This article was written by a dear friend of mine who doesn't get enough credit for his creative inspiration and incredible writing skills, I hope you enjoy this article as much as I did.
------------------------------------------------------------------------------------
EXECUTIVE SUMMARY
Created in response to recent corporate scandal, the Sarbanes-Oxley Act of 2002 redefines compliance to include transparency of financial processes as well as honest reporting of the results.
§404 of the Act requires an “internal control structure” and that officers are obliged to report about it in detail in their periodic reports to the SEC.
An influential consortium consisting of the largest professional organizations of accountants (COSO) has developed a framework of internal control that will likely be the de-facto standard for Sarbanes-Oxley compliance.
The sales and marketing function faces a unique challenge in erecting its internal control structure because some of its key finance-oriented outputs (sales forecasts and projections) upon which many other functions rely, are based on abstract or estimated data and are generated through non-standardized processes.
Analytics -- the tools, processes, and expertise of pooling information and drawing meaningful insight – are a critical component of a compliance strategy for the sales & marketing function.
To prepare for compliance (beginning in June, 2004 when §404 goes into effect) heads of sales and marketing functions can do three key things:
1. Develop a strategy for using analytics in compliance;
2. Define the key financial outputs of the function and infuse their production with scientific, analytical insights and processes;
3. Use the COSO framework for internal control to identify priorities for implementing an analytics solution
The challenge of building a sophisticated analytical capability is daunting but the rewards are great. Not only will companies be in a better position for compliance, but the insights gained from an analytics infrastructure will generate innumerable benefits to the business by helping optimize sales and marketing activities.
----------------------------------------------------------------------------------
§404 of the Sarbanes-Oxley Act of 2002:
“The commission shall prescribe rules requiring each annual report required by §13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d) to contain an internal control report which shall –
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.”
-----------------------------------------------------------------------------------
Background
Business scandals inspire regulatory reform. The Sarbanes-Oxley Act of 2002 was a direct response to the major business and accounting scandals committed in public companies such as Enron and WorldCom. Indeed, as examples of poor management oversight, greed-driven cultures, and lax audit standards few better (or worse, perhaps) examples exist.
A New Frontier: Process Compliance
Sarbanes-Oxley is perhaps the most profound revision of securities laws since the 1934 Act that created the SEC in the first place. §404 of the Act in particular provides a subtle but extremely significant expansion in the SEC’s regulatory authority. Before §404, the main reporting duty revolved around financial results. The regulatory mandate was fairly clear: “report your results from operations accurately.” Now, the SEC’s scope also reaches into the processes of obtaining those results, and the mandate is not so clear. A number of related questions arise: “what was your process that generated the numbers? Tell me all about it: Was the process reliable? Did it accord to an acceptable framework of “enterprise risk management” (ERM)? Were there appropriate internal controls in position to flag and curtail financial gimmickry (intentional and unintentional)? How well does your internal control system work, and how does it compare to how it worked before?” This change provides an entirely new risk frontier for noncompliance: not only must the ultimate numbers and risks be honestly reported, but the process that generated them must meet a legal standard of propriety.
Since §404 doesn’t go into effect until June, 2004 for the largest public companies, most of the attention to the law has focused on §302 and the associated criminal penalties in §906 which provide that officers must certify the accuracy of financial statements and to the existence of “internal controls.” §404 is the part of the law that sets the standards for establishing those internal controls through an “internal control structure.” The practical effect of these changes is that top executives will need to be much more closely involved in the process of creating financial information. Their underlings will provide more frequent summaries and views of what they are doing, and what data they are using. Accordingly, the basic theme of accountability has flip-flopped: what was once a passive, top-down review of financial outputs cobbled together chaotically at report-time has become a pro-active, participatory bottom-up process driving results.
So it is not just the top corporate officers who are on the hook for compliance, even if they are the only ones who need to “sign on the dotted line.” Although they traditionally may have been far more focused on the tactical issues of running the business, business and functional unit leaders now confront several key strategic, compliance-related questions:
– Where is the material risk in my business?
– Do I have the appropriate controls to mitigate the risk, and to flag trigger-events as they occur?
– Are these controls actually being applied in a consistently competent fashion?
