risk assessment

What to do: Tax-related weaknesses on the rise

Jim Kim — Fri, 01 Aug 2008 07:38:41 -0400

While companies (especially large cap companies) have made progress in reducing material weaknesses, one problem area sticks out: tax-related weaknesses. Financial Week notes that while the number of material weakness has dropped by 44 percent since 2005 (again this is mostly a large cap trend), tax-related material weaknesses have fallen by only 25 percent. What's more, incidences of tax-related weakness in the first six months of 2008 is up 12 percent compared with the first half of 2007--123 vs. 106. The sheer complexity of the issues involved can easily overwhelm a company's expertise. In such an environment, controls are going to be ineffective, if they exist at all. Regulators, however, are taking a closer look and building their expertise, so the issue cannot he ignored. Richard Larsen, global director for risk services at Ernst & Young, recommends hiring a tax risk coordinator, whose first task should be to conduct a thorough risk assessment. Ultimately, he or she will build controls into the process. Getting some tax expertise on the board would help as well. Article

Time to really implement continuous auditing?

Mon, 21 May 2007 20:01:39 -0400

We've noted that the enterprise risk management has become one of those often-heard, little-understood corporate buzzwords recently. A recent study by PricewaterhouseCoopers suggests that the concept is still largely an abstraction. Yes, there is a lot of interest in ERM. But very few companies update the internal risk assessment continuously. About 65 percent do little or nothing between annual assessments. This suggests that there is still a lot of dissatisfaction with the process. Too many assessments are undertaken piecemeal with the various parts not always acting in concert. The study suggests that audit committees are still vexed by multiple assessments that come to different conclusions. Everyone agrees that management needs to address this. But how? At smaller companies, this will be a huge issue as they finally have to start attestation. Companies that take a coordinated hyper-organized approach will likely fare better. But that's easier said than done. It means a lot of planning, and a lot of cross leveraging of work and assets, specialists and previous work. Good luck.

For more:
- here's the release
- access the report here

Recruiter pain a signal of Sarbox uncertainty

Mon, 23 Apr 2007 20:01:39 -0400

Robert Half International, a big headhunter-type firm, has benefited from the rise of Sarbanes-Oxley. Like a lot of executive search companies, there was law-generated turnover that kept them busy. In addition, its Protiviti unit fared very well as demand soared for its independent internal audit and risk-assessment consulting services. So it really seemed to have hit the Sarbox sweet spot. But the company missed its first-quarter estimates. And the company guided analysts lower for the second quarter--to the 40 to 43 cents per share range. That compares with previous estimates in the 48 cents range. One issue seems to be that more companies are scaling back their risk-assessment work or putting off until the issues are better clarified. If more companies are scaling back, in a sense, that means the drive to narrow the scope of Sarbox is working. If they are merely postponing, we could see a really frenzied rush once, make that if, the guidance from regulators is made explicit. Interesting.

For more:
- here's the AP article via Forbes

Revising AS2 is the PCAOB's top priority

Mon, 09 Oct 2006 20:01:39 -0400

It's no surprise that reformulating Auditing Standard No. 2 is the PCAOB's highest priority when it comes to setting standards. The board had already submitted a set of proposals to the SEC, a move that many of you see as way too late but still a step in the right direction. These proposed revisions have not yet been made public but that will happen, probably sooner rather than later. That will give the industry a chance to comment. Look for enhanced definitions of "significant deficiency," "material weakness" and "materiality." This is not the only standard-setting area that the PCAOB is considering. It will likely also tinker with rules governing reporting, reviewing (by a second partner) and the entire risk assessment process. The short take is that there will be plenty to keep you busy in 2007.

For more on this:
- Here's an update from CFO.com

Is your IT security system up to Sarbox standards?

Mon, 17 Jul 2006 20:01:38 -0400

The issue is critical. A new survey has found that virus attacks, unauthorized access to networks, lost/stolen laptops or mobile hardware and theft of proprietary information or intellectual property accounts for about 75 percent of financial losses at U.S companies. While information security is not explicitly mentioned by Sarbanes-Oxley, it's clear that risk-assessment depends on a solid IT infrastructure. Many of you have discovered this, and you've no doubt been pitched a slew of products. The message is worth repeating from time to time. Article