A Danger Recognized, but not Avoided

Since the creation of KonTraG and the Sarbanes-Oxley Act, the term “corporate governance” has enjoyed a boom. Corporate governance is the goal: laws and directives that bind companies to provide suitable and responsible management. The goal of such measures is primarily transparency for investors, owners, or creditors on a firm’s actual value, the risks it faces, and its expected development. Ultimately, they serve as a check to determine if management actually works in the interests of the company. Mismanagement and the accounting scandals that ruined investors were the triggers for such strict regulations.
The Sarbanes-Oxley Act was created in 2002 after bankruptcies at Enron and WorldCom. In particular, sections 404, 302, and 409 of the law challenge the IT infrastructure of publicly traded companies. According to section 404, every annual report must contain an internal control report. This report explains the responsibilities within the internal controlling system and includes a statement from management about its effectiveness. Section 302 prescribes regular proof of the company’s financial situation. Section 409 is titled “Real-Time Disclosure” and guarantees that audits are up-to-date: data must be submitted promptly. Those are tough requirements, and 40% of American companies cannot meet them because they don’t have a budget for IT.
The events that led to the Sarbanes-Oxley Act in the United States also had effects in Asia. Since the act was passed, most Asian countries have required quarterly reports. The reporting and accounting standards there generally follow global guidelines like IAS. For example, Singapore introduced a Code of Corporate Governance in 2001, but the mandatory character of the code is limited.
Asia is just at the beginning of the process. The laws must now find their way into day-to-day operations, and that’s not always easy. Aside from a few exceptions – Hong Kong, Korea, and Taiwan – publicly traded companies have not exactly shown respect for the new guidelines. Asia generally exhibits weak control in the area of corporate governance. Companies pay little attention to the new laws and accounting standards. And accordingly, the willingness to invest tends to be more cautious.
For the most part, publicly traded companies in Asia are not well-equipped to meet the requirements. Small companies often do not have the financial resources for IT; large companies are complex and usually don’t make the effort to search for acceptable solutions. That’s why the situation with reporting and risk management is so bad. Only the most necessary measures are taken. Where corporate governance and compliance are concerned, Asia still has a long way to go. That situation can also be seen in the need for more detailed market research into the level of compliance with reporting directives.
Risk management and risk reporting have been mandatory for publicly traded companies in Germany since the passage of KonTraG in 1998. Another law on transparency and disclosure (TransPub in its German abbreviation) strengthened these provisions even further. Nonetheless, a study undertaken by the BARC Institute and Cognos on the use of IT for corporate governance has shown that, according to their own statements, 20% of German companies cannot elicit their business processes relevant to risk. Only one-third of the companies has implemented automatic monitoring. The precarious result? It takes an average of more than five days for critical information to find its way to the board of directors.

Corporate Governance – Necessity and Opportunity

The necessity of transparency means significant effort for companies. Above all else, risk and information management as the foundation for corporate governance must respond to the tough requirements. But how do business people actually understand corporate governance? How is the topic approached and implemented? One thing is clear: IT plays a decisive role.
The effort it takes to find an ideal and comprehensive solution is worth it in every case. According to estimate of the market researcher Gartner, companies that develop a special solution for each requirement (Sarbanes-Oxley, KonTraG, or IAS) must count on costs for compliance projects that are 10 times higher than those of companies that implement an integrated solution to meet all requirements. Companies underestimate the return brought by investments in a comprehensive IT platform.
Of course, reporting feels like a straightjacket, but it’s also an opportunity for a constructive development step: the necessity to rethink and optimize the controlling structure, the management information system, and the internal processes. That’s why investments have two benefits. First, managers can use analysis and reporting tools to create reports more frequently to compare expected performance with actual results. Second, these comparisons prevent unwelcome surprises.