– Am I confident in attesting to the accuracy and integrity of my financial data on an on-going basis? (You can’t expect the CEO to do so if you aren’t)
This line of inquiry will structure the case when regulatory or litigious-shareholder ire fixates on a surprise that upsets street expectations. Before Sarbanes-Oxley, the basic surprise investigation asked the following: “what did you know? When did you know it? Was it material enough to justify public release?” Now, a whole separate theory is also available: “how did you not know about it?” Executives must demonstrate that despite adequate internal control processes, they couldn’t know about the surprise. In essence: the risk was not just unknown; it was unknowable.
To prove its position, a company will need a rich cache of information with a precise analytical narrative to explain itself. Analytics -- the tools, processes and expertise for pooling information and drawing meaningful insight -- is not merely a matter of smart business anymore; it’s a critical component of an overall compliance strategy.
The Magic Words: “Internal Control Structure and Procedures”
In 1985, inspired by an “alarming increase in fraudulent corporate financial reporting,” a consortium of the largest accounting professional associations formed the National Commission on Fraudulent Financial Reporting, more commonly referred to as The Treadway Commission. Each member of the consortium also participates in a supporting organization, COSO – literally, the “Counsel of Supporting Organizations.” COSO works on ethical and professional issues for the accounting profession. Periodically, it comes out with a report. These reports and their recommendations have a powerful self-governing influence on accountants.
In a 1992 report, COSO defined the ambiguous phrase “internal control”: “Internal control is broadly defined a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 1) effectiveness and efficiency of operations; 2) reliability of financial reporting; 3) compliance with applicable laws and regulations.”
To be expressed as written policy and for tracking and reporting purposes, the COSO report states that internal control process manifests as a “framework.” COSO identifies eight core elements in its “integrated framework” for internal control. §404 specifically calls for just such an “internal control structure” that management has to describe
and adjudge as to its effectiveness in the company’s annual report. The SEC mentions COSO by name in its rules for §404, and declines making it the official legal standard only because foreign companies doing business in the United States might use a different structure. Thus, in practice, if not by law, the COSO framework probably will be the benchmark standard of “internal control structure and procedures” for US companies complying to §404. In part, the SEC says:
“The COSO Framework satisfies our criteria and may be used as an evaluation framework for purposes of management’s annual internal control evaluation and disclosure requirements.”
Using the COSO Framework for Sarbanes-Oxley Internal Control Compliance
The draft COSO framework covers a wide swath of territory – ranging from declaratory statements about a company’s values and culture, to specific parameters around data storage and integrity. Each element contributes to the overall evaluation of the company’s exposure to risk – market or regulatory.
Here are highlights of the framework where an effective analytical capability would be especially useful:
– Event Identification: This is a company’s ability to draw insight from its information and flag the contingencies upon which the objectives are premised. Aggregate analytical capabilities would be critical: in some cases, it may be useful to group potential events into categories. By aggregating events horizontally across an entity and vertically within operating units, management develops an understanding of the interrelationships between events, gaining enhanced information as a basis for risk assessment.
– Risk Assessment: This is the assessment of the probability of those contingencies. Risk assessment employs both qualitative and quantitative analytic methods—and evaluates potential uncertainties as they unfold, whether they are internally or externally generated.
– Control Activities: These are policies and procedures ensure that risk responses are carried out efficiently. Here too is a point which calls for analytic capabilities in two key areas. 1) COSO identifies general controls as encompassing IT infrastructure and management, security management and software. 2) Application controls are designed to ensure completeness, accuracy and validity of data capture and processing.
– Information & Communication: Analytics is the solution for COSO’s information & communication element of internal control. COSO says information is needed at all levels of an organization to identify, assess and respond to risk. Pertinent information from both internal and external sources must be captured and shared in a form and timeframe that equips personnel to react quickly and efficiently. Effective communication also involves the exchange of relevant data with external parties, such as customers, vendors, regulators and shareholders. Effective enterprise risk management relies on both historical and current data. Historical data tracks actual performance against targets, identifies trends, correlates results and forecasts performance. Historical data also provides early warning signals concerning potential risk-related events. Current data gives management a real-time view of risks inherent in a process, function or unit. This enables an organization to alter its activities as needed in keeping with its risk appetite.
Sales & Marketing’s Unique Challenge
The Sales and Marketing function faces a unique compliance obstacle. More than any other function it relies on guesswork for its most critical financial instruments. Sales forecasts generate guesses about what a given market demand should be. Sales plans generate guesses about how the company should capture that demand. Opportunity assessments generate guesses about a company or products addressable market. Critically, many other business functions depend on sales and marketing’s guesses:
– Finance projects cost and profit levels and capital needs based on a given sales forecast, and usually publishes its expectations to Wall Street.
