Learning From Disaster | Part Two - Transparently Obvious
- 11 November, 2002 11:38
"I am incredibly nervous that we will implode in a wave of accounting scandals," she wrote in a letter to Kenneth Lay, the corporation's chief executive officer. Congressional investigators looking into the company's collapse revealed the letter's existence in February. The letter, said one, is "breathtaking in detail".
While accountants used to be the eyes and ears of shareholders, some of the worst scandals of "The Year of Corporate Collapses" might have taken much longer to come to light without the efforts of concerned insiders capable of assessing the true financial health of the company and prepared to speak up about their fears.
As the stories behind the scandals unfold there is growing awareness that CIOs have a crucial role to play in enabling these honest whistleblowers. In the future, analysts say, a CIO's credibility will depend on their ability to help keep the organisation honest and accountable by providing the tools to make financial information as transparent as possible.
"The number of articles devoted to the Enron debacle during the past months has been enormous, but the impact on CIOs has been poorly addressed," Gartner notes in a report. "CIOs will be caught between trying to prove the value of IT and trying to boost their own credibility at a time when systems are becoming complex, chaotic and risky. A handful of CIOs will enjoy a rebirth of credibility during the post-Enron period as they concentrate on accessing, integrating and facilitating insight into information. Many other CIOs, however, remain so enmeshed in managing technology, rather than in managing information, that their credibility will suffer."
Gartner notes that although CIOs may not be discussing esoteric changes in accounting standards and reporting regulations post-Enron, CIOs will certainly be affected by the resulting changes. "They must prepare to be active players in facilitating financial reporting, defining financial governance, dispelling technology myths created by financial analysts and implementing government regulations. Although details have not gelled, enterprises will likely be expected to disclose information about financial results more frequently. Visionary CEOs and CFOs will start to make those changes ahead of any forced regulatory change as a way of rebuilding shareholder confidence."
With all too many executives having been investigated, fired, jailed or just deeply humiliated, and with untold employees still trying to pick up the pieces of the accounting scandals of recent times, the public debate has been largely comprised of questions. How did all this happen? What happened to the auditors who were supposed to be assuring corporate integrity? How can companies spend so much money on financial information systems and still not know their own organisation's financial health? Why weren't there more concerned employees ready to blow the whistle? And pertinently, why did those with the power to act ignore those with the power to warn?
CIOs should play a critical role in answering some of those questions.
Auditors can be deceived or corrupted, and too many companies have made a habit of overriding or ignoring internal controls such as multiple crosschecks or approvals of accounting data designed to preserve financial integrity. The financial press can only play a limited role in uncovering scandal, while markets can only assess information on the public record, meaning it can take a long time to detect aggressive or irregular accounting. That makes the CIO's role in providing good technology capable of making the financial health of the company fully transparent, along with the IT governance to keep IS efforts fully aligned, essential.
"I think the responsibility - and I think a lot of CIOs see this today - is not just at a systems level, but at a business level and at a cultural level," says PeopleSoft Australia & New Zealand managing director David Webster. "And so when they weave those three things together, they really have a role which is highly influential on any organisation's business outcomes. They're not just providing the infrastructure and then saying: Â'You go and use it.' Their responsibility has got to be: here's the infrastructure, and by the way here's the data converted into information and delivered to the business guy who's making the business decision."
Of course if the CEO wants to behave fraudulently no amount of software will stop them, as Forrester Research senior analyst Jim Walker remarks. Alarms may go off, but will not help if the senior management wants to ignore those alarms. "Here's the bottom line," Walker says, "[financial information] software is good for the CEO and the CFO - C level people - to find out if there's people within their organisation that are playing games for whatever benefit. But at the C level, if they're going to be fraudulent, no amount of software is going to solve that problem."
Still, the Enron experience shows that having the right level of management information available makes it easier for every employee to assume some level of financial accountability to help keep the organisation out of trouble.
"I believe that the reason that some of the information that has come to light in the likes of the HIH and the One.Tels and so forth is because people at lower levels of the organisation called it out," says Webster. "They called out the fact that they felt there were funny things going on with some of the accounting practices and some of the financial measures and the financial management, and that to me is a positive thing.
