Oversight Systems’ Financial Executive Survey Shows Enterprise Risk Plagues Corporate America, Despite Confidence in Risk Preparation

(Author's note: Arketi Group worked with Oversight Systems on this research)

Oversight Systems’ Financial Executive Survey Shows Enterprise Risk Plagues Corporate America, Despite Confidence in Risk PreparationStudy also finds financial executives support regulations for executive compensation, hedge funds

ATLANTA (June 26, 2006) – Companies are embracing the concept of enterprise risk management but continue to struggle with implementation according to the findings in the 2006 Oversight Systems Report on Risk Management. The national survey of financial executives released today also found room for improvement in the way companies assess, manage and prevent risk.

The report (available free at www.oversightsystems.com/survey) indicates that nearly half of companies surveyed (43 percent) report having faced "significant operational surprises" during the last year.

Executives recognize the value of enterprise risk management with 58 percent of financial executives reporting that their company has an enterprise risk management approach and philosophy that considers various interactions among different types of risk. Identical to the 2005 findings, this year 68 percent of financial executives say their CEO is placing greater emphasis on holistic management of all types of risk. However, it appears many critical elements of enterprise risk management are still not in place in corporate America.

"Clearly, executives see a need for better risk management because companies are getting burned on a regular basis," said Dana Hermanson, Dinos Eminent Scholar Chair of Private Enterprise at Kennesaw State University. Hermanson is also an advisor to Oversight Systems. "We still see a gap between top management believing that their company employs enterprise risk management and the reality that they are not pushing ERM down through the organization with awareness and training."

Only 33 percent of financial executives say their company has formally trained executives and business line managers to assess the probability of various types of risk, down from 35 percent last year. In addition, 41 percent of financial executives say their company has a widely communicated definition of risk, down from 45 percent in 2005.

"Financial executives and businesses are beginning to embrace the concepts of enterprise risk management, but implementation and effectiveness are still in their infancy," said Mark S. Beasley, professor of accounting and director of the Enterprise Risk Management Initiative at North Carolina State University. Beasley is also an advisor to Oversight Systems. "While a majority say they take a top-down approach to risk management, many are not very sophisticated in their risk management abilities."

Perhaps a cause for this drop in they way organizations view risk management is an apparent decreased pressure from key stakeholders to manage risk. In 2005, 58 percent of respondents reported they faced such pressures, while in 2006 only 52 percent felt this way.

Enterprise Risk by Business FunctionA bright spot in the research study is that financial executives polled reported across the board increases in enterprise risk preparedness during 2006 over 2005. In fact,

• 85 percent feel prepared for financial-reporting risk, up from 78 percent in 2005
• 84 percent feel prepared for credit/market risk, up from 68 percent in 2005
• 80 percent feel prepared for compliance risk, up from 59 percent in 2005
• 77 percent feel prepared for strategic risk, up from 54 percent in 2005
• 58 percent feel prepared for human capital/labor risk, up from 56 percent in 2005

"After completing their exhaustive work to comply with Sarbanes-Oxley, individuals should feel confident in their controls that address enterprise risk," Oversight Systems CEO Patrick Taylor said. "However, risk management must be implemented across organizations, and forward-thinking executives are examining the role of technology to facilitate enterprise risk management in their day-to-day operations."

Although more than a quarter of executives (29 percent) say technology has no role in their company’s overall risk management, the majority see technology as helpful to their risk management objectives. Nearly a third (31 percent) say technology is used in their organizations to identify existing risk; 24 percent say technology is used to identify existing risk and project future risk; and 16 percent say they use technology to identify existing risk, project future risk and reduce risk.

Ownership of Enterprise RiskOwnership of risk is still clearly a C-Suite job according to those surveyed. Eighty-six percent identified a senior executive with explicit responsibility for overseeing the management of all risk across the enterprise. The CFO was named by 44 percent, the CEO by 20 percent and 8 percent said the Chief Risk Officer.

"With Sarbanes-Oxley, we’ve seen a big shift away from the finance-oriented CFO and back toward the accountant CFO, but this survey shows that your CFO can’t just be a bean counter. Your CFO must also understand risk management," Hermanson said.

Risk Management & Sarbanes-OxleyThe idea of risk management is also working its way into Sarbanes-Oxley compliance. Almost a third (30 percent) of financial executives surveyed said their internal controls audits – as required by Section 404 of Sarbanes-Oxley (SOX) – employed more of a risk-based approach to evaluating control effectiveness. However, 33 percent said their company saw no significant change during its second year of compliance with the regulation. Eighteen percent said they had a greater reliance on technology to monitor the effectiveness of internal controls.

View on Executive Compensation Control When asked about the role of regulating executive compensation, a clear majority of financial executives (82 percent) were in support of some kind of Securities and Exchange Commission guidance. According to financial executives surveyed:

• 64 percent say companies should explicitly report post-employment agreement on compensation (i.e., golden parachutes)
• 58 percent say companies should explicitly report the dollar value of all non-cash and non-stock compensation and benefits greater than $10,000 (i.e., private use of corporate jet, use of residential real estate, etc.)
• 56 percent say companies should explicitly report the dollar value of stock grants and potential future stock grants
• 13 percent say no executive should receive total compensation greater the a set multiple of the company’s median compensation

Hedging Personal Investment RiskTurning from corporate risk to personal investment risk, the survey also asked financial executives about their feelings on hedge funds. Extremely popular today, hedge funds now number more than 8,000. The growth of these largely unregulated investment vehicles has been considerable, more than quadrupling their assets since 1999, today hedge funds manage close to $1 trillion.

Nearly all respondents (92 percent) feel leery about hedge funds, reporting they do not have any of their personal funds invested in hedge funds. Accordingly, 94 percent of respondents feel hedge funds should be required to have a higher-level of transparency. Respondents report that hedge funds should annually be required to report:

• Portfolio breakdown – by asset type, market cap and industry allocations (65 percent)
• Number of positions – the percentage of the portfolio in each of the top 10 positions and identification of these holdings (53 percent)
• Leverage – both at the time of the audit and the maximum amount used at any point during the year (52 percent)

About the 2006 Oversight Systems Financial Executive Report on RiskA total of 230 financial executives participated in this study, which was conducted at a number of executive-level conferences during March and April of 2006. Titles of those surveyed included chief financial officer, chief audit executive, controller, internal audit director and treasurer.

This study follows the January release of the 2006 Oversight Systems Financial Executive Report on Sarbanes-Oxley, which identified growing benefits of SOX compliance and specific compliance goals for 2006. Also recently released was the 2005 Oversight Systems Report on Corporate Fraud, a survey of certified fraud examiners which found most fraud examiners view SOX as an effective tool in fraud identification, though few think it will change the culture of business leaders. All these research studies can be downloaded for free by visiting www.oversightsystems.com/survey.

About Oversight SystemsOversight takes continuous controls monitoring to the next level by combining controls testing with a real-time transaction inspection to identify the problems in a business process. Oversight’s platform automates the entire life cycle of finding problems in business processes, fixing those problems and proving the problems were resolved. By inspecting each step of individual transactions across systems, Oversight identifies all errors and control violations, drives defect-free processes and sustains Sarbanes-Oxley compliance at reduced costs. For more information, visit www.oversightsystems.com.

EDITOR’S NOTE: Camera-ready charts and graphs of the findings from the 2006 Oversight Systems Report on Risk Management are available by contacting Brian Moran by phone at 404-920-2039 or by email at brian.moran@oversightsystems.com.