Final_Corporate_Compliance_Project

RUNNING HEAD: Corporate Compliance Report Corporate Compliance Report: Tyco International Karen M. Baker University of Phoenix MBA/560 Enterprise Risk Erikka Hise September 28, 2009 Corporate Compliance Report Today’s publicly-owned businesses have more rules and regulations than ever to follow. Terms including SOX, corporate governance, and enterprise risk management should be part of a company’s regular vocabulary. When employed correctly, these processes can assist the company with managing internal controls and assessing risks to remain viable among competitors and their respective markets. This paper outlines some research of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-section organization, and its guidance to executives in critical areas of the business. The paper provides a brief history of Tyco International and issues the organization faced, followed by some resources Tyco can employ to manage risks. The paper continues by differentiating between types of controls, and finally, recommends a solution melding risk management with governance. The Company Company Background Tyco International started back in 1960 mainly as a research laboratory, and incorporated as Tyco Laboratories in 1962 (Tyco, n.d.), focusing on high-tech materials and energy products. In 1964, the company went public. Shortly thereafter, Tyco began a series of acquisitions to broaden their scope and distribution network. Tyco’s focus diverted to the manufacturing of industrial products (Tyco, n.d.). Former CEO Dennis Kozlowski formed a tight inner circle with his executive staff that helped themselves to company money in the form of loans for personal use. There was no presidential role and internal audits remained sequestered. The Securities and Exchange Commission (SEC) was investigating the company’s financial statements and accounting practices (Economist, 2003). Tyco’s acquisitions did more than expand their product lines. Questionable actions surface in many areas; Kozlowski’s contract even contained a clause allowing him to retain his position if convicted of a felony. Findings/results for Tyco In 2002, Edward Breen assumed the role of CEO and Chairman, including all the issues facing the company at that time. First, Tyco had no central procurement function, but purchased billions in raw materials each year (Economist, 2003). Second, Tyco also had no company-wide IT strategy and multiple headquarters. Third, internal audits uncovered altered financial reports, specifically with executive loans and improper placement of acquisition funds, resulting a show of profit rather than losses (Tyco, n.d.). Evidence of wrongdoing was contained within the core executive group. The company wound up defending and adjusting five years’ worth of financial reporting from Kozlowski’s administration. Former president Kozlowski was indicted for tax evasion, resulting in numerous fines, penalties, and thread of imprisonment. The company’s reputation was adversely affected by all these activities, with a long road to recovery ahead. Types of Controls Three types of controls are used by a company in risk management and governance plans. The intention of a preventive control is to reduce the potential or the magnitude of future risk. Tyco must also identify risks that will damage the company’s overall position and goals, along with its objectives. The more automated and preventive the controls, the higher the level of assurance provided for Tyco’s stakeholders. In addition, detective controls are those that unmask an existing problem within the organization. Finally, corrective controls are just what they sound like, designed to correct and control a situation to return the company to a positive position. After reaching that point, Tyco must reexamine preventive controls to avoid future issues. Managing Enterprise Risk COSO Framework In order for Tyco to recover and devise/execute good Enterprise Risk Management (ERM), it would help to have standards and processes. In the 1990s, the Committee of Sponsor Organization of the Treadway Commission (COSO) established a framework that contained five major components (Knowledge, 2003) including: • Control environment – includes integrity and ethical values, commitment to competence, board of directors and audit committee, management’s operating style, organizational structure, assignment of authority and responsibility, and HR policies/procedures. • Risk assessment – includes company objectives, process-level objectives, risk identification and management, and managing change. • Control Activities – including policies and procedures, security, application change management, business continuity, and outsourcing. • Information and communication – including quality and effectiveness of communication. • Monitoring – including on-going activities, separate evaluations, and reporting differences. Risk, governance, ERM Tyco must take risks as a part of doing business. These uncertainties can result in positive or negative results. But without risk, there is no reward (Sobel, 2004). Governance factors in when Tyco’s board decides on direction, authority, and oversight of management. ERM comes into play when Tyco’s management must decide and manage those risks. Each of these topics is interdependent but often perceived with mixed meanings by each party. Tyco’s board must assume certain responsibilities, as must senior management, as must auditors. The Solution Because shareholders and other parties have increased expectations of Tyco, the company must begin mapping a solution to regain confidence and return to profitability if it is to survive. That solution includes assigning responsibilities and accountability of appropriate parties to verify completion. A detailed communication plan must also be mapped out to communicate expectations and relay progress. Finally, Tyco must integrate the processes of corporate governance/compliance with ERM, relative to the risks the company might take to capitalize on opportunities, mitigating those risks against the benefits to protect the company’s prosperity and reputation. Responsible party Tyco must assign responsibilities to individual to carry out a proposed solution. Those parties include a combination of Tyco management, who shall be responsible for establishing the strategic plan and maintaining a controlled environment. Another party includes operating personnel who shall be responsible for effecting internal controls. Internal auditors shall assume advisory or consultant roles, should be responsible for evaluating the controls currently in place to ensure they are functioning as they were intended. Tyco’s board of directors must provide direction, authority, and other insights to senior management. The board must evaluate executive compensation and performance targets to ensure they are aligned with Tyco’s new company strategies (Sobel, 