Webster says that although a company's cultural aspects are not necessarily owned by the CIO, the CIO does have a responsibility to be involved in the culture side of accountability. He points out that growing numbers of organisations are devolving accountability for financial management to levels of management below the CFO. That reflects a new awareness that the responsibility for financial management needs to permeate an organisation; it is not just the domain of the CFO and the finance function.
"The CIO is not just delivering a system for the finance function. He or she is delivering a system and supporting a system for a business that very often encompasses not just the CFO function but all functions. So we see things like self-service. We see things like CFO portals and those sorts of technologies coming into play, where you have role-based accountabilities and responsibilities architected behind the portal, which enable people to get financial visibility at different levels," he says.
Show Me The Problems
"What makes a good information system that can keep the company from collapsing?" asks Keith Skinner, chief operating officer Deloitte Touche Tohmatsu. "I think basically there's got to be good financial reporting information systems, and that means both from a planning stage - good budgetary systems that can do profit and loss balance sheet, cash flow plans and budgets - and then you need a good system to report against those financial systems. They've got to be flexible, in that you can continually update them, and do continuous planning and forecasting; good variance or exception analysis that shows where there are problems, so those can be investigated. That's the financial accounting side, if you like.
"Then there's management accounting systems that, depending on what business the company is in, can give you things like client profitability; product profitability, if there's standard costing, variance from standard. I could go on and on, depending on the type of corporate [entity] . . . but basically, it should be a system that can measure the key performance factors that really measure the firm's success and profitability."
Skinner advises CIOs to carefully examine their business and determine the critical performance factors: what needs to be measured and monitored. They should make sure their systems are not only capable of addressing those needs but of presenting meaningful reports. CEOs should do a risk analysis, either internally or with the help of an outside consultant, he says, to determine the key success factors for the business, communicate that to the CIO and then have them devise or purchase the appropriate system that will deliver that.
"They [CIOs] should really concentrate on reports. These systems can spit out voluminous reports that are very difficult to use and to read, and probably then people overlook the real issues because of that. So I think really communicating with the users of the information as to what their requirements are, so that you get reports that are very focused and highlight what the issues might be, is extremely important," Skinner says.
"In order to restore investor confidence, CFOs across all industries need to go beyond regulatory compliance and provide additional disclosure of financial and nonfinancial information," says Alan Landis, research director, Working Council for Chief Financial Officers. "As pressure to disclose intensifies, many CFOs are looking for automated solutions to improve external transparency to investors."
Gartner notes disclosure of financial information will affect back-office accounting systems. Many enterprises have adopted a "make do and mend" policy and patched legacy finance and accounting systems. In all likelihood, those systems will be unable to respond to frequent and detailed financial reporting.
Enterprises that have implemented financial applications from one of the ERP vendors will be in reasonable shape, but they will not be invulnerable. Although most ERP systems support the concept of a "virtual" close (that is, financial transactions are continually updated in real time or near real time), feeder systems that pass financial transactions to the ERP system may be sources of weakness. They may not pass sufficient detail (to support more detailed reporting) or they may work on fixed batch intervals.
Top-Down, Bottom-Up Information
Of course transparent business means having many users of information. That is why some vendors are pushing enterprise planning and performance management software, claiming it is already changing the way enterprises operate by imposing collaborative top-down, bottom-up planning practices, business transparency and far-reaching accountability.
Enterprise planning and performance management is a methodology and practice based on company-wide collaboration and participation that allows hundreds of employees to become involved in the collection of data and planning future performance. This helps prevent people from any position within the company from massaging or misplacing financials.
"CEOs and CFOs are under enormous pressure from the threat of potential legislation and intense market scrutiny to demonstrate financial stability and reporting accuracy in the wake of recent corporate collapses," Adaytum global CEO Guy Haddleton says. "Their first port of call to achieve this is generally the CIO and finance department to establish a system that will provide them with job security by being able to adequately demonstrate: financial accuracy, business transparency and executive and employee accountability.
