EuroSox

If you think corporate governance is expensive. Try non-compliance

Control is a business issue, not a specialist issue to be outsourced to finance staff or risk managers. Corporations have to treat Governance, Risk and Compliance (GRC) mandates not as an economic dilemma, but as a trade off between cost and benefits. This article reflects on the GRC developments in order to help better understand cost and benefit decisions in this area.

Adecco presented its financial statements in June 2006. The internal control problems were identified within the following processes:

Application of cash to accounts receivable, revenue recognition
IT system security and payroll bank account reconciliation.

Although these are core processes for a temporary employment agency, the financial statements were not wrong in the end. However, the reputation and market capitalization of Adecco were ruined.

The investigations amounted to 100 million EUR and 160.000 manhours. Also the complete top-management was replaced. For Adecco management, shareholders and stakeholders it was a mere palliative message when the Wall Street Journal reported after one year on a page way behind the front page.

Compliance incurs cost, which easily can be determined. The benefits of corporate governance are more ambiguous. Increased attractiveness to potential customers, employees, lower cost of capital, detection and preferably prevention of breaches of internal controls are benefits. The economic trade off is not unequivocal.

Cultural differences may vary the legal requirements from “trust me” to “show me.” However, in the United States of America trust was at its lowest, so “prove me” became institutionalized in the Sarbanes-Oxley Act.

Although also Europa was hit by many corporate governance failures, European requirements were not endorsed by strict law. Beginning in the United Kingdom European developments were based on codes of corporate governance developed and periodically reviewed by local corporate governance committee’s compound of well known former business people with a high reputation. European compliance more or less became known as soft law based upon the “comply or explain” principle.

While the international background may differ between the origin and elaboration of initiatives to increase corporate governance the objective was the same: to restore trust. The approach in general was the same, to increase transparency.

Cost of corporate governance

Implementation programs to comply with the GRC provisions fall in several categories:

Changing structure. Legal changes are required to change e.g. take-over protection clauses in the articles of association.
Increasing transparency. Internal control systems are implemented both to enable risk management programs in order to safeguard the achievement of strategic, operational, financial reporting and compliance objectives and to enable voluntary or required external reporting on the effectiveness of internal control systems and other corporate governance issues. The corporate governance report is now a mature part of the annual report.
Increasing ethical behaviour. Business ethics programs were developed to increase, safeguard or revise ethical behaviour of employees in order to prevent unethical and/or illegal behaviour of people, who sometimes were even acting on behalf of the corporation. Only recently the largest financial fraud ever was discovered. A young trader at the French bank Société Général caused a loss of several billions Euro due to weaknesses in internal controls over risky financial trading.

Another example in Denmark is Roskilde Bank that increased its loan portfolio to a particular trade without implementing and updating their internal risk management and credit committees’ charter. The Bank was taken over by the National Bank costing the Danish tax payers a bundle in order to safe guard the international reputation of Danish Financial Institutions.

Lessons Learned from Compliance Efforts

In a study of 2,500 companies in 2006 Lord & Benoit (www.section404.org) researched the question the question: Do the costs of complying with SOX 404 outweigh the benefits – not necessarily to the company - but to the investor

Their research discovered that companies who suffered material weaknesses in their internal controls over financial reporting for two succeeding years underperformed by 5.75% in average stock prices of companies. Whereas companies who had effective controls in both years (27,67%) or reported a material weakness only in the first year of adoption of Sarbanes—Oxley requirements (25,74%) showed an increase in average share price.

These companies control their processes strategically, by means of e.g. a higher degree of centralized transaction processing and control, a higher percentage of automated versus manual controls and a greater reliance on company-level controls.

Also these companies have established standardized and distributed compliance programs, which are embedded within the daily and operational business. As a result they use fewer full-time resources, follow a broad view of risk, stimulate a substantive interaction with business owners and deploy internal audit strategically.

While no single approach exists for implementation of GRC requirements and provisions, some lessons can be learned. The attention corporate governance has received either by means of compliance to external requirements or as a results of intrinsic business improvement efforts increased the quality of organizations.

Try non-compliance

When you are still not convinced, try these two strategies. The first is to start research into the capitalization of the benefits of GRC acticities. Try to solve the economic dilemma in order to enable making the cost benefit evaluation more tangible.

Else, try non-compliance, although it may become a costly adventure. Ask the Swiss temporary employment agency Adecco.

Therefore control is a business issue, not a specialist issue to be outsourced to finance staff or risk managers.

References

The cited survey results “Lessons Learned from Compliance Efforts,” is available on the website of the 404 Institute.

Source: Remko M. Renes article ‘If you think corporate governance is expensive. Try non-compliance’.