THE LINGERING FINANCIAL CRISIS has significantly tested companies and their boards, forcing them to examine and, in some cases, change their approach to running the organization. Although no single event caused the crisis, a myriad of failures--including breakdowns in governance, risk management, and internal control--brought the global financial system to a screeching halt. As organizations move from assigning blame toward a forward-looking, "lessons learned" era, they must take steps to make sure a breakdown of this magnitude doesn't happen again. "Changes in risk arising from changed business models were apparent in the crisis," says David Landsittel, recently appointed chairman of The Committee of Sponsoring Organizations of the Treadway Commission (COSO). "It illustrates the importance of companies having ongoing processes that add assurance that changes in enterprisewide risks are recognized on a timely basis."
The U.S. Congress' Shareholder Bill of Rights Act of 2009, which provides enhanced authority on executive pay, Standard & Poor's incorporation of enterprise risk management (ERM) assessments in its ratings of nonfinancial companies; and the U.S. Securities and Exchange Commission's (SEC's) proposal to overhaul proxy disclosures involving risk will put increased pressure on boards to strengthen their oversight of enterprise risk in the aftermath of the crisis, he says.
COSO is sponsored and supported by five professional organizations--the American Accounting Association, the American Institute of Certified Public Accountants, Financial Executives International, the Institute of Management Accountants, and The IIA. Landsittel also serves on the board of directors and chairs the audit committees for Molex Inc. and Burnham Investors Trust for the Burnham Family of Funds. He recently spoke with Internal Auditor about the financial crisis, COSO's frameworks, and his agenda as chairman.
Q: Why didn't the COSO Enterprise Risk Management-Integrated Framework, coupled with the U.S. Sarbanes-Oxley Act of 2002, work to preserve corporate integrity and prevent the financial crisis?
The causes of the financial crisis are complex and involve many factors. I'm more interested in discovering the lessons learned--what can we take from it that benefits COSO and our stakeholders? The first lesson is that the more companies know about the risks they face, the better. It's also important for companies to be able to identify...