British TVs Don’t Stop Crime

How to Prevent Big Losses on Your Compliance Project

How would you feel if you spent billions of dollars on something that didn’t work? Detective Chief Inspector Mick Neville knows that feeling. He’s feeling the pain right now, as his crime fighting cameras in Britain are serving little more purpose than to catch the interesting behavior of passersby on tape.

Cameras on Tower Bridge Road, London. Picture Source

The initial thought was to have them function like a bank or convenience store security camera – thwarting off criminal activity by their mere presence. Apparently, a secondary goal of the cameras was to provide evidence in court so that more rightful convictions could be realized.

According to the UK Times Online, Mr. Neville, who is in charge of the Video Images Identification and Detections Office ( VIIDO ) told the Security Document World Conference that, “Billions of pounds have been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court.” Amazing statement, isn’t it?

In another comment to the conference he states, “It’s been an utter fiasco: only 3 per cent of crimes were solved by CCTV [Closed Circuit Television].” According to Mr. Neville, the crooks think the cameras are props that don’t even work! Worse yet, when they are caught on tape, the images’ usefulness as evidence is poor. So much for the conviction rate.
Let’s take a look at a couple of aspects of this scenario, and try to set the stage so that you don’t end up taking big losses on your project. Here’s three key lessons to keep you from getting burned on your big budget project:

Lesson # 1: Make Return on Investment a Living Estimate

It’s quite alright to spend a billion or more dollars ( or pounds if you will ) on your project, but when you start getting into those numbers, you really need to monitor your return. It’s one thing to drop a $100K on something that didn’t turn out – it’s a whole other thing to be on the losing side of a $1 Billion investment that went sour.

To prevent this, understand that your initial Return on Investment ( ROI ) is only an estimate, and probably a bad one. It has nothing to do with your intelligence or knowledge. It’s just a fact of progressive elaboration on any project. You cannot possibly know what your return is going to be, until you start discovering the reality of the product, through your project execution.
I’ve seen countless projects setup ROI in the very beginning to get funding, then never bother to keep it updated as the project is being executed. This is partly due to execution style ( see the next lesson ), and partly due to ignorance. This mistake can be a killer. Return is more of a dependent variable than Investment, so keeping an eye on your Return, and updating it throughout your project will keep your ROI a “living” estimate.

Lesson # 2: Start Realizing Your Return as Early as Possible

How will you know your real Return, unless you actually deploy some functionality into the real world? You cannot. That’s why, it’s better to organize your project in an iterative fashion that physically deploys functionality on a regular basis. This has two extremely beneficial byproducts.

Firstly, you can be successful with the above lesson on knowing your Return metric, and by extension your Return on Investment. This is vital for keeping control and communicating the truth about your project, and the product that it’s producing.

Secondly, you’re getting a Return before the project is over! As the project is executing, you are actually receiving the ( hopeful ) benefits of prior deployments. This is much better than waiting until the end of the project, just to realize that your estimates on Return were grossly inaccurate.

So, to realize your return on a compliance project, you must be able to identify the relationship between your compliance objectives, and the monetary benefit to your company. For example, your compliance objective might be to reduce the number of SOD ( Segregation of Duties ) violations in your company. What tangible and monetary benefit will that have on your company? What is the monetary cost to your company of each SOD violation? These metrics should be known so that you can appeal to the real executive issue, “What am I getting for the money I’m spending.”

Lesson # 3: Test the Effectiveness of Your Controls Early

Although the goal of you project should be indirectly tied to some sort of monetary return, chances are on a compliance project, your output metrics will be more closely tied to reducing violations, or better yet increasing control. So remember, a control is no good unless it’s effective.

Mr. Neville’s cameras were intended to be a preventive control ( thwart crime before it happens ), however it seems like there’s a secondary corrective control in place also ( evidence for court hearings ). This alone tells me there’s a problem with the strategy. They should be clear on their control objectives, and they should be focusing on the preventive control ( always the best path ).

I think they were on the right track, but the thieves are ignoring them. This makes the control ineffective for prevention. The correct execution would be to test these controls early. And, if they don’t work, you either seek ways to make them work, or find another preventive control that might work. Trying to retool the work as a device for corrective control is a step in the wrong direction.

Big budget projects don’t have to be scary, but you must take some precautions to make sure you don’t get burned like Mr. Neville and his Billion pound camera catastrophe. Understand how your project objectives link to monetary return, realize that return early, and adjust your ROI number often to foster truth in project communication. Also, stick to preventive controls as much as possible, and test their effectiveness early and often. It’s never too late to start. If you’re on a big budget project, and you’re worried about the outcome, make a quick diversion to deploy something functional as soon as possible. Then test the effectiveness of your controls, and your ROI. The results may surprise you.

Better to be surprised now, than $1 Billion from now.

Lessons Learned from The Milken Opacity Index

How Transparency Can Give You A CLEAR Advantage

Did you know that transparency can give you an advantage in the marketplace? If you follow the example set forth in the Milken 2008 Opacity Index, you might just be on your way to beating the competition, by combating obscurity in your company.

