understanding the control environment timur gök caribbean association of audit committee members...
TRANSCRIPT
Understanding theControl Environment
Timur Gök
Caribbean Association of Audit Committee Members
Basseterre, St. Kitts
30 September – 2 October, 2010
2
Outline
• Internal Controls
• Towards an Alternative Approach
• Strategic Control
• Risk Management
• Conclusions
4
Internal Controls
• System of controls– Put in place to provide reasonable assurance
that the corporation will achieve its objectives, including efficiency and effectiveness of operations, reliable reporting, and compliance with applicable laws and regulations
– A strong system of internal controls is imperative to effective ERM
– Consists of the control environment, pervasive control plans, and business control plans
Gelinas and Dull, Accounting and Information Systems (2007).
5
Internal Controls
• Control environment– The tone set by the BOD and top
management regarding the general awareness of, and commitment to the importance of, control throughout the organization
Gelinas and Dull, Accounting and Information Systems (2007).
6
Internal Controls
• Business process controls– Procedures that identify specific business
risks to prevent interruption of operations
• Pervasive controls (and general controls)– The governance structure and ancillary
control procedures that keep the corporation “on track”
Gelinas and Dull, Accounting and Information Systems (2007).
7
Framework for Internal Controls
• COSO– Also the framework suggested by PCAOB in
Auditing Standard No. 2 as a suitable framework to guide management’s assessment of internal control for SOX Section 404
• But how does one apply the COSO framework to implement ERM?– “COSO … seems like an instruction manual
that never got around to giving actual instructions”
10
• Imagine if you will, that on some Christmas Eve, facing a slew of unassembled children's toys, you were to read the instructions that come with your child’s new bicycle, which is completely unassembled. To your horror, you find that the authors of the instructions used, as a guide, the COSO framework. The first few pages discuss the definition of "bicycle" and "ride". They then go into a definition of "assembly" which reads, "Assembly involves the processes and procedures undertaken by a person or organization to put together the various parts of a disassembled object such that it provides a complete and whole object."
B. Vance, Why ERM Frameworks do not work (2007).
12
Better Models and Stress Tests?
• Could “better” models and stress testing have saved us from financial ruin?– Conditional VaR—capture spillover effects in
troubled markets, such as losses due to distress of others
– Continuous VaR—measure within-horizon probability of loss
– Simulations and stress testing
13
Strategic Risk
• “[A]rray of external events and trends that can devastate a company’s growth trajectory and shareholder value”
Slywotzky and Drzik (2005)
• “Risk stemming from an inability to adapt to changes in the environment”
14
Strategic Risks
Slywotzky and Drzik, “Countering the biggest risk of all,” Harvard Business Review, April 2005.
16
Strategy v. Tactic
• The starting point is corporate strategy
• Strategy– Overall plan for deploying resources to
establish a favorable position
• Tactic– Scheme for a specific action
• Strategy is about winning wars; tactic about winning battles
17
Strategy
• Provides a link between the firm and its environment
Firm
• Goals and values
• Resources/capabilities
• Structure/systems
Industry Environment
• Customers
• Suppliers
• Existing competitors
• Potential competitors
and substitutes
Strategy
External Factors
Internal Factors
R.M. Grant, Contemporary Strategy Analysis, 4/e. Blackwell, 2002.
18
Strategic Analysis
• Conduct a strategic analysis to develop and articulate a strategy
• Analyze “how the firm can generate returns (rents) in excess of the opportunity costs by engaging in a more effective corporate/business strategy”– Corporate strategy as domain selection– Business strategy as domain navigation
R.M. Grant, Contemporary Strategy Analysis, 4/e. Blackwell, 2002.
21
Strategic Control
• Process of monitoring and correcting a firm’s strategy and performance
• Traditional approach to strategic control– Strategies are formulated and top
management sets goals– Strategies are implemented– Performance is measured against the
predetermined goals set
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Traditional Approach
• Most appropriate when– Environment is stable and relatively simple– Goals and objectives can be measured with certainty– Little need for complex measures of performance
22Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Contemporary Approach
• Contemporary control system– Continually monitor the environments (internal
and external)– Identify trends and events that signal the need
to revise strategies, goals and objectives– Exercise informational control– Exercise behavioral control
23Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Contemporary Approach
• Informational control– Concerned with whether or not the
organization is “doing the right things”
• Behavioral control– Concerned with whether or not the
organization is “doing things right” in the implementation of its strategy
25Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Behavioral Control
• Behavioral control is focused on implementation—doing things right
• Three key control “levers”– Culture– Rewards – Boundaries
26Dess & Lumpkin, Strategic Management, McGraw-Hill Irwin (2010).
Why Culture and Rewards?
