404 demands and communicate that to all business functions. A second panel looking at Auditing Standard No. 5 chimed in that companies and auditors should now push themselves to think about what risks the company truly has for material misstatement of financial statements, to make testing of internal controls over financial reporting a more flexible process.
Making The Business Case For Your GRC Efforts
Building the business case for governance, risk, and compliance programs is a harder than it was five years ago when Sarbanes-Oxley loomed and hulking fines were breaking news. These days, the fear factor alone won’t cut it, a panel of GRC experts said Thursday. Winning support—and funding—for GRC can be difficult because the improvement in corporate operations is hard to quantify in dollar terms. “You’re preventing a negative, and proving the value of a negative is difficult to justify in most corporate business cases,” said Mike Rost, head of marketing at GRC software firm Paisley. Insights from him, and the ethics officers from Best Buy and Time Warner are inside.
The Gap's Michelle Banks and Dun & Bradstreet Global Compliance Leader Jay Cohen field questions on risk assessments.
|
Reducing Risks: Gap’s Experience
Michelle Banks, general counsel at retailer Gap, took no prisoners when the company began an enterprise risk management effort: She forced staff to cut the company’s 300 key risks down to 25, and then presented those risks to Gap’s board in a five-page memo. “You can’t take every risk to the board. Only a few bubble up,” she said. “You are forced to prioritize and decide what can take your organization down. I have to make sure I am not the next Enron.” More on how Gap launched its ERM effort, along with the experiences of Wellpoint and Dun & Bradstreet, is inside.
The Top 10 List For Implementing AS5
Paisley's Bruce McCuaig
|
Fat risks, lean controls. That is the motto Bruce McCuaig, chief risk officer for compliance software firm Paisley Consulting, espouses for implementing the new SEC and PCAOB guidance. While Auditing Standard No. 5 does improve the audit of internal controls over financial reporting considerably, he said, it still talks of controls too much and risk too little. McCuaig offered a Top 10 list for companies trying to understand how audits should work under AS5, and how to build “lean” controls that address “fat” risks likely to occur. Details are inside.
Panel Discusses How They Measure Ethical Culture
Intel's Cary Klafter, far right, addresses culture, with SprintNextel's Christie Hill and moderator Scott Kirsner
|
It’s the $64 million question in Corporate America: How do you “measure” culture and determine whether your ethics and compliance initiatives really work? Despite governance and compliance moving into the mainstream of business life, that challenge remains daunting for companies of all stages and sizes, according to a panel of experts who spoke Wednesday afternoon at Compliance Week 2007. “We’re still struggling to figure out what our metrics ought to be,” Cary Klafter, corporate secretary at Intel Corp., told attendees. Klafter said measuring success and identifying the data that is “of real use” is an ongoing process. More is inside.
GRC Benchmarking: What's Working For Public Companies?
OCEG CEO Scott Mitchell
|
Unified governance, risk, and compliance efforts sound like fuzzy concepts at first mention, but techniques do exist to measure GRC performance and bring companies’ success at compliance (or lack thereof) into sharp relief. “Without improved business outcomes it becomes much more difficult to rationalize the [GRC] spend,” said Scott Mitchell, CEO of the Open Compliance and Ethics Group. More of Mitchell’s comments and suggestions on how to benchmark GRC performance are inside.
![[GO]](/_layout/img/search_go.gif)
In our first Compliance Week TV video we hear from Frank Diana, executive vice president of enherent Corporation, who discusses the challenges involved in information management. 
Compliance Education & Communications Mgr.
Access Management: Efficiency, Confidence, Control 
Code of Conduct
Whistleblower Guidelines
Improving GRC by Visualizing Your Data
SEC’s White Talks 404, IFRS, Executive Pay
View Video Of Conference Keynote Addresses
SEC Corporation Finance Director John White
Click Here For Information on Compliance Week 2008