You are currently browsing the tag archive for the ‘GRC’ tag.
Longview Solutions has a longstanding presence in the financial performance management (FPM) software market and was rated a Hot vendor in our most recent FPM Value Index. Several years ago it began offering a tax provision and planning application. I think it’