Honestly Lay Bare: November 2009

Wednesday, November 25, 2009

Slippery Slide

The more laws, the less justice.

Today, Honestly Lay Bare takes a stroll down the path where the worlds of criminal conduct and professional performance intersect.

However this time it is not a hindsight review of some dastardly crook or the analysis of yet another internal control failing that has caught our eye.

It is the arrest last Saturday of Mr VS Prabhakar Gupta

Mr Gupta was formerly head of Internal Audit at Satyam Computers.

Many will be aware that 2009 has not treated Satyam Computers well.

On 7 January 2009, company Chairman Ramalinga Raju resigned after notifying board members and the Securities and Exchange Board of India that Satyam's accounts had been falsified.

Raju confessed that Satyam's balance sheet of 30 September 2008 contained:

inflated figures for cash and bank balances of US$1.04 billion.

an accrued interest of US$77.46 million which was non-existent.

an understated liability of US$253.38 million on account of funds was arranged by himself.

an overstated debtors' position of US$ 100.94 million).

Raju claimed in his confessional letter to the Exchange that neither he nor the managing director had benefited financially from the inflated revenues. He claimed that none of the board members had any knowledge of the situation in which the company was placed.

**

The Sunday Economic Times of India (proof again that we at Honestly Lay Bare read widely!) reported on Sunday that the Indian Central Bureau of Investigation (CBI) arrested Mr Gupta with breach of trust, forgery, cheating (lucky the French football team isn't under Indian jurisdiction!) and fabrication of accounts.

In the confessional letter mentioned above, the founder had said that Prabhakar Gupta, among few other senior executives were ‘unaware of the real situation as against the books of the accounts.’

Now - for the avoidance of doubt - we have absolutely no idea whether Mr Gupta did what the CBI is saying that he did.

What we do have an opinion on is what was included in the claims against Mr Gupta:

The CBI has contended that despite being aware of the irregularities and heading the internal audit team, he did not inform to the audit committee

These 25 words surely must be some of the most intimidating words ever written about the profession and practice of internal audit.

Go back and have a read of it and think of the words' implications.

As part of the allegation against Mr Gupta the CBI has lifted not only the corporate veil but some would say (well at least us!) that they have exposed all future Indian Chiefs of Audit to a dangerous precedent.

Mr Gupta is being charged for exercising his professional judgement as to what should or should not be reported to an Audit Committee.

If Mr Gupta is guilty of fabrication (and remember that we are not saying that he is ... this is a 'what if') of course he is not going to tell the Audit Committee about the deliberate inaccuracies (and to be honest we here at Honestly Lay Bare dont really have much of an entry for this week!).

If, however, Mr Gupta was ignorant of fabrications or did not consider any irregularities to be sufficiently material to be reported, he is facing jail time for doing what all Heads of Audit do before every Audit Committee.

Should Heads of Audit be above the law?

Of course not.

But should Heads of Audit be held to a standard that criminalises the exercising of their professional judgement.

If you think so we have started down a slippery slide that will be ultimately fatal to the profession we hold dear.

Wednesday, November 18, 2009

What a Town of 66,910 Residents Can Teach The World of Risk, Controls and Governance

The beggar is the only person in the universe not obliged to study appearance.

Framingham is a town in Middlesex County, Massachusetts, United States first settled in 1647.

As of the 2,000 census 66,910 residents called it home.

It is also home to one of the most comprehensive studies ever undertaken.

The Framingham Heart Study is an ongoing cardiovascular study based in Framingham.

The study began in 1948 with 5,209 adult subjects from Framingham, and is now on its third generation of participants.

Prior to it almost nothing was known about "the epidemiology of hypertensive or arteriosclerotic cardiovascular disease. Much of the now-common knowledge concerning heart disease, such as the effects of diet, exercise and common medications such as aspirin, is based on this longitudinal study.

Reading about it got Honestly Lay Bare thinking - why is that the practices of risk management, corporate governance and internal audit not undertake longitudinal studies?

Would there be any benefit if these disciplines did?

Firstly - what is a longitudinal study?

A longitudinal study is a correlational research study that involves repeated observations of the same items over long periods of time — often many decades. It is a type of observational study.

Longitudinal studies are often used in psychology to study developmental trends across the life span, and in sociology to study life events throughout lifetimes or generations.