– For a manufacturer, operations plans what to produce, and thus what raw materials to procure based on a given sales plan or forecast. Service organizations allocate human capital and adjust fulfillment plans. A real-world example demonstrates the potential impact of getting it wrong: a major airline over-forecast nearly 60,000 seats crossing the Atlantic four summers ago, and had to swallow enormous costs from the capacity it built to accommodate these phantom flyers. It had already paid access fees to airports, allocated planes, entered longer tem fuel contracts, etc. When summer came, planes with as few as 15 passengers would make the crossing. The ticket charges couldn’t even pay for the direct costs of making the flight!
Unfortunately, sales projections are often based on the plan of what executives want to sell, not on an analytic assessment of the actual market demand at the time of the forecast. The Next most common method is to premise the forecast on some loose version of historical analysis: “this is what we sold last year; this year, we’ll beat it by 2%.” Will Sarbanes-Oxley digest such back-of-the-envelope or simplistic analyses? Do you want to take the risk to find out? Taking a chance is probably not a good idea. In practical terms, compliance will require transparent, accurate and effective processes for generating forecasts.
In fact, any financial report that will eventually be used or relied upon by the CFO or any other part of the business should be drafted with awareness that someday, along with hundreds of thousands of other documents, it may end up as part of a response to a subpoena. Ordinarily, future statements are not actionable, (we’ve all seen the disclaimer at the bottom of nearly every press release) but that is not the point. It’s not that the reports and forecasts of sales & marketing contain prognostication; it’s about whether those reports and forecasts were developed through sound analytic and business practices – i.e. under an umbrella of “internal control.” While the prognostications themselves may be beyond legal recourse, the processes behind them probably are not.
Planning Ahead for Compliance: An Analytics Roadmap for Sales & Marketing
The best plan for harnessing analytics’ powerful predictive and explanatory capabilities in sales & marketing is a three-pronged approach:
Have a strategy. Before anything can be executed you need to have underlying goals, and identify the scope of the task. First, how does your compliance duty fit in with the company’s over-all plan? What data is required? What systems is it in? With which other functional units will you need to coordinate? What is the basic approach for executing an analytics solution: in-house or out-source? What tools would we need? Who can help? Thinking through these issues first before burning many person-hours, or spending large sums on consultants or software improves your chances of executing a real success.
Define the financial outputs of the group, to include things such as: forecasts, sales plans, market opportunities, campaign forecasts and budgets, marketing program budgets, etc. and then tie analytic processes to the production of each of these outputs. Analytics is so important to the production of these financial outputs because it provides a traceable process linking disparate data and for rendering heretofore assumed or grossly estimated data in more scientific and transparent ways. Analytic techniques that could be used in producing these outputs more scientifically could include:
1. Output vs. performance measurements
2. Financial to non-financial comparisons
3. Regression analysis
4. Predictive modeling
5. Trend analysis
6. Types of analyses: inter-period analysis, industry comparisons, budget comparisons, economic analysis
7. Measurement techniques: ratios, percentages, physical quantities, monetary amounts
Tie planning, budgeting, and other financial analyses to the COSO risk management model and identify priorities for implementing an analytic solution. The “Information and Communication” element of the framework reads like a requirements statement for an analytics solution. The pre-curser requirements of successful analytic solutions (data warehousing, ETL tools, data hygiene, etc.) facilitate information and communication. Also, analytics is how to assess current data for a real-time view of risks inherent in a process, function or unit. Finally, the ability to leverage historical data and identify trends, correlate results, forecast performance, and provide early warning signals concerning potential risk-related events is possible only through analytic processes.
Conclusion Since the effective date of §404 is not until June 15, 2004, there is still time to prepare a compliance infrastructure that includes powerful analytic capabilities. It’s not all about compliance, however. Firming up sales & marketing forecasts with sophisticated analytics is smart business. Through analytics you will learn an enormous about your customers and markets and competitors and you will be able to optimize your efforts. Developing an analytics-based compliance infrastructure is no simple or small task. For the many companies operating under diverse data silos, management fiefdoms and incomplete communication loops, the preparation tasks are daunting. Intel believes that the Sarbanes-Oxley compliance costs estimated by the SEC (an extra five resource-hours per month) are off by an order of a “by at least a factor of 100, if not a greater order of magnitude .” To bring down these costs, the ultimate role of analytics will be to bring repeatable, scalable, and reliable data-analytic processes to the compliance process.
