UPDATE
event. However, many executives would rather not discuss
crisis readiness, he noted.
One reason for the lack of concern is that most ofthe companies surveyed recovered from crises quickly and without
serious fmancial damage. Seventy-one percent of respondents
say crises had a limited impact on their company's profitability, while 6 percent report crises had a major impact. Similarly, 71 percent praise their company's ability to overcome
crises — 26 percent rate recovery efforts as "outstanding."
Even so, respondents whose companies have overcome a
recent crisis are more likely to expect a future crisis and less
confident that their organization is prepared, the survey notes.
"When it comes to preparedness, they simply do not see as
high a level of readiness for many of their company's key business processes," Everson said.
Overall, one-third of survey respondents aren't concerned
about their company's preparedness for a major crisis. M o r e
than 60 percent are confident that key husiness processes
such as legal and insurance services, financial management,
and accounting and reporting are well-prepared in the event
of a major crisis.
- T. MCCOLLUM
IFAC Issues Code of Conduct Draft
E7PHE INTERNATIONAL FEDERATION OF ACCOUNTANTS
y (IFAC) has re-released draft guidance to help companies
develop and implement a code of conduct. Defining and
Developing an Effective Code of Conduct reflects updates
made after IFAC's Professional Accountants in Business
Committee reviewed comments and suggestions received on
Regulatory Notes
PCAOB Proposes
Audit Standards
T
HE U.S. PUBLIC COMPANY
Accounting Oversight
Board (PCAOB) has released
a draft standard for auditing
internal controls over financial reporting. If approved by
the U.S. Securities and
Exchange Commission (SEC),
An Audit of Internal Control
Over Financial Reporting
That Is Integrated With an
Audit of Financial Statements would replace Auditing Standard No. 2 (AS2),
which was approved by the
SEC in June 2004. The board
is accepting public comments through Feb. 26.
The PCAOB proposal follows recent SEC interpretive guidance to help
management evaluate
internal controls over financial reporting more efficiently. Both measures are
intended to help publicly
listed companies reduce
the costs of compliance
with the U.S. SarbanesOxleyAct of 2002.
The PCAOB's principlesbased internal control standard focuses the external
auditor on the most important matters that can
increase the likelihood that
companies will discover
material weaknesses before
they impact financial statements. It also eliminates
audit requirements that are
unnecessary to achieve the
intended benefits, provides
direction on how to scale
the audit for a smaller and
less complex company, and
simplifies the text of AS2.
In conjunction with the
AS2 revision, the PCAOB
proposed a rule to revise
the standard's independence requirement, which
requires external auditors to
seek specific pre-approval
of any internal controlrelated service from the
audit committee. Proposed
Rule js^S' Audit Committee
Pre-approval of Services
Related to Internal Control,
is intended to ensure that
audit committees receive
relevant information to
make an informed decision
on how the performance of
such services may affect
their independence.
In addition to the new
internal control audit standard, the PCAOB issued a
draft standard to clarify how
and to what extent an independent auditor may use
the work of others — such
as internal auditors and
management — in an integrated audit of financial
statements and internal
control or in an audit of
financial statements only.
Information about the proposed audit standards is
available from the PCAOB's
Web site, www.pcaob.org.
- J . WHITLEY
SEC Extends
Deadlines
T
HE SEC HAS GIVEN SMALL
public companies and
new issuers more time to
comply with the internal
control reporting requirements of Sarbanes-Oxley
Section 404. The extension,
which was exposed for
comment in August 2006, is
consistent with the commission's May 2006 proposal,
"Next Steps for SarbanesOxley Implementation."
Small nonaccelerated filers now must provide a
management assessment of
the effectiveness ofthe
company's internal control
over financial reporting
starting with fiscal periods
ending on or after Dec. 15,
2007. These firms have until
their first annual report for
the fiscal year ending on or
after Dec. 15, 2008, to comply with the Section 4O4(b)
requirement to provide an
independent auditor's attestation report on internal
control over financial reporting in the company's annual
reports. The new rules also
give newly public companies until their first annual
report after becoming an
Exchange Act reporting
company to comply with
Section 404 requirements.
