assurance
A C-suite shoot-out
assurancenews
The chief compliance officer versus the chief governance officer
By John h. CapoBianCo
The proliferation of chief compliance officers in corporate amer-
ica dates back to 2002, when Cynthia Glassman — a Securities
and Exchange Commission commissioner at the time — called
on companies to appoint a “corporate responsibility officer.”
With all due respect to Ms. Glassman and
compliance officers everywhere, there already
is a chief compliance officer on the management team — the chief financial officer.
Another concern, however, is emerging in
the market. While some talk about compliance and some talk about risk, nobody within
the organization is bringing these disciplines
together, integrating them into a holistic practice. As a result, GRC — governance, risk and
compliance — means nothing to everybody
or everything to nobody.
The solution for many companies may be
found in the corporate governance officer.
The CGO is likely to be more valuable than
the CCO simply due to the relationship between compliance and governance. Operational risk identification and mitigation are
the foundations of compliance and are the
basis for the controls and policies that compliance reporting executes.
John H. Capobianco is president and CEO
of Lumigent Technologies Inc., a provider of
automated governance, risk and compliance
software.
Specifically, compliance processes serve
as a data acquisition layer, gathering information during the testing and monitoring of
controls and data.
With that foundational data layer in place,
companies can begin managing risk with analytics solutions that interpret the compliance
information and generate options for mitigating identified risks. Finally, governance
solutions can be introduced to evaluate the
available options, determining the most appropriate course of action.
The CCO’s responsibilities, then, are really
the chief financial officer’s job. Once compliance and compliance reporting are under
control, the company is in a position to better evaluate, understand and mitigate risks
over time. And those capabilities blend with
corporate wellness or corporate governance,
which is really focused on making the most
out of a business, making it more valuable
after taking into account all of the risks, strategies and reporting.
That said, the chief financial officer might
have a compliance officer in the company
who reports to them. That compliance officer
might be the head of internal audit or the vice
president of finance, but the larger role com-
bines compliance, risk and governance — in
that order — to increase business value under
the guidance of a governance officer.
PCAOB PROPOSES RULES ON
AUDIT COMMUNICATIONS
The Public Company Accounting Oversight Board has proposed an auditing
standard on communications with audit
committees, and a series of related
amendments to interim standards.
The proposal addresses requirements
for auditors to communicate with the
audit committees of public company
boards, and considers a number of
factors, including the importance of
accounting judgments and estimates
in financial reporting. It also includes a
requirement for auditors to establish a
mutual understanding of the terms of the
audit engagement with the audit committee and to document that understanding
in an engagement letter.
It also includes requirements regarding:
Communication of an overview of
the audit strategy, including a discussion
of significant risks; the use of the internal
audit function; and the roles, responsibili-
ties and location of firms participating in
the audit;
Communication regarding critical accounting polices, practices and estimates;
Communication regarding the
auditor’s evaluation of a company’s ability
to continue as a going concern; and,
Comments on the proposed standard
and amendments are due by May 27,
2010. For more, visit www.pcaobus.org.
CHIEF ACCOUNTANT NAMED
AT SEC ENFORCEMENT UNIT
WASHINGTON, D.C. — The Securities and
Exchange Commission has appointed
Howard A. Scheck chief accountant in the
Division of Enforcement. Scheck rejoins
the SEC staff from Deloitte Financial Advisory Services, where he was a partner in
the forensic and dispute consulting practice. He previously worked at the SEC
for 10 years, including as a branch chief
in Enforcement. Scheck was expected to
begin in his new position in mid-April.
The previous chief accountant in Enforcement, Susan G. Markel, left in January 2009 to become a managing director
in the corporate investigations practice of
business advisory firm AlixPartners.
