In the latest of our conversations with chief accounting, compliance, and governance officers, we catch up with Chris Anderson, corporate controller at Burger King Holdings. Anderson was appointed to his job in July 2007 and is responsible for risk management, global accounting operations, and external reporting, as well as the finance functions in Europe, Asia Pacific, and Latin America. Readers can also visit our archive of Q&A interviews.

DETAILS

Anderson

Chris Anderson is senior vice president, finance and corporate controller for Burger King Corporation. In this role, he is responsible for the finance teams supporting operations, franchising & development, real estate, and marketing. He is also responsible for risk management, global accounting operations, external reporting, and the finance functions in Europe, Asia Pacific and Latin America.

Prior to joining Burger King Corporation, Anderson served as controller and director of finance for the North American Commercial PC Division for Hewlett-Packard. In that role, he was responsible for managing all financial aspects of the commercial PC group. He also held positions with increasing responsibility at the Compaq Computer Corporation and PricewaterhouseCoopers LLP.

COMPANY BASICS

Company

Burger King

Headquarters

Miami

Employees

37,000

Industry

Food and Beverage

’07 Revenue

$2.2 billion

Take us through the specifics of your relatively new role at Burger King.

My responsibility is for three pieces: North America, international, and corporate. In North America, I’m responsible for restaurant finance, franchise finance, marketing finance, and real estate finance. On the international side, I oversee Asia-Pacific, Latin America, and Europe. Then, for Corporate I’m in charge of the risk-management group and oversee the worldwide consolidation of financial reporting and corporate accounting. That includes our shared service accounting team at the corporate level, which is accounts payable, accounts receivable, payroll, and other critical central processes. I have a lot.

Specifically in regard to compliance, what are your main priorities for 2008?

One of our biggest things is data integrity; protecting personal data of customers, vendors, or what have you, is a priority for us. Also, we’re looking at a realignment of our company structure in the coming year, which will bring about considerable change. We’re going from 60 percent owned by private equity to 43 percent owned, so now we have to foster greater independence at the board level with our governance and compensation committees over the next 12 months or so.

As it stands, we have 13 board members, six from the private equity side, six independent board members appointed by proxy and internally, and the CEO is the last member. We’ll have to make some changes in the way of just realigning the board and committees based on the new ownership structure. That plays into taking up governance, risk, and compliance initiatives, and figuring out how we approach them going forward.

So how will you do that—combine macro-level governance at the board level and risk management at the process level?

The way it works is you have the CEO, CFO, and general counsel who are jointly in charge of compliance administration at the entity level, the tone at the top. Then you have a risk-management piece sectioned off in two parts: operational and finance and market risk. Below that there is a non-financial compliance portion (HIPAA and the rest) that gets taken care of by various managers and staff.

As far as finance, there is cross-functional representation with legal involved. For example, our assistant general counsel sits in on the biweekly SOX meetings and also reports to our top compliance officer. For the Food and Drug Administration, we have someone at the vice president level, who is very seasoned and knows the industry well. So it’s very team-oriented. I think we’ve done a good job thus far.

What special compliance challenges does Burger King, a food-service conglomerate with many locations, encounter?

It’s definitely a unique structure. We have a situation where we’re 90 percent franchised and 10 percent company owned, so we do have a vast system. The good thing is that while we have system-wide revenue of $13 billion, it’s pretty easy to communicate at the corporate level because it’s a close-knit operation relative to the vast network of franchisees.

Obviously the biggest risk we have to our brand is the quality of food, and like I said, we have someone dedicated to food safety at the VP level, and the same goes for our toys in terms of child safety. Aside from that, it’s not a lot different from other types of businesses except that we are a franchisor and really depend on our franchisees to develop a local or store-level risk strategy or policy. There are things that we share and recommend on the corporate level, but we don’t have an enterprise-wide requirement where risk management is concerned. Ultimately, responsibility rests with the franchisee.

Burger King also deals with data from many locations. How do you handle operational and financial-reporting risks along those lines?

I’ll be honest, that’s a challenge for us. We’re a 50-year-old franchisor, and as far as setting a uniform standard for point-of-sale systems or sales polling, we haven’t done that yet. As a result, our ability to reach in and get accurate franchisee data can be challenging; it’s still like getting 10,000 cats into one bag.

We like to think we go a long way in remedying that by validation through our supply data. If you’re a franchisee and you say that you had $100,000 in sales but we sent out $150,000 in supplies, then you’re under-reporting. That rarely happens, but in the event that it did we have the internal audit department step in and look at things.

Additionally, we have internal auditors audit franchisees’ reporting processes and information. On a go-forward basis, we have put in place four standard POS systems that franchisees can choose from and that will help provide more consistent operational data.

How do you work with the internal audit department on monitoring controls?

For each audit area, there’s a three-year rotation on business cycles and processes that we look at. We’ve got lots of areas, and obviously, you have critical ones that will always be on the list, regardless of rotation schedule. What we have in place after each audit is a 30- to 90-day period when internal audit reports results and states what actions have been taken, or whether remediation plans are put into the fray. If there is no action in that period, management hears about it.

How has the new Section 404 guidance from the Securities and Exchange Commission and Auditing Standard No. 5 from the PCAOB changed what you’re doing?

It’s great that there was additional guidance. They provided clarity to auditors as well. From the perspective of someone who spent six years as an auditor, I looked at a lot of these controls as fundamental—something any reasonable person would expect to exist as far as what is authorized, approved, validated, and verified, and finally reported to the public … Most of all, we still have the responsibility of the CEO to certify, and there’s a lot to certify, where the CEO has to say, ‘This works.’ What’s happened is that the CEO gets down to receiving a level of information he or she might not otherwise have been privy to, or didn’t realize was there.

Specifically related to the AS5 guidance, we did rationalize a lot of our controls out of the mix, which is what the PCAOB planned and prescribed. The reduction of our key controls was probably a bit less than the industry average due to our later start on SOX. After our first year we’ve seen a 10 to 15 percent reduction of key controls, while for other companies it’s more like 15 to 20.

Do you believe any areas of finance are being overlooked because of the focus on SOX and internal controls?

I don’t think so. What we tell people is that our business relationships (with franchisees) are not customer relationships, but client relationships. The difference there is that with a customer relationship, the customer is always right. But in a client relationship, it’s more of a partnership; as a franchisor, you’re more in an advisory role than just taking orders … You’re also making recommendations as to how the client can make things more efficient.

With that in mind I don’t feel like we overlooked anything. And this is in part because of the shared service accounting structure we have set up.

What advice would you give to up-and-coming companies likely to face your same problems some day?

What I encourage people to do is speak accounting and finance language but also speak business language. Sometimes it’s tough for a non-numbers businessperson to understand the importance of compliance, but if you can lay things out in plain English then the light bulb goes off and they get it.

Also step away from what you’re looking at every once and a while. Stay fresh; read a book or just get a blank sheet of paper and sit it in front of you. Carve out time to think. That’s really important because we deal with a lot of data in this business, and if you produce a slide of information, sometimes you have to say, ‘So what do I do with this information?’ Then you step back, get a breather, and come back and say, ‘What does this information mean to me? How can it be translated into something workable? What now?’

Thanks, Chris.