These extensions will provide nonaccelerated filers
additional time to incorporate the SEC's recently proposed guidance to improve
the efficiency ofthe Section
4O4(b) auditor attestation
reporting process. The
extensions will also help
auditors adapt to the
PCAOB's proposed replacement standard for AS2.
Information about the
SEC's extended compliance
deadlines can be found at
WWW.SeC.gov. - J . WHITLEY
FEBRUARY 2007 INTERNAL AUDITOR
— [ERM & INTERNAL CONTROLS}
SHO P TALK
The Foundation of Good Compliance & Governance
During our latest roundtable,
hosted with Boeing, executives
from American Airlines, AT&T, and
elsewhere discussed strategies for
building an effective structure for
compliance to flourish
R ig h t: P a n e lis ts a t t h e r e c e n t
C o m p lia n c e W e e k /B o e in g f o r u m o n
c o rp o ra te g o v e rn a n c e .
By Joe M o n t
“We all struggle with and debate over
where should all these different functions
very company is unique, and its
sit—compliance, enterprise risk manage
compliance program must be too if
ment, audit, enterprise information gov
it has any chance of working well,
ernance, and corporate governance,” said
but there are still some common aspects
Judy Carter, vice president for compliance
that most high-functioning compliance
and audit for BNSF Railway. “There are
and governance programs share.
so many common goals that run through
Compliance and governance can’t just
each of these functions. The objective is
be wedged into existing functions and
to structure your organization so you can
reporting lines; integration must be care
effectively leverage all of these efforts.
fully engineered so it effectively meshes
Roundtable participants agreed that
with business lines and a wide variety of
compliance officers tend to wear sev
departments, from internal audit to HR,
eral hats and that it’s not always easy to
IT, and finance. At the same time, compli
move among the many different neces
ance must have the independence it needs
sary roles. Staying on top of everything
to surface concerns, play a lead role in in
can be a challenge and as businesses grow
vestigations, and influence culture.
or evolve, complications are even more
Those dual interests were an underly
pronounced.
ing theme at the latest Compliance Week
Eric Hinton, senior director of ethics
executive roundtable, co-hosted with
and compliance for 7-Eleven, said his goal
Boeing Co. in Dallas in November. Com
is to bring order to “pieces of compliance
pliance executives from a wide range of
that live in a lot of different places.” “We
industries and companies, including Boe
can improve that by consolidating and ra
ing, GE Capital, AT&T, Dr Pepper Snaptionalizing it and making it more coherent
pie, and American Airlines, shared strat
across the enterprise,” he said.
egies on structuring and organizing the
Within the corporation, effective in
compliance function. They all weighed
teraction with other areas is a concern
in on what compliance and governance
that Doug Cotton, managing director of
means to their organizations and how it
American Airlines’ business ethics and
flows through to various reporting lines.
E
46
WWW.COMPLIANCEWEEK.COM >>8 8 8 . 5 1 9 . 9 2 0 0
DECEMBER 2014
compliance program had in common with
other roundtable participants. Compli
ance oversight raises a thorny issue: “How
far do we push without having them think
we are trying to take over.”
Buy-in from executive leadership alone
doesn’t necessarily make that effort any
easier. “We get really good tone from the
top and have really good policies. The
struggle is making sure everybody un
derstands those policies,” Eric Bowman,
chief compliance officer for Darling In
ternational, said.
Diana Sands, senior vice president for
the Office of Internal Governance at Boe
ing, described compliance at the aerospace
giant as a journey. What originated as a
response and enforcement function now
has a “vision around enabling company
performance.” The important question:
“Can we gain a competitive advantage if
we do it more effectively and efficiently?”
