In the latest of our conversations with compliance, risk, and accounting officers at public companies, we talk with Peter Carlson, controller and principal accounting officer at Wachovia Corp. You can see an archive of previous question-and-answer interviews here.
Pete Carlson is senior vice president and corporate controller at banking giant Wachovia Corp. He is responsible for Wachovia’s financial accounting, external and regulatory financial reporting, corporate financial services, interpretation and implementation of new and existing accounting policies and the oversight of the company’s internal controls over financial reporting including the company’s adherence to Section 404 of the Sarbanes-Oxley Act.
Prior to joining Wachovia, Carlson was an audit partner with Arthur Andersen, having spent 15 years with the firm in Charlotte, N.C., and Tampa, Fla. He served a broad range of clients including the financial services, manufacturing, professional services and distribution industries.
Tell us about your role at Wachovia.
The new role is a continuation of increased responsibilities that I’ve had throughout my career in general and throughout my tenure here specifically. What has helped the transition is me being in an interim role at Wachovia for seven months before completion of the selection process earlier in the summer. I’ve been able to get a sense of the stakeholders, the reporting structure, and everything I need to know to be effective in the position, so it was helpful to have practice time. My main goal initially is to enhance the efficiency and seamlessness of [business] processes and the effectiveness and soundness of the control environment.
What are some of your specific goals for the first year of your tenure?
That’s an interesting question to consider right now as any immediate goals I might have had, have been a little sidetracked by the current market volatility. When you have the markets the way they’ve been recently, it does pull time from certain vision-oriented things when you’re also trying to keep up day-to-day with accounting standards as well as broader market developments.
We have numerous projects we’re thinking about and want to put in place that will provide adequate support for larger growth initiatives internationally and on the West Coast domestically. Two of the things that immediately come to mind in this regard are implementing fair value accounting standards that we had not adopted earlier and want to integrate now. We also have a large information system conversion that requires a lot of attention.
Wachovia’s board has its own risk committee to focus on risks that go beyond the usual financial ones. How closely are you involved with it and how closely are you involved in risk-management efforts?
Very closely. I interact across numerous ERM activities. A couple of things I look at are credit, operational, and market risks. I also attend all audit and joint audit and risk committee meetings. It’s definitely important, I think, for me to be very engaged on a regular basis with looking at the larger enterprise and the risks, money-based or otherwise, associated with doing business.
Talk about Sarbanes-Oxley compliance specifically. Does that part of your job, dealing with auditors and regulators, take a disproportionate share of your time?
As far as how certain segments of the business world have reacted to these things, if you do your work correctly, you’ll be able to present solid documentation and convey a solid understanding of risks, processes, and so forth to auditors and regulators. But speaking from the standpoint of being a leader, striking a balance is important; if you’re spending too much time on one thing, balance is off. The message needs to be sent to the team about adequate time management and thorough, comprehensive work that saves time and frees up resources.
What’s Wachovia’s top compliance objective right now? After all, as a bank, you have many more regulators chasing you.
Pinpointing one thing is difficult, in the sense that we do have a lot of regulators to deal with and I don’t know that it’s feasible to consolidate compliance under one umbrella. Having said that, we do have a chief compliance officer to direct and control all that traffic. Still, compliance is a broad term so we’re continuously trying to spread duties out across the whole organization.
So what’s the collaborative process to dole out compliance duties at the senior level?
We collaborate across functions in a couple different ways. [Chief Compliance Officer] Deborah Davis reports to the chief risk officer, and we tend to look at the larger landscape and then delegate who is responsible for what. SOX, specifically, is definitely my domain as I report to my boss, the CFO, and he reports to his boss, the CEO, so I kick up to the C-level as the one responsible for SOX and pitch in where I can in other areas. As I mentioned earlier, I’m always in contact with board-level risk and audit groups, so there aren’t any surprises. In this sense, roles are pretty defined.
And how is SOX work delegated within your department?
In the controller role at Wachovia, internal control over financial reporting is coordinated through my office. Then there is a director of financial governance, and that role operates with our business and staff members—“process owners,” if you will—to set the agenda and clearly define documentation and controls goals.
How do you ensure those process owners understand all their obligations for audits and SOX reviews?
We have committees and task forces made up of those business and staff members where we parcel out responsibility, kind of like what we do at the higher level, so that everyone understands what everybody else is doing. We maintain the communication and make sure we have an adequate representation of all business units in a really collaborative format. And to top it off, internal audit stands by as the observer of all these activities and evaluates what the end result of these activities are and how they inform an audit. The good thing about this is that the department-level committees are also in a position to monitor results in a way that we can foster consistency.
Will your strategies for self assessments and internal control audits change with Auditing Standard No. 5 coming down the road?
Well, first it’s important to note that our internal audit function is an entirely in-house organization. Second, it should be contrasted to other IA functions at other companies where SOX readiness has become IA’s principal job—our IA doesn’t simply test controls in the broad, far-reaching sense as required by SOX. It does, however, test controls in the individual audits of business units and related trial balances. It is not the testing arms and legs of our SOX process, though. It doesn’t live just for SOX;it tightens up everything.
SOX has certainly changed over time as companies have digested it. What’s your overall assessment of things as we hit the half-decade mark?
Let me start with AS5. We’re confident that we’ve already met the requirements there, and that’s possibly because we’ve been taking a risk-based approach for a while now, since before “risk-based approach” became the language of choice for companies and regulators. Now, again, I want to say that I don’t think the regulations as a whole ask us to do much more than we should already be doing. We’re comfortable with regulations, provided there is an appropriate balance. Personally, the [new standard] only reinforced philosophies I’ve already had as both an auditor and business executive.
As far as whether regulations such as this are or are not too restrictive, I’m really not in a position to say. I’ve seen a lot of changes in practice over the years—coming up on 20 years now—and changes in rules. But aside from these changes, it’s basically been the same principle. And that is, people in this profession at all times and in all situations make choices where they can be too lax or too extreme, and can apply either extreme to the spirit of controls and documentation work. With everything, there’s a cost-benefit assessment that has to be made.
Any advice for other accounting executives who haven’t gone through SOX like Wachovia has?
I’d say—and this is important—remember your role and stick to your commitments even if it sometimes puts you at odds with management’s business objectives. Be well versed in the applicable rules and regulations instead of seeing them as a chore and understand the implications. Also understand the desires and goals of those working with you and—this goes without saying—understand the business and industry you’re in, because it goes beyond just numbers and compliance documentation. And talk to people; don’t do everything through e-mail, or through third-party or second-hand communication. Somewhere in there, if you can or if you want to, have fun, because this can be a very serious profession. So if it’s not fun for you, you have to ask yourself, why not?