CFOs: Risk Magnets

New certification and internal control requirements are heaping new hazards on finance chiefs.

A few weeks before every quarterly close, John Adamovich receives 225 representation letters from 75 reporting locations in 30 countries. The letters come to Adamovich, the CFO of Pall Corp., from three sources: in-country general managers and controllers, operations committee members that have oversight responsibilities, and group controllers. In some cases, the letters are three or four pages long.

J.D. Edwards & Co. CFO Rick Allen collects about 75 rep letters from his managers every quarter, while John Hendrix, the finance chief at the smaller Cornell Companies Inc., reviews the same kind of upstream certifications from eight managers on a quarterly basis.

The flood of letters vouches for the validity of material financial and non-financial information bubbling up from each company’s far-flung operations. Getting such testimonials became imperative after July 30, 2002. On that day, Pres. Bush signed into law the sweeping Sarbanes-Oxley Act, which was intended to restore public confidence in corporate accounting. Toward that, Sarbox requires executives, among other things, to certify financial statements (Sections 302 and 906) and verify that internal control systems are adequate (Section 404).

Whether the wide-ranging provisions of Sarbanes-Oxley actually keep corporate corruption in check remains to be seen. In a recent poll of finance executives conducted by Parson Consulting, only 6 percent of the respondents said they thought the law would curb accounting abuses.

The burdensome requirements spelled out in the law may curb CFOs’ enthusiasm for their jobs, however. One headhunter recounts a job-hunting finance chief who told him, “[Since Sarbox], being a CFO just isn’t as much fun anymore.”

Adamovich, Allen, and Hendrix, for instance, all say they’ve started requesting upstream certification of data to satisfy sections of the new legislation — an onerous task. And all are looking hard to see if their internal controls pass regulatory muster. “There are no if, ands, or buts,” notes Adamovich. “We have to comply with Sec. 404, and in the short term, that’s our main focus.”

Anything less would be short-sighted. A slew of experts, including lawyers, risk managers, auditors, and finance chiefs all say CFOs are clearly charged with managing the law’s daunting mandates — and the attendant risks that come with it. “[Sarbanes-Oxley] increases some risks for CFOs, at least for those who take their job seriously,” notes Allen of J.D. Edwards. “But risks have always been there.”

Maybe so. But these days, all roads seem to lead to CFOs. Indeed, in the Parson survey, 58 percent of the executives polled said they expect the company finance chief to bear the primary responsibility for overseeing the entire compliance effort. And with that responsibility comes liability — a lot of it. “CFO are in a more precarious position [since Sarbox was passed],” insists John Challenger, of outplacement firm Challenger, Gray & Christmas Inc. “They are in the direct line of fire, and can wind up as a scapegoat.”

The scope of Sarbanes-Oxley alone should worry CFOs. As John Tonsick, managing director at risk consultancy Citigate Global Intelligence and Security, points out: “What CFOs are now being asked to certify is very broad.”

Discuss

Your email address will not be published. Required fields are marked *