In her role, Sands oversees Boeing’s
compliance and ethics program. She is re
sponsible for ethics, trade controls, com
pliance risk management, and the team
of professionals who comprise internal
audit. “In the beginning, it was all about
setting up the appropriate structure and
rules,” she said. “What we have evolved
to is being an integrated business partner,
a function that provides centralized and
focused expertise in the field and is also
integrated with the businesses.” By bring
ing multiple interests to the same table,
the goal is to foster a seamless sharing of
information among stakeholders, she said.
tions is that they work well with related
functions, such as legal, audit, and HR. It
is important to understand how various
functions operate within their own sphere
of influence. “There are just a lot of dif
ferences in terms of approach,” one par
ticipant said. “Auditors and accountants
are going to want to follow the book and
follow COSO to a ‘T.’ Lawyers are more
T a lk in g th e W a lk
hile proper care and feeding is nec
essary to get company leadership to
W
work toward the same goal as the compli
ance team, tone at the middle may require
just as much finesse. “The bigger chal
lenge is in the middle,” one participant
said. The diplomatic task at hand is to not
have them thinking that compliance “is
questioning their own judgment, ethics,
or professionalism.” “You are not really
trying to do that, but there is that percep
tion,” he added.
Expectations must be reasonable. “You
have to also exercise good judgment,” one
participant said. “You can’t turn over ev
ery pebble on the beach or chase every
rabbit.” Success depends upon having
credibility throughout the business units
and displaying a “willingness to hear
what their key risks are, rather than just
assuming on your own.”
Improving the perception of compli
ance-avoiding the view that its role is to
be a police officer for the organization or,
that old cliche, it is the “Department of
No,”—was presented as an ongoing battle.
What is the best way to create an alternate
perception, as a partner and facilitator for
the business?
“We have to really know the business
and help the business units understand
the compliance risks; that is where we can
help,” Sands said of intra-company out
reach.
“Every dollar spent on remediation is a
dollar the business can’t spend on innova
tion,” agreed William Gordon, associate
general counsel for Hercules Offshore.
“At the same time, a strong compliance
program can improve the quality of the
business and deliver a sustained return on
investment.”
procedurally oriented.”
“No matter what, compliance organi
zations need to work closely with their
functional partners,” Sands said. "Inhouse counsel, HR, finance, and other
subject matter experts are important team
players. In all my groups there are law
yers and other functions tied in,” she ex
plained. “To be effective, it’s important to
OVERHEARD AT THE ROUNDTABLE
"To be effective, it's important to be cross-functionally integrated and well-embedded
in the business processes."
Diana Sands, Boeing
We all struggle with and debate over where should all these different functions sit—
compliance, enterprise risk management, audit, enterprise information governance,
and corporate governance. There are so many common goals that run through each of
these functions. The objective is to structure your organization so you can effectively
leverage all of these efforts."
Judy Carter, BNSF Railway
"Every dollar spent on remediation is a dollar the business can't spend on innovation.
At the same time, a strong compliance program can improve the quality of the busi
ness and deliver a sustained return on investment."
William Gordon, Hercules Offshore
"We get really good tone from the top and have really good policies. The struggle is
making sure everybody understands those policies."
Eric Bowman, Darling International
"We have a quarterly compliance meeting where we bring lots of people together
who don't report up to the CCO. You have HR there and audit, safety, security, cus
toms, and environmental. We get all sorts of people together who don't normally talk
so they can share ideas."
Doug Cotton, American Airlines
"Our goal is to bring order to pieces of compliance that live in a lot of different places.
We can improve that by consolidating and rationalizing it and making it more coherent
across the enterprise."
U n ify in g F actors
Eric Hinton, 7-Eleven
nother important aspect of effective
compliance and governance func
A
DECEMBER 2014
W W W .COMPLIANCEW EEK.COM» 8 8 8 . 5 1 9 .9 2 0 0
47
— [ERM & INTERNAL CONTROLS}
be cross-functionally integrated and wellembedded in the business processes.”
The unifying factor, what all ultimate
ly puts them on the same team, is risk.