Longitudinal studies allow social scientists to distinguish short from long-term phenomena, such as poverty.

If the poverty rate is 10% at a point in time, this may mean that 10% of the population are always poor, or that the whole population experiences poverty for 10% of the time. It is not possible to conclude which of these possibilities is the case using one-off cross-sectional studies.

Why then - given the benefits that longitudinal studies bring to the subjects being examined - has there not been a serious attempt to apply such rigour to the analysis of an organisation's internal control and corporate goverance environment?

We hold true (although many times it turns out to be anything but) that organisations are perpetual beasts.

This being the case then surely they represent a great study ... but yet for some reason the articulation of risk, controls and governance tends to be in the current environment.

What are the risks that face the organisation today our studies ask (whether they be short or long term is beside the point).

Not - what has the history of this organisation said about what risks are likely to manifest themselves and how they are likely to be handled by the organisation.

The doubters amongst you (as we are sure there are!) will say that a study of people is different to a study of organisations and that may be the case.

The even stronger doubters (you know who you are!) will say that an organisation changes over time so the review of the history of risks is not necessarily an indicator of what is happening now and what is likely to happen in the future.

Once again - a valid comment.

But for the fact that we don't actually know if those rebuttals are accurate.

There has never been a serious longitudinal study in the area of risk, governance and controls.

Now is the time to start.

Wednesday, November 11, 2009

Train Wreck

Education: That which discloses to the wise and disguises from the foolish their lack of understanding

Here at Honestly Lay Bare we like to think that we bring you the very best in the world of internal controls, internal audit, risk management and corporate governance.

Once in a while we come across something that really makes us think.

Recently we were reading the Irish Sunday Business Post (we read widely!) about how weak controls may cost Iarnród Eireann - or in English, Irish Rail, the national railway system operator for Ireland.

Have a read of part of the article first ...

A consultants report into procurement controls at the state rail company, Iarnród Eireann, has estimated the risk of losses arising from weak internal controls at up to €5 million yearly.

The evaluation of procurement practices at Iarnród Eireann by consultants Baker Tilly described the potential impact in relation to the financial risks as ‘‘super critical’’.

Fine Gael senator Paschal Donohoe, a member of the Joint Oireachtas Committee on Transport, which examined the report last week said Baker Tilly had clearly identified the probability of the risk as ‘‘almost certain’’.

The report put the financial risk to Iarnród Eireann of non-compliance or collusion in the region of 7. 5 per cent to 10 per cent of the €40 to €50 million spend every year. This amounted to a risk of up to €5 million yearly. ‘‘It will be a bit rich for Iarnród Eireann to come looking for a fare increase in the context of this waste," he said.

As Honestly Lay Bare read - and re read - the article it struck us that this article represents the greatest failing of modern day risk management.

How so you ask?

We as professionals interested in the proper practice and execution of risk management have lost the battle as to how our outputs are used by people less passionate or, dare we say, less educated.

It is as if a doctor has decided that he will only do the operation and forget about the post surgergy consulation; it is as if the engineer has built the building but never checked to see whether it was safe to enter.

Go back and have a read ... OK ... perhaps don't ... just keep reading here and we will explain.

What disturbed us the most was the definitive tone of the article and the conclusions it drew from a report which - by its very nature - is an interpretation rather than a categoric statement of the underlying facts.

Let's break it down (we sound too much like MC Hammer for our own liking there!):

estimated the risk of losses arising from weak internal controls at up to €5 million yearly.

This is where those risk management matrices really fall down. Someone has read the consultant's report and seen that one of the bands says up to €5 million and jumped on that without cross referencing it to the probability of that event occuring.

Also this statement implies that weak internal controls is a singular beast - rather than a complex interrelated structure of events where even one operating well may prevent the loss of any money.

And this is one of our pet hates of these types of articles ... there is no mention of that risk that is all encompassing yet nearly impossible to measure. Reputational risk.

Perhaps the consultant's report didnt consider a state owned railway operator to have a reputation worthy of measuring. We will never know.

The evaluation of procurement practices described the potential impact in relation to the financial risks as ‘‘super critical’’.

Aaah the next thing that we love.

The adjective ridden importance label. Note the procurement practices are SUPER critical. Not critical as in this patient is in a critical condition - a universally recognised term to mean that the person is hovering at St Peter's door.