"Enterprise planning and performance management achieves these key criteria because it drives the collection and analysis of realtime data. It provides CIOs and their CEOs with greater confidence in predicting future operating performance. So, there's much less likelihood of the business missing its bottom-line numbers, or of having to issue reforecast profit warnings."
Haddleton, whose company provides enterprise business planning solutions, says enterprise planning and performance management replaces outdated technology - commonly Excel spreadsheets which are not suited to planning and data collection on a multi-user basis - and in doing so eradicates the common issues of data integrity.
Enterprise planning and performance management also provides senior management with the flexibility to track business against plan and allows them to take proactive steps to change the outcome of the business on a quarterly basis. This means that warning about missing profit or revenue targets comes early enough for CEOs to be able to take steps to readjust business strategy in order to try to meet original targets.
Capture and Analyse
Forrester Research says CIOs can help corporate officers and their auditors rebuild trust by building an electronic audit application. The application should intelligently capture and analyse enterprise and business segment data providing a daily audit of the firm. This application should siphon electronic data to monitor profitability drivers and alert the CFO to problems; provide a repository to manually log material events and provide pattern recognition algorithms to detect fraud.
Jim Walker, a senior analyst with Forrester, says companies need to fully digitise the business. "Companies tell us that while 80 per cent of their volume is done electronically with EDI, 80 per cent of their customers (20 per cent of their volume) still use phone and fax. If you're going to manage your business with an electronic audit committee application, you need to have the data in electronic form before you can even start that.
"That's the first thing: the data needs to be electronic, it needs to be sitting in a data warehouse, across the enterprise," Walker says. "The next thing that needs to be done is that the CIO needs to work with the CFO and the outside auditors, to ask the types of questions financial analysts would ask the company. Before you can program this electronic app you need to ask the questions that a financial analyst would look at when they're evaluating the business. And then the third thing that you need to do is that you need to have a portal to capture information that's not readily captured in the numbers."
Walker says a lot of accounting is based upon judgment. The CIO should provide an application that can capture management judgment throughout the organisation, focusing on the treatment of revenues and expenses and the risks for the business into the future, he says.
"So for example, if I'm a manager at a plant in Taiwan, and my business is dependent on a major contract with a Japanese auto company in Tokyo and I'm concerned that I may not be able to renew my contract, for whatever reason, that needs to be captured, because that is a risk. There needs to be some portal that captures that knowledge," Walker says.
Once the application has the data the CIO can program it to automatically sift through it to detect patterns and ring alarm bells as appropriate. The software must be smart enough to minimise false positives and alarm alerts.
Meta Group suggests IT executives can enhance strategic value by establishing an IT controller role. As organisational growth and financial complexity become more critical, the research company expects this role to grow from 20 per cent of Global 2000 companies currently, to 40 per cent plus by 2005.
"In smaller organisations, the CIO often owns this function. By 2005, the IT controller role will expand from a tactical, internal IT budget watchdog, to a strategic business collaborator and liaison, often with dotted-line reporting to the corporate CFO," Meta Group notes. "An empowered IT controller can better align IT initiatives and budgets with business objectives and metrics, ensuring compliance with financial and accounting practices, reporting and visibility."
That can only be for the good, in an era where companies will find visibility a most attractive option.
SIDEBAR: Economies of Scale
Locally HIH may have got it wrong, but in the US mega insurer MetLife has dedicated two years to getting its financial house in order
By Stephanie Overby
MetLife's status as the US's second largest insurer ($US2.1 trillion worth of insurance in force) came from an aggressive acquisition strategy that saddled the 134-year-old company with a plague of dissimilar systems.
Last year, the MetLife companies served 9 million US households, 4.1 million customers abroad, and 64,000 companies and institutions. It has 46,154 employees, and last year it amassed $US32.5 billion in operating revenue. On the technology front, the company has five CIOs, one CTO and an executive vice president of technology who oversees them all. During its 134-year history, MetLife has grown not only in size but also in complexity, becoming so broad that Chuck Johnston, vice president of insurance information strategies at Meta Group (US), describes it as the "GE of the insurance industry".