Milken Institute 2007-2008 Opacity Index.

The Milken Institute recently published its 2008 Opacity Index. The Opacity Index intends to demonstrate how much risk is involved in the investment of a particular country’s companies. In Over 8 years of research, and compilations from 41 different sources, the Milken Institute has found a direct correlation between the financial riskiness of a country, and it’s degree of transparency. Through substantial research, Milken answers the question, “Is domestic economic reform necessary to stabilize economic uncertainty? Or should a country leave things alone to let the proverbial water seek its own level?” According to Milken, transparency through economic reform is the only right answer.

To quantify transparency in a country, Milken breaks the concept down into 5 components that give us the clever acronym CLEAR:

• Corruption
• Legal Systems
• Enforcement Policies
• Accounting and disclosure standards
• Regulatory quality

Each country is analyzed in each of the 5 components, and given a score from 1 – 100, then the components are averaged to get the country’s overall opacity score. The higher the score, the more opaque the country is, representing obscurity and lack of transparency. So, as in golf, the ideal score is a low score.

I found this report extremely fascinating. For 2008, here are your most transparent companies, in order of transparency:

1. Finland
2. Hong Kong
3. Singapore
4. Sweden
5. Australia

Finland scored quite impressively in the Accounting ( 1 ), Corruption ( 3 ), and Regulatory ( 5 ) components of the index. Their Enforcement (24 ) score, and to a lesser extent their Legal ( 13 ) score really brings their average up to 9. Here’s the interpretation from the Milken Report, “Finland’s improved score is the result of strong regulation and the convergence of accounting rules and practices with international standards. Companies in Finland are more transparent to foreign investors and partners, whose due diligence, legal, and accounting costs are reduced. In this manner, a higher-wage country (like Finland) can successfully compete for investment capital with lower-wage countries on the basis of lower overall business costs.” You can’t argue with the number one spot, but the variance in scores disturbs me. They have an opportunity to improve by reducing the Enforcement and Legal scores, however it could also go the other way.

Personally, I like Singapore at the number three spot. Although they scored higher than Finland and Hong Kong with an overall score of 14, here’s their distribution; Corruption ( 13 ), Legal ( 17 ), Enforcement ( 22 ), Accounting ( 14 ), Regulatory ( 5 ). This distribution is much tighter, which demonstrates that operate more holistically on the gestalt of transparency. The lack of variability gives me more confidence that Singapore will continue to stay low in opacity, translating to less risk when investing in companies from that country.

How did the United States fare? Take a look; Corruption ( 32 ), Legal ( 23 ), Enforcement ( 34 ), Accounting ( 20 ), Regulatory ( 7 ), Overall ( 23 ). This gives the US the rank of 13. This may sound okay, until you uncover that the US was in 4th place in 2006 ( the last time the index was taken ).

What about the UK? Here’s their numbers; Corruption ( 22 ), Legal ( 7 ), Enforcement ( 37 ), Accounting ( 10 ), Regulatory ( 10 ), Overall ( 17 ). This looks better then the US, and it is with a rank of 9. Not too bad, until you uncover that the UK was in 1st place in 2006!

So what happened? According to the Milken Report, “Recent problems in the financial markets of these two countries did not simply happen on their own. Just as the index predicted, less-than-optimal market regulation and diminished levels of transparency, especially in the mortgage markets, created an environment in which problems could emerge.”
Canada places just above the US in 12th place, down from 7th place in 2006, with an overall score of 22. Like the US, they also scored high in Enforcement ( 37 ) and Accounting ( 32 ). It looks like Canada has fallen prey to the same conditions as the US.

I hope by this point you can see the correlation for your company. As the Milken Institute clearly ( pun intended ) demonstrates, transparency is the key to a less risky financial picture. Although satisfying the public is a noble motivator ( aside from the fact that it will keep you out of trouble ), you should strive for transparency in your company for your own selfish reasons. Transparency in your company provides opportunities for lower operating costs and more efficient processes.

Opacity is the sand in the gears of productivity. Let’s translate CLEAR into operating objectives for your company:

• Corruption: Actively reduce corruption by making sure all business decisions are founded on business principles. Political agendas must be reduced or ideally eliminated from business practice.
• Legal Systems: Legal systems translate to policy management in your company. Make sure you have good organizational support for your policy creation, management, and evolution.
• Enforcement Policies: Also, make sure your policies are consistently enforced. Your organizational support for your policy management should include strong enforcement of violations.
• Accounting and Disclosure Standards: Make sure your accounting is tight. Work closely with your auditors to make sure all the rules are followed. And always remember how vital disclosures are. When in doubt – disclose!
• Regulatory Quality: Make sure your company’s system of compliance is ironclad. Discover and improve your processes, train your employees, and make sure your data systems adequately support your compliance efforts.

World class transparency is the key to corporate success. Let’s see if you can be the Finland of your industry.