• The competitive environment is complex and unpredictable, demanding both flexibility and quick response to its challenges
• The implicit long-term contract between the organization and its key employees has been eroded
27Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Culture
• Culture sets implicit boundaries (unwritten standards of acceptable behavior)– Dress– Ethical matters– The way an organization conducts its
business
• Culture acts as a means of reducing monitoring costs
28Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Sustaining an Effective Culture
• Effective culture must be– Cultivated– Encouraged– Fertilized
• Maintaining an effective culture– Storytelling– Rallies or pep talks by top executives
29Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Rewards and Incentives
• Rewards and incentive systems– Powerful means of influencing an
organization’s culture– Focuses efforts on high-priority tasks– Motivates individual and collective task
performance– Can be an effective motivator and control
mechanism
30Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Example: TIAA-CREF Principles
32Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
Boundaries and Controls
• Improve operational efficiency and effectiveness
• Minimize improper and unethical conduct
33Dess & Lumpkin, Strategic Management, McGraw-Hill Irwin (2010).
Putting It All Together
• Corporate Governance– Improve operational efficiency and
effectiveness– Minimize improper and unethical conduct
35Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
37
Better Models and Stress Tests?
• Could “better” models and stress testing have saved us from financial ruin?– Conditional VaR—capture spillover effects in
troubled markets, such as losses due to distress of others
– Continuous VaR—measure within-horizon probability of loss
– Simulations and stress testing
38
Yes, But…
• British regulators found that banks’ stress tests before the crisis were very modest– “There was absolutely no incentive … to run
severe stress tests … because if there were such a severe shock, they would very likely lose their bonus and possibly their jobs [and] in that event the authorities would have to step in anyway to save a bank and others suffering a similar plight.”
A. Haldane, “Why banks failed the stress test,” (February 2009).
39
Models and Objectives
• Lynda Gratton, who was Chief Psychologist in the early 1980s at British Airways when the company was starting to break free from its state-owned origins, observed “nervous young avionic apprentices arriving for job interviews carrying large bags containing Airfix models of aeroplanes.”
S. Stern, Lunch with the FT, Financial Times (February 5, 2010).
40
Models and Objectives
• “We had to convert an organisation which loved aircraft [British Airways in the early 1980s] into an organisation which loved people, and that was a rather difficult thing to do.”
Lynda Gratton
S. Stern, Lunch with the FT, Financial Times (February 5, 2010).
41
Purpose of Risk Management
• Likewise, risk management is not just about quants and their models, but it is about making institutions more resilient
43
The Titanic
• Stresses similar to what the Titanic experienced in its collision with the iceberg were applied to the joint, and the top of one of the rivets popped off, at a load only 60 percent of what a good quality rivet should have withstood.
45
Vietnam and the Dereliction of Duty
• During the Vietnam war, … [t]he joint chiefs of staff were warned by their chairman, Maxwell Taylor, that Lyndon Johnson did not like "split advice". Johnson's defence secretary, Robert McNamara, argued that government would be ineffective if department chiefs were to "express disagreement" with the president. Not disobey, but "express disagreement". Johnson trusted McNamara implicitly and relied too heavily on the advice of a man he praised as a "can-do fellow". Isolating himself from dissent, the president made a series of disastrous decisions.
T. Harford, “Listen to the bearers of bad news,” Financial Times, (Feb. 25, 2010). From Dereliction of Duty by H.R. McMaster (1997).
46
Iraq
• “Mr. Rumsfeld would not even let his commanders use the word ‘insurgent’. This Orwellianism made it much harder for army officers to rely on the appropriate doctrine: a counter-insurgency strategy.”
T. Harford, “Listen to the bearers of bad news,” Financial Times, (Feb. 25, 2010).
47
Oversimplification
• IPCC's thorny mission: Take sophisticated and sometimes inconclusive science, and boil it down to usable advice for lawmakers. To meet that goal, scientists working with the IPCC say they sometimes faced institutional bias toward oversimplification.
J. Ball and K. Johnson, WSJ (Feb. 26, 2010).
48
Warning Ignored
• Werner Hoeger, an Olympic luge athlete injured in a crash at the Whistler Sliding Centre in November, had warned Canadian officials about safety hazards at the track months before a competitor was killed at the Vancouver Games in an accident on the same course.
J. Abrams and K. Thomas, NY Times (Feb. 19, 2010).
49
Hurricane Expert Dismissed
• Ivor van Heerden, an internationally known hurricane expert, lost his job at Louisiana State University. He and other experts said it was because of his outspoken criticism of the federal government’s flood protection of New Orleans.
• In the years before Hurricane Katrina, in 2005, he sounded alarms about the potentially devastating impact of a major storm on New Orleans despite 40 years of hurricane protection efforts.
J. Schwartz, NY Times (Feb. 11, 2010).
50
Toyota
• Toyoda Concedes Profit Focus Led to Flaws
• Regulators Hired by Toyota Helped Halt Investigations
N. Shirouzu, WSJ (March 1, 2010) and Bloomberg.com (Feb. 13, 2010).
Graphic, NY Times (Feb. 2, 2010).
52
The significant problems we face cannot be solved by the same level of thinking that
created them.Albert Einstein
54
Lesson?
• “It is the human element that completely dominates risk.”
Managing Risk (2009)
R. Duffey and J.W. Sull
Timur Gök
Regional Director, PRMIA Chicago
Visiting Associate Professor
Director, Arditti Center for Risk Management
Department of Finance
DePaul University
Chicago, IL 60604
312/362-5001