2004), still maximizing shareholder value. In turn, senior management must provide the primary direction for ERM. Tyco’s management will take ownership of ERM, and hire a Chief Risk Officer as a point person to oversee and coordinate the processes (Sobel, 2004). Senior Management must also delegate proper authority to appropriate Tyco personnel, and mitigate risks to process owners. Management has a fiduciary responsibility to report results to the board. Risk owners at Tyco should assign certain aspects of risks to other personnel, and should report back in to senior management. Auditors – both internal and external – need to provide Tyco with objective assessments to both senior management and the board on the effectiveness of current procedures, controls, and other processes. Communication Another part of the solution for Tyco is the company to decide who should communicate what and to whom. As the COSO framework dictates (COSO, 2003), ERM is a process affected by all parties that must include Tyco’s board, management, and other employees. Tyco’s goal must be to communicate information relative to the company risks and what efforts are underway to minimize or erase those risks. Tyco must examine their internal environment, set objectives, identify/mitigate risks, control their activities, and monitor their progress, changing as the situation dictates. Control responsibilities should be communicated to employees who give details on the scope and time frame that allow those employees to carry out their duties (COSO, n.d.). Internal and external auditors, along with risk owners at Tyco should evaluate all processes (ERM, corporate governance, risk) and should report information upstream as to their findings. Tyco’s accountants and outside accounting firm should verify financial statements and report any findings to correct any internal controls to avoid falsification or misleading information. Tyco’s new compliance and ERM programs should be written, outlined, and conveyed to all levels of employees. Tyco’s human resource department should conduct training sessions to answer any questions or issues raised by employees. Integration and alignment Tyco must effectively integrate and align corporate governance with ERM. The company must examine other companies such as Enron, WorldCom and others, looking at how the scandals and corruption have damaged their position and confidence on Wall Street and with other stakeholders. Melding these elements means all levels of management, auditors, and risk owners must work interdependently with each other (Sobel, 2004). Tyco must follow the COSO framework, rating its internal controls using systematic analysis and documented supported. The company must examine their auditing methodologies and bring them into alignment with COSO standards. Regular audit schedules will be set and followed, with a timeline for items needing correction or attention. Tyco must institute a corporate governance program that encompasses all levels of management and employees, including distinct segregation of duties for collective decision-making (Chew, 2004, p. 37). Transparency is essential in today’s business environment, so Tyco must incorporate their plan onto their web site, outline the structure of their board, ethical expectations, and their financial filings. Tyco should ensure these beliefs are reflected in their executive compensation plans as well as their position on the environment given the prompting from shareholders on that topic (Tyco, n.d.). A detailed cross-functional records retention program must also be put in place to support their position. These measures should produce positive reactions from stakeholders, provided Tyco executes as promised. Tyco should also engage their stakeholders as an integral part of the corporate governance process. Soliciting and listening to the ideas and thoughts of employees, customers and shareholders can help increase confidence and commitment to help recapture Tyco’s reputation. Tyco must also be ready to take a stance on issues important to their stakeholders such as the environment, employee safety, diversity and other issues, hiring appropriate management members that will abide by such standards, helping take the company to the next level. Tyco must ensure that reporting structures are in line to separate the span of control, segregating duties where necessary. Board members should exhibit a diverse background so as to keep self-interest at a minimum, with company objective interest above all else. Tyco must employ a good record retention program that can assist with any inquiries or concerns directed toward processes or decisions. Operations must be conducted at the highest ethical level, including relationships with customers or suppliers. Proper due diligence must be done to ensure a proper marriage of standards and protection of confidential information and trade secrets. Tyco must ensure complete compliance with the Sarbanes-Oxley Act (2002), but must employ the appropriate controls commensurate with changing the company’s culture to permeate through all levels of employees. Training sessions and process disciplines must be in place to hold all parties accountable for their actions, with the freedom for anyone to raise concerns if any of Tyco’s actions raise concern. Tyco should institute a hotline for employees or other parties to voice anonymously concerns that could warrant investigation, to avoid future problems. Conclusion COSO standards and concepts are clearly defined, but will be applied by companies in different ways, based on their past situations, market, and corporate environment, among other factors. As described in the paper, Tyco faced several issues stemming from a myriad of areas, with each posing a risk to the company. Tyco must consider preventive, detective, and corrective controls to assess their current situations, and to begin mapping a solution. By closely examining the COSO framework, Tyco can implement a solution that integrates SOX, corporate governance, and enterprise risk management. The solution is a good starting place, but one requiring continuous improvement to satisfy stakeholders and provide a good return on investment for their shareholders. References Chew-Gillan. (2004). Governance at the crossroads, a book of readings. New York: McGraw-Hill. Economist (June 12, 2003). Clean Breen: face value. Retrieved September 25, 2009 from http://www.economist.com/business Knowledge Leader (August 8, 2003). COSO Framework Description. Retrieved September 25, 2009 from www.knowledgeleader.com Sobel, P.J. and Reding, K.F. (2004). Aligning corporate governance with enterprise risk management. Management Accounting quarterly, 5(Winter 2004), Retrieved September 25, 2009 from http://connection.ebscohost.com Tyco (n.d.). Tyco taking corporate governance reforms seriously. Retrieved September 10, 2009 from http://www.ethicalcorpor.com