Friday, March 13, 2009
Friday, February 27, 2009
How to integrate best-in-class multi-channel marketing programs!
It doesn’t matter who you are or what your marketing experience consists of, multi-channel integration is simple and straightforward. The problem is always the people instituting the program. The one and only time I experienced Edward Deming teaching total quality management, he spent the first hour telling stories about how corporate leadership is near sighted. So let’s begin with that.
If your not a CMO, CFO, or CEO the posting is going to frustrate you or validate your intuition. Fact is, excellence does not bubble up from within organizations unless it the leadership places value on continual improvement by eliciting the employees day-to-day insights. Lets face it, employees are at the tip of the edge in the value chain. Ray Kroc knew the "front-line never lies" and Japanese manufacturers place equal value on the manager and worker. This is the foundation of continual improvement. So if you're in marketing an frustrated out of your mind, mainly because you care, forward this blog to to a manger you trust. However, depending upon how uncomfortable your working circumstance(s) are you may consider forwarding this blog anonymously. Think of it as a virtual suggestion box.
Having said that lets get down to the purpose of this posting.
1. “Quality decisions start in the boardroom” Edwards Deming. Translation, Carpe Diem … I know it means seize the day... for now let's just seize a moment, perhaps this moment, and let’s do something right for the company.
2. Link response to the media plan so as trends can be clearly identified, simply put, analyze how your programs, campaigns, media, offers and creative are performing.
3. Acquire, create, and develop a media plan repository, perhaps something that is web-based, such that internal marketing can collaborate easier and more effectively with external vendor’s e.g. creative agencies, media vendors, service suppliers
4. Identify response touch points thorough a tagging system. It must automatically identify response and the customer touch points that are elicited by a multi-channel program.
5. In truth, have a structured, disciplined measurement system will standardized the organization so there is “ONE version of the truth!”
6. Listen to your agency, media supplier, or channel partner with skepticism! After all, you run the hen house, not the fox.
If you have any question e-mail me at upperquadrant@gmail.com … I would us my corporate e-mail but I am getting too much SPAM as it is.
If your not a CMO, CFO, or CEO the posting is going to frustrate you or validate your intuition. Fact is, excellence does not bubble up from within organizations unless it the leadership places value on continual improvement by eliciting the employees day-to-day insights. Lets face it, employees are at the tip of the edge in the value chain. Ray Kroc knew the "front-line never lies" and Japanese manufacturers place equal value on the manager and worker. This is the foundation of continual improvement. So if you're in marketing an frustrated out of your mind, mainly because you care, forward this blog to to a manger you trust. However, depending upon how uncomfortable your working circumstance(s) are you may consider forwarding this blog anonymously. Think of it as a virtual suggestion box.
Having said that lets get down to the purpose of this posting.
1. “Quality decisions start in the boardroom” Edwards Deming. Translation, Carpe Diem … I know it means seize the day... for now let's just seize a moment, perhaps this moment, and let’s do something right for the company.
2. Link response to the media plan so as trends can be clearly identified, simply put, analyze how your programs, campaigns, media, offers and creative are performing.
3. Acquire, create, and develop a media plan repository, perhaps something that is web-based, such that internal marketing can collaborate easier and more effectively with external vendor’s e.g. creative agencies, media vendors, service suppliers
4. Identify response touch points thorough a tagging system. It must automatically identify response and the customer touch points that are elicited by a multi-channel program.
5. In truth, have a structured, disciplined measurement system will standardized the organization so there is “ONE version of the truth!”
6. Listen to your agency, media supplier, or channel partner with skepticism! After all, you run the hen house, not the fox.
If you have any question e-mail me at upperquadrant@gmail.com … I would us my corporate e-mail but I am getting too much SPAM as it is.
Tuesday, February 17, 2009
Cool Social Marketing Presentation
I participated in this very interesting presentation last week. I wish that everyone who has ever been beat down by the man, which I think at one time or another everyone has, could have watched this presentation. The presenter, who is the author of the book " World Wide Rave" Marketing, worked as a CMO. The story of how he was fired was captivation, because he was fired for be competent, being on the edge, and innovative. Shocker! Check it out.
http://www.HubSpot.com/Archive/World-Wide-Rave-Webinar
http://www.HubSpot.com/Archive/World-Wide-Rave-Webinar
Subscribe to:
Posts (Atom)