I had a few great conversations yesterday about the increasing role analytics will play in risk and compliance programs, which brought to mind the article, For Some Firms, a Case of 'Quadrophobia' appearing earlier this week in the Wall Street Journal and referenced yesterday by the NY Times’ Freakonomics blog.
The article covers a study of quarterly earnings reports over a nearly 30 year period, which found a statistically low number of results ending in four-tenths of a cent. The implication here is that companies fudge their numbers slightly to report earnings ending in five-tenths, which can then be rounded up... clever. Even more interesting, authors of the study found that these “quadrophobes” are “more likely to restate financials and to be named as defendants in SEC Accounting and Auditing Enforcement Releases (AAER)”... not clever.
The report encourages the SEC to enhance its oversight with a new department dedicated solely to detailed quantitative analysis that might catch this type of behavior. It also occurs to me that many corporations would like to identify such trends within their four walls to detect and prevent potentially damaging behavior.
Clearly, the cultural/human aspects of risk management and compliance – policies, attestations, training, awareness, whistleblowing, etc. – are essential. But as the number and complexity of business transactions continue to grow, companies will be looking more and more for ways to analyze massive amounts of data for damaging patterns and trends.
In my ongoing work with clients, I try as often as possible to stress the importance of flexibility in GRC programs. Internal processes and technology implementations must be able to accommodate the perpetually fluctuating aspects of business, compliance requirements, and risk factors. If GRC investments are made without consideration for likely requirements 1 to 2 years down the road, decision makers aren’t doing their job. And if vendors don’t offer that flexibility, they shouldn’t be on the shortlist.
News outlets over the past year have given us almost daily examples of change in the GRC landscape. The recent stories coming out of Davos have been no exception... giving us some truly fascinating debates on the necessity and detriment of regulations. As quoted in a Wall Street Journal article on Sunday, Deutsche Bank AG Chief Executive Josef Ackermann argued against heavy-handed regulation, saying, "We should stop the blame game and we should start looking forward... if you don't have a strong financial sector to support the this recovery... you're making a huge mistake and you will regret that later on," he said. French President Nicholas Sarkozy summed up the opposing argument in his keynote, explaining, "There is indecent behavior that will no longer be tolerated by public opinion in any country of the world... That those who create jobs and wealth may earn a lot of money is not shocking. But that those who contribute to destroying jobs and wealth also earn a lot of money is morally indefensible."