“One of the synergies taking place in the
governance space is the ability for compli
ance, legal, and internal audit to approach
challenges from a consistent risk perspec
tive,” says Steve Koslow, chief ethics and
compliance officer for CUNA Mutual
Fund Group. “With greater communica
tion and a common framework for risk
analysis these areas can better coordinate
the services they provide. If everybody is
looking through the same risk lens, risk
prioritization becomes an effective means
for allocating limited business area re
sources.”
“We have a quarterly compliance meet
ing where we bring lots of people together
who don’t report up to the CCO,” Cot
ton said. “You have HR there and audit,
safety, security, customs, and environ
mental. We get all sorts of people together
who don’t normally talk so they can share
ideas.”
“I often find I’m called upon to be the
one putting focus to all those lenses,”
Bowman said of his role. “I can speak
Above: Forum participants discuss their concerns about and strategies for crafting an effective
compliance and governance program.
legal, I can speak accounting, and I can
speak HR.”
Optics M a tte r
world-class compliance function
doesn’t only just function well, it can
also demonstrate that effectiveness. Faced
with an investigation or government in
A
"If everybody is looking through the same risk lens, risk
prioritization becomes an effective means for allocating limited
business resources."
Steve Koslow, Chief Ethics & Compliance Officer, CUNA Mutual Fund Group
quiry, a company cannot just describe
its compliance efforts, it must document
them. That proof of concept is an effort
that extends company-wide. “We may be
doing everything right, but we need to
demonstrate that we are doing everything
right,” it was observed.
Ultimately, no matter the structure or
who reports where, “The end game for
compliance and auditing is exactly the
same,” Carter said. “Each function may
get there very differently, but they have
the same ultimate goal. Risk is never
completely eliminated from any business
model, but both functions work to reduce
risk as much as possible and minimize po
tential exposure.” ■
P A R T IC IP A N T S
These panelists participated in the Nov. 6 Compliance Week & Boeing roundtable on structuring compliance and ethics.
48
Candice Aaron
Jennifer Armstrong
Susan Bounds
Eric Bowman
Judy Carter
Doug Cotton
Chief Compliance Officer,
Equipment
& Commercial Division,
General Electric
Enterprise Compliance &
Ethics Director,
State Farm
Insurance Cos.
D irector-C orp.
Compliance,
AT&T
Chief Compliance Officer,
Darling International
VP, Compliance
& Audit,
BNSF Railway Co.
Managing Director,
Business Ethics
& Compliance Program,
American Airlines
WWW.COMPLIANCEWEEK.COM » 8 8 8 . 5 1 9 . 9 2 0 0
DECEMBER 2014
Boeing's Diana Sands discussed the evolution to "integrated business
partner."
Speaking at right: Susan Bounds, director of corporate compliance for
AT&T; at left, Candice Aaron, chief compliance officer at GE.
At left, William Gordon of Hercules Offshore; CUNA Mutual's Steve Koslow
(center); far right is Doug Cotton of American Airlines.
Art Swanson, assistant general counsel for Dr Pepper Snapple Group,
spoke about the differences in approach. Judy Carter of BNSF Railway
is at right.
William Gordon
Eric Hinton
Steve Koslow
Diana Sands
Associate General
Counsel,
Hercules Offshore Inc.
Art Swanson
Sr. Director of Ethics
& Compliance,
7-Eleven
Chief Ethics &
Compliance Officer,
CUNA Mutual
Graham Vanhegan
SVP, Office of Internal
Governance,
The Boeing Co.
VP, Assistant General
Counsel,
Dr Pepper Snapple Group
Deputy General Counsel,
Corporate,
Chief Compliance Officer,
ConocoPhillips
DECEMBER 2014
WWW.COMPLIANCEWEEK.COM » 8 8 8 . 519.9200
49
Copyright of Compliance Week is the property of Wilmington Group plc and its content may
not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's
express written permission. However, users may print, download, or email articles for
individual use.
Purchase answer to see full
attachment