dinsdag 22 februari 2011

C.Y.A.

So first there was Enron...
Well, actually it probably wasn't the first. But Enron did make quite an impression in the financial market! Don't know or don't remember? There's Wise Men out that that can give you a much better picture than I could hope to create here. Just Google "Enron" if you want the juicy details. You will probably find all the details on the demise of Arthur Anderson as well.

Then somewhere along the line there was 9/11...
I'm sure that one needs no introduction. But what needs to be said is that an interesting side effect was that the terrorists responsible were actually financed by legimitate companies through creative structures.

Then there were quite a few more financially interesting adventures by better and lesser known companies alike. Ultimately it was clear that something needed to be done about the control companies had on their clientele and own financial structures.

Ah yes, control! That's a revenue consuming cost generator, isn't it? So if we can avoid it, all the better for business right? I can assure you that there are different ways to argue the point.
Control ultimately translated into the American Sarbanes Oxley legislation, commonly known as SOx. In its wake a new compliance standard is introduced: SAS-70. A tool for auditors to audit companies to confirm the level of control in a company. All too soon SAS-70 becomes a standard in the financial world. Preferably a type II certification which not only indicates that the have the control mechanisms documented, but also that you live by them in day-to-day operations. Auditors love it. But governments must have thought that you can never have enough control, for, just as everyone in the financial world got used to the SAS-70 auditing and certification, the next level of control is introduced: the SSAE-16 and ISAE-3402. The intent of both: Force management to accept (and confirm) control, not just on specific activities and processes that they defined, but on a standard set of processes. Leniency is going out the door, it is time for management to step up!

And so we are at the stage where outsourcing is increasingly popular. Why? C.Y.A.! Figured it out? Cover Your Ass! By outsourcing especially the financial processes, companies can shift from expensive inhouse auditing to extensive questionnaires for the BPO. An easy sign-off by the stock-listed company and an extensive exercise for the BPO. The BPO in the meantime gets stuck with the challenge: respond to the extensive audit questionnaires for each of their clients or get certified for xxAE.

Ah, but I almost forgot: there is not supposed to be a certification path (it was never even intended for SAS-70, that was just born out of convenience and commercial benefit). And so the BPO is forced to go through extensive audits, excuse me, I meant attestations, numerous questionnaires, client reviews, and so on. It will surely be a cost intense (recurring) exercise which the BPO will need to charge to their clients.

Here's a thought: The BPO's could turn it into an additional service to sell to the clients. I even have a suggestion for the name of the service. That's right... C.Y.A.

Disagree with the above? What can I say. I'm no financial guru. I thrive on information and logic. Feel free to challenge my views. Do it right and tomorrow my story may be totally different.

Geen opmerkingen:

Een reactie posten