Equally the article fails to give full balance to the other risks relating to the procurement practices.

For argument's sake, what would happen if we managed all the procurement practice financial risks but we purchased rolling stock of such poor quality that the health and safety of Irish Rail's staff and customers was at risk everytime a train pulled out of the depot.

It had particular concern over the payments made for ‘‘higher volume, lower value’’ transactions made routinely by Iarnród Eireann, where the annual spend is in the region of €40 million to €50 million per annum in the divisions under review.

You would HOPE that a consultant assessing the risks of an organisation would have concerns over transactions in the region of €40 million to €50 million per annum!

Once again the article fails to acknowledge that reviews of this nature - BY THEIR VERY NATURE (sorry for the screaming!) - should focus on areas of big spend.

Fine Gael senator Paschal Donohoe, said Baker Tilly had clearly identified the probability of the risk as ‘‘almost certain’’.

For Paschal's sake we are glad that the probability was CLEARLY IDENTIFIED. Of course, it was clearly identified ... that is what word processors (and indeed typewriters and anything else back to Gutenburg) do! The clearly identify things that the author wants the reader to notice.

What is missing here is that we actually don't know what the risk is that is almost certain (another adjective ridden label ... but we won't go there). Is it the risk that all of the procurement spend is at risk. If that is the case - this is enormous.

But ... somehow ... we don't think that that is the case.

Aaah don't you just love this ... the article assumes that non-compliance and collusion is the same risk.

Actually last time we checked ... it isnt!

You can educate people around non-compliance but the malicious aspects of collusion are very difficult to identify and measure.

‘‘It will be a bit rich for Iarnród Eireann to come looking for a fare increase in the context of this waste," he said.

And this is our favourite - the report is talking about risks that have not happened.

Yet a politician has extrapolated a hypothetical situation into reality and argued against a fare rise that would otherwise fund the correction of the many deficiencies that the report has highlighted.

So ... what does all this prove?

In this one article we can see the very heart of the issue with risk management advice - it is, like beauty, in the eye of the beholder.

Until such time as there are universally agreed measurements that will always be its curse.

And articles such as this will continue to be written.

Wednesday, November 4, 2009

What Raj Knew

Integrity is telling myself the trust. And honesty is telling the truth to other people.

Here at Honestly Lay Bare Central we love nothing better than a story about an executive that has got to big for their boots ... thought that they were above it all and that laws and rules only applied to other people.

So when a Honestly Lay Bare subscriber and friend (to date not a mutually exclusive categorisation!) brought our attention to a meeting that they had a couple of years ago with a person with an 'entitlement complex' ... someone that thought that they were above it all ... we couldnt resist digging further.

Then we found out that 'entitlement complex' fellow was associated with the Galleon Group ... a now notorious company which was until this month one of the largest hedge funds in the world.

**

A galleon was a large, multi-decked sailing ship used primarily by the nations of Europe from the 16th to 18th centuries. Whether used for war or commerce, they were generally armed with the demi-culverin type of cannon.

They were used in both military and trade applications, most famously in the Spanish treasure fleet, and the Manila Galleons. In fact, galleons were so versatile that a single vessel may have been refitted for wartime and peacetime roles several times during its lifespan.

It was after these magestic ships that the Galleon Group was named.

Now before we go on ... what follows is being contested by the named persons at Galleon Group (Our lawyers told us to say that!).

Galleon Group founder Raj Rajaratnam; Danielle Chiesi and Mark Kurland of hedge-fund firm New Castle Partners; and executives at IBM, Intel Corp. and McKinsey & Co. were arrested earlier this month on charges they were part of a network that trafficked in private, market-moving information about upcoming earnings reports and acquisitions.

Rajaratnam is alleged to have made roughly $20 million in profit from trading on insider information about companies including Akamai Technologies Inc., Google Inc., Hilton Hotels and Polycom Inc.

Federal prosecutors used wiretaps over a period of roughly two years to track the activities and conversations of Rajaratnam, Chiesi, Kurland and others. The official techniques employed in this case have been used successfully against the Mafia and drug cartels, but prosecutors plan to rely on them more to track down insider trading and other white-collar crime.

Chiesi spent a lot of time wooing company executives to get information, which she shared with Rajaratnam and Kurland, according to federal charges filed against her earlier this month.