Much of MetLife's scale is the result of its aggressive acquisition strategy - it has bought everything from billion-dollar enterprises to distribution channels across all its lines of business. Because of its rapid expansion, MetLife was saddled with a plethora of disparate systems and processes - in addition to its own legacy systems, some already decades old. In 1998, a new CEO, Robert H Benmosche, came on board looking to transform the company's reputation as a staid insurance company to that of a nimble, full-service financial services firm. To that end, he had MetLife look at its millions of customers from an enterprisewide perspective and start taking advantage of its enormity to cut expenses. At the same time, MetLife executives decided to take the company public, meaning it needed to respond to public-reporting requirements dictated by the US Securities and Exchange Commission. All these changes meant one thing for MetLife's technology team: it was time to get integrated.
Daniel Cavanagh knew big changes were ahead when he took over as executive vice president in charge of operations and information technology in March 1999. The message from "the chairman", as most of the IT execs call Benmosche, was that the IT staffs supporting MetLife's business units needed to rein in the subsidiaries so that the huge insurer could start reaping economies of scale. "When MetLife started testing its value proposition with the Street, the big sentiment was that it's time to harvest some of that scale you've got," says Tony Candito, senior vice president and CIO of MetLife's individual business unit. "At that point, everything changed."
Cavanagh began by "integrating" his five business unit CIOs and his CTO into an IT governance board. They meet monthly to discuss IT and integration strategy and specific projects, both enterprisewide and within each business unit.
Follow the Financials
The first integration task for MetLife was getting its financial house in order. That fell to Peggy Fechtmann, senior vice president, CIO of corporate systems and chief e-business officer. Even after the IPO in April 2000, its financial processes and systems remained siloed. Different subsidiaries sent financial information to MetLife's Florida-based comptroller in different ways - by FedEx, mail or e-mail - making it largely a manual job to close the books each quarter. "It's comical in hindsight, but it certainly wasn't comical then," Fechtmann says.
Her first step toward standardising and integrating financial systems was to form a steering committee of IT executives and subsidiary business partners to discuss the financial processes of MetLife and its subsidiaries. They knew they needed general ledger, accounts payable and asset management capabilities, and they planned to go with packaged software. They looked at Oracle, PeopleSoft and SAP before choosing PeopleSoft. "There was an exhaustive analysis, but there was a slight bias toward PeopleSoft because Met had implemented PeopleSoft for HR in 1995," explains Fechtmann. MetLife committed $US80 million over two years for PeopleSoft's Enterprise Profitability Management (EPM) package.
Next, Fechtmann created a rollout plan. First was the MetLife company, or Mother Met as Fechtmann calls it, which was converted in April. Several smaller subsidiaries moved over in May, and several midsize subsidiaries, such as MetLife Securities, in June. MetLife Auto and Home is slated for the third quarter. After that come the larger acquisitions - New England Financial and General American Financial - in the fourth quarter, where there is sure to be a "fair amount of pain", says Fechtmann.
After the vendor, rollout and customisation choices came the hard part. Every Thursday, Fechtmann flew to Florida to foster a close working relationship with her business partner, MetLife's comptroller, and representatives from Met's subsidiaries. "There would be painful meetings where we would do account mapping," Fechtmann, a former accountant, recalls with a grimace. "New England Financial's comptroller would say: Â'We have 500 general ledger accounts, and this is how we normally post our stuff.' MetLife's comptroller would say: Â'Well, we do it this way.'" The IT governance board came to the consensus that decisions such as those would be made based on the greatest overall benefit, rather than simply going the MetLife way. "We weren't going to say: Â'Well, this is the way we do it, and you have to comply'," says Fechtmann. "So we went account by account and figured out how we were going to do it. [We] really had to re-engineer the business processes. [We] were really trying to define a new model of how to do business."
The process was tedious and troublesome. "You run into both business process angst and, quite frankly, cultural angst," Fechtmann explains. "Old habits die hard. People say: Â'Well, this is the way we've always done it', and change can be difficult."
Still, MetLife and most of its subsidiaries have made the transition to the PeopleSoft EPM system and have begun to trust the numbers it generates. The next step is encouraging business partners to use it for financial analysis and business planning.