Numbers and Facts

More transparency throughout a company also means more profitability. These advantages cannot be underestimated; CEOs and CFOs personally vouch for the veracity of statements on the financial situation of the company. But consciousness of this reality develops only slowly among most mangers. In 2003, a year after the Sarbanes-Oxley Act went into effect, companies in the United States still generally completed their compliance statements manually – according to analysts from AMR Research. Companies spent only $100 million on the reports. But the manual procedure requires too much effort and the completeness of the reports is difficult to verify. According to Garner, the number of company documents increases by 20% every year. And worse, important information is often inaccessible directly or can be completely lost – especially in heterogeneous IT landscapes.
Against this background, interest in IT support for internal and external controlling has increased significantly. In 2004, global spending on technology to deal with compliance climbed to $1.13 billion – a jump of some 1,100%. Investment increased another 52% from 2004 to 2005. At the end of 2004, at least $1.7 billion was spent on IT related to compliance.
Let’s take a look at Asia, where consciousness of the synergistic effects of an IT infrastructure that can meet the requirements of compliance and still offer good performance is developing only slowly. According to a 2004 study by Deloitte on financial institutes from the Asia-Pacific region, 68% of the survey participants handle reporting without IT support tailored to the requirements. Nonetheless, interest in risk management is weak; 83% of the companies surveyed do not plan to make any investments for risk management.
Against this background, the results of a study published by PricewaterhouseCoopers in 2005 are not surprising. According to the study, only 19% of companies located in the Asia-Pacific region believe that their reporting meets the requirements of international laws and regulations. They’re even unsure about national laws. Only 58% of the companies believe that they are well-equipped at least in this area.
Even in Germany, the current situation is alarming. Some 40% of the 105 companies surveyed by the BARC Institute see no current need to equip their IT infrastructure for compliance. The term “corporate governance” still seems to be a stepchild of German management. Only 40% of those surveyed can even explain what corporate governance means. Despite that figure, 93% proudly think it possible to improve corporate governance with IT – primarily with information management. After all, more than half of those surveyed are dealing with the topic and are either in the middle of implementation projects or are planning IT projects.
Business intelligence (BI) plays an important role here. More than 25% of the companies already rely on BI or plan to invest in it. Only 6% already have an IT infrastructure that’s set up for compliance. Mummert Consulting sees an annual increase in spending of 16% for BI in Germany. That figure means projected spending in 2007 of _1.8 billion for the initial implementation and further development of BI systems.
Right now, fires are burning at other locations. Not even a third of the companies surveyed have automatic monitoring of critical business processes. Other uses of IT to improve corporate governance include risk management, external and internal reporting, controlling, planning, and budgeting. But here, too, gaps appear among publicly traded companies in Germany. The survey showed that almost one-third of companies did not have comprehensive internal reporting across all levels of the company hierarchy – including the board of directors. The situation is not much better for external reporting. Some 20% of the companies need more than three months to produce their annual report. No one can even talk about real-time reporting here.
In light of these facts, a study of the rating agency Governance Metrics is interesting. The study examined 2,588 companies around the world in terms of their company policies toward investors to determine the country most capable of corporate governance. Criteria like transparency, shareholder rights, or the responsibilities of the board of directors were the deciding factors in the evaluation. The United Sates was the winner. Germany came in among the top 10, and Japan come in second to last.

A Global Need for More Integration – Standardization Required

Compliance – A Second Look at the Advantages
Compliance – A Second Look at the Advantages

It’s no wonder that satisfaction with IT systems for enterprise planning is often limited. The reason? Integrated systems are the exception, not the rule. According to Ventana Research, 66% of companies around the world rely on two to eight different systems for reporting, planning, and consolidation. In the United Sates the number is more likely to be lower; in Asia the number is likely to be higher. Only 12% have a single, integrated solution. Today, Germany finds itself right in the middle with an average of eight systems that deliver data. Accordingly, the need for uniformity and standardization among systems is great. To meet the demands of lawmakers and to be safe and secure, the only option is to set up IT systems to meet these needs. And IT must meet even greater needs for publicly traded companies to hold their own beyond their own borders in the world’s capital markets.

Mehr about Cognos

Erich Leitner
Erich Leitner