March 1, 2003

The Cost of Failure

Carefully formulating analytics and business practices can be the best way to avoid financial catastrophe

by Edward S. Robins

Catastrophic financial failure is rarely on the agenda of most organizations, and most managers expect to have plenty of warning before hitting the ropes. That's a dangerous assumption. With the advent of business-critical, enterprisewide IT systems, it might only take one key person to put an organization at risk for failure.

Threats can arise from inside or outside the organization and originate largely from two sources: misleading or poor reporting of an organization's accounting and financial risk exposure, and poor technological safeguards that enable malfeasant or maverick employees to operate beyond corporate control.

Business procedures alone can't guard against such behavior. Furthermore, standard accounting practices are no saviors in detecting oncoming disasters. However, you can mitigate catastrophic failure by incorporating management and risk analytic capabilities during corporate IT system upgrades. For example, you could establish different accounting standards or practices that meet high-, medium-, and low-risk scenarios, which would make managers savvier about the risks of specific decisions and corporate policies.

It's Nothing New

Managers are accustomed to thinking of failure as a process of slow degradation over time — a whittling away of revenue in a bad economy, or from carrying outdated products that aren't selling. Reality suggests otherwise: Business cycles turn faster than businesses can adapt to them, and the recent spate of spectacular corporate bankruptcies due to management misconduct has put managers, investors, governments, and stock exchanges on edge. To name a few cases: Great Britain's Barings Bank was brought down by Nick Leesen, a single maverick trader; the Enron Corp. meltdown was enabled by corporate executive malfeasance apparently in collusion with Arthur Andersen; and Peregrine Systems Inc. is now suing Arthur Andersen for alleged misleading accounting. (Criminal behavior isn't the only means for catastrophic failure; unexpected bank foreclosures kill many small- and medium-sized businesses as well.)

Even with these well-publicized cases, business failure due to criminal behavior is a subject most people prefer to sweep under the rug. It might be high on the talk agenda, but often there's little in the way of action.

Operating within legal accounting regimens, however, is no guarantee of avoiding catastrophic collapse. For example, in the 1980s, savings-and-loan institutions were legally allowed excessively low equity holdings, as well as accounting practices that misrepresented their solvency. (Sound familiar?)

With many corporations and organizations rethinking their accounting and business practices, conservatism is back. But even if the CFO and auditors sign on the bottom line, that doesn't mean the company is healthy — "What if" questions aren't supported in static financial statements. Thus, the CEO and the board are left to explain unexpected failures to their investors.

Few people realize that the Sarbanes-Oxley Act calls for a move from rules-based to principles-based accounting practices. The impact of this shift is still unknown, as the new Auditors' Oversight Board, established under the act, is still developing rules. Thus far, the focus has been on auditor, corporate executive, and board responsibilities. Eventually, the need to achieve "reasonable" accounting quality control and board or audit committee "compliance" may require commoditized, technologically possible risk assessment, forecasting, and fraud and malfeasant behavior detection, which may well have business implications beyond the scope of this article.

Part of the solution may lie in the architecture of IT systems. To cope with the unpredictable, architectures must be adaptive. In other words, if something just hurt you or a similar organization, the ability to clean house quickly is a big advantage. To do that, your business "organism" has to be agile, able to learn, and able to transform knowledge into codified behavior — or what is commonly called governance. If it's willing to think in these terms, your company can protect its integrity as effectively as it protects data. (see Figure 1.)

Governance rules are implemented in many IT enterprise products and custom-coded schema, although more often implicitly than explicitly, and rarely systematically or as a primary concern. Two other classes of rules — operational rules that enable daily business processes, and analytic rules that provide metric feedback, forecasting, and watchdog functions — complete the solution. Dividing the problem this way enables management to ensure implementations are flexible and adaptable. When selecting ERP and business intelligence (BI) systems, however, few managers consider these capabilities. Rather, they get boxed in by vendor perspectives, cost pressures, and functional concerns.

The Ground Rules

Let's outline the ground rules for preventing financial disasters. The goal is to reduce the likelihood of being caught unprepared and to mitigate the impact of unexpected events. The side effects should be flexibility for change, better corporate management, and more honest, transparent business processes that maintain personal initiative and individuality.

Separate rules from business processes. The first step is to identify and expose rules that enable your business to function and divide them up appropriately. For example, buyers can be prevented from making unauthorized purchases by a simple governance rule. Conversely, more complex rules can give flexibility to buyers while maintaining a limit on discretionary purchasing.

All rules should evolve as business needs change, but governance must always be present. Rules are maintained in a database, allowing authorized managers or analysts to change them as part of the natural course of managing processes. Rules-engine technologies that support this approach are available and can be integrated with existing ERP, BI, and other systems.

Another critical governance concept is risk management. For example, HR is rarely capable of estimating the business risk of option plans and executive compensation. Option plans may need to be taken into the realm of the what-if so that potential risks can be weighed against the demands of the current hiring environment. To do so, fairly sophisticated decision-support tools may be required.

Educate managers and investors about risk. Many boards are selecting CEOs with CFO backgrounds. Unfortunately, this approach may guarantee that risk estimates are put in financial terms, which will miss the point if not viewed through different accounting lenses with uncertainty added to the mix. Analytic systems for managing uncertainty exist, but they are complex and counterintuitive. Modal schemas, such as conservative, moderate, and risky accounting scenarios, should be considered to help users make sense of their results.

• News
• Business Intelligence
• Enterprise Applications
• Information Management
• Performance Management
• Process Management
• White Papers

• About Us
• Advertising Contacts
• Technology Marketing Solutions
• Blogosphere
• Intelligent Enterprise Print Archive
• Newsletters
• Contact Us
• Events
• Awards
• PR Info
• Authors
• TechWebCasts
• Database Magazine Print Archive
• Site Map

• Privacy
• Terms of Service
• Copyright © 2009 United Business Media LLC