Handling Compound Risk

What to Do When Risk Begets Risk

So, what is compound risk? Compound risk happens when the impact of a risk event produces another risk. Before your head explodes, let me give you an example. Suppose your company faces the risk that a tired night watchman will fall asleep on the job. What’s the real business impact of this? Well, somebody might sneak in and steal your inventory. The operative word here is might. This should tip you off, that another risk is involved. Carrying the example forward, what’s the impact of somebody stealing your inventory? This is more tangible. If, on any given night, you stock $100K worth of inventory, then that’s the real impact of the theft, which happened because the night watchman was asleep. This is what I call a compound risk.

To understand how to handle compound risk, let’s review how normal risk is handled. When talking about Enterprise Risk Management for your company, you deal with an important risk, by introducing a control. This is a key operating principle of most compliance projects. For instance, the risk of an inexperienced processor entering in the wrong data could be controlled by a manager’s review and approval of the data.

So, let’s look at a compound risk in the enterprise. Let’s say you have a Segregation of Duties ( SOD ) program in place, and you have the risk that your employees inadvertently violate the policy due to a worker shortage. Normally, three people should be handling a process; however one person isn’t there, so the other two are covering the position, and unknowingly triggering SOD violations. What’s the real impact of an SOD violation? It leaves you exposed to possible unethical behavior, which could cause financial misstatements. In and of itself, an SOD violation does not financially harm your company. However, it’s possible that one of these SOD violations could spell trouble. That’s why the control was put there in the first place.

This is actually a good situation for your company, because you have the opportunity to introduce a mitigating control. A mitigating control is a backup control in case your original control fails. In our example, think of the overarching impact that we’re trying to avoid. The real damaging impact ( according to the SEC ) is the misrepresentation of financial data to the public. To mitigate the SOD control, you may put in a mitigating reconciliation control. That way, if there is some unethical tampering of the data, the recon will catch it.

There’s another place where compound risks may show up, and that’s on your compliance project. If you remember last month, we talked about managing risk on a compliance project with a contingency reserve. To determine the contingency reserve contribution for any given risk, you multiply the probability of the risk by the impact. For example, let’s say your project runs the risk of network failure. If the network goes out, you’re estimating 1 day’s worth of lost work. On any given day, the probability of the network going out is 5%. So, if your project is scheduled for 150 days, you would allocate 7.5 days in your contingency reserve to handle network outages.

Let’s take a compound risk example. Let’s say there are rumors of a layoff announcement. The chances of this announcement actually happening are about 30%. If the announcement happens, there will be layoffs, but the layoffs might not affect your project. In fact, there is only a 20% chance that any layoff announcement would have any impact on the project. If the layoff announcement does affect your project, it’s estimated that it will cause a 30 day delay as you scramble to readjust. In your qualitative analysis, you deem this compound risk as important, so you will make a contribution to your contingency reserve. But how much is appropriate?

To handle this situation, simply multiply the probability of the first risk ( 0.30 ) by the probability of the second risk ( 0.20 ). In our example, this gives us a combined compound risk of 6% ( 0.3 x 0.2 ). Now apply this 6% to the impact ( 30 days ), and you arrive at 1.8 days ( 0.06 x 30 ) of contingency reserve.

Understanding risk is vital to your enterprise and project risk management, however understanding compound risk will demonstrate your savvy and give you greater visibility into your uncertainty. Compound risk in an enterprise can be handled through a mitigating control, and compound risk on a project is handled by simply multiplying the respective risk probabilities together. Revisit your risk portfolio today to uncover hidden compound risks, and adjust as necessary with your new found knowledge.

Monster Exec Finds New Job - Prison Detail

Back-Dating is Not an Option

James Treacy, former chief operating officer of Monster Worldwide, leaves Manhattan federal court after pleading not guilty to fraud charges. (By Louis Lanzano -- Associated Press) . Picture Source

Former Monster president and COO James J. Treacy is in the double-boiled soup this month, facing charges from both the Securities and Exchange Commission and the Southern District of New York. Tracey and his former controller Anthony Bonica are being accused of participating in an option backdating conspiracy, that covered options from 1997 to 2003.

This time the COO wasn’t greedy. Like a good executive, he made sure to take care of the whole cadre, including executives, directors, and employees. As a result, Monster’s publicly filed 10K’s are only about $300 Million off in compensation expenses. Unfortunately, this tends to make the SEC very upset, so now our former Monster COO could spending the next 25 years pounding out license plates for the State of New York.

According to CFO.com, Treacy personally made out with about $23 Million, all of which will need to be disgorged if he’s found guilty. Lawyers for both Tracey and Bonica claim their clients are innocent. There’s a surprise.

It’s not worth it folks. A lot of people are going down these days for option back-dating. If there’s a question, err on the side of caution, and make sure that compensation expense line is accurate. You really don’t have an option.

How to Fix the Internet

Don't Overthink the Solution

I love this South Park outtake recently highlighted by Gizmodo:

How to Fix the Internet ( According to South Park )

Sometimes the solution is that simple. Don't get trapped by your own intelligence.