On July 24, 2008, Chiesi called Rajaratnam and told him she was talking to an unidentified Akamai executive "about the family" and how "you're the only person in the family that helps me," the charges allege.

Chiesi then told Rajaratnam the Akamai executive had told her the company was going to "guide down a lot" when it reported quarterly results the following Wednesday. The executive also told her that the company's stock could fall as low as $25.

Rajaratnam said he would be "radio silent" and told Chiesi to keep shorting Akamai shares, which she allegedly did on behalf of New Castle.

After the stock market closed on July 30, Akamai released results and said it expected earnings per share for the following quarter to be below analysts' expectations. The stock opened the next day down roughly 20% at $25.06.

Rajaratnam called Chiesi to thank her for the information. New Castle unwound its negative bets on Akamai the next day, making a $2.4 million profit, according to federal prosecutors.

In September, Kurland told Chiesi to contact the Akamai executive again. She said it was a "scary thing to do."

"Call him ... let him talk," Kurland replied, according to federal prosecutors.

A week later, the Akamai executive called Chiesi and suggested that Akamai didn't drop its earnings guidance far enough when it reported quarterly results in July. Chiesi then advised the executive to buy shares of chip maker Advance Micro Devices Inc. (AMD), based on insider information prosecutors say she got from Robert Moffat, a senior executive at IBM.

Chiesi and Rajaratnam also talked about the value of her contact at IBM. They discussed the possibility of him moving to another company.

"Put him in some company where we can trade well," Rajaratnam allegedly said.

Chiesi also suggested Moffat would be more valuable if he stayed at IBM. "This guy is giving me more information. ... I'd like to keep him at IBM right now because that's a very powerful place for him. For us, too."

"Only if he becomes CEO," Rajaratnam replied.

Moffat ended up proving his worth in early 2009, prosecutors claim.

In January, Moffat was among nine IBM executives doing due diligence on Sun Microsystems Inc. because IBM was considering buying the company. Prosecutors say Moffat told Chiesi that Sun would beat quarterly expectations before the company's results came out.

"The only way ... he would know is because I know they were doing due diligence," Chiesi told a cooperating witness in the government's case. "The only reason my guy would know that is because it's his deal. Like, he's in bed with them."

A day later, on Jan. 27, Sun reported quarterly revenue that topped analysts' forecasts. New Castle made a profit of more than $900,000 as Sun's shares rallied after the report, prosecutors say.

Chiesi also asked Rajaratnam for advice on making sure her trading didn't catch the attention of regulators. She was worried that if AMD shares rose a lot, her large purchases of stock might attract attention.

"I think you should buy and sell, buy and sell," Rajaratnam said, according to federal prosecutors.

Rajaratnam emphasized the importance of being quiet and boasted about his access to information on other companies. "On Akamai or IBM, anything, be radio silent," he said. "Like, you know, I get shit on lots of companies."

Putting aside the joys of listening in on someone else's phone conversations ... we bring this case to your attention because it is 100 years since the concept of insider trading was formalised in the United States judicial system.

In 1909, the Supreme Court in Strong v. Repide gave impetus to the trend allowing recovery by plaintiffs where inside information was abused.

Strong v. Repide was an insider trading case arising from the sale of stock in the Philippine Sugar Estates Development Company to one of the directors of the company. The defendant, while negotiating the purchase of the plaintiff's stock, was simultaneously negotiating the sale of the corporate land assets to the Philippine government.

The defendant took extraordinary efforts to conceal the information about the negotiations. As a result, the purchaser was able to obtain the stock from the stockholder for about one-tenth of its actual value.

In a decision written by Justice Peckham, the Supreme Court held that under the particular facts of the case, "the law would indeed be impotent if the sale could not be set aside or the defendant case in damages for his fraud.

This "special facts or special circumstances" rule meant that although directors generally had no duty to disclose material facts when trading with shareholders a duty might arise where there were special circumstances, such as concealment of the defendant-purchaser's identity (the corporate officer had used an agent go-between to avoid detection of his actions by the seller here) and a failure to disclose significant facts that materially affected the price of the stock.

100 years on there is still insider trading.

For as long as there is profit to be made by knowing information that others dont know, Honestly Lay Bare is confident that it will always be there!

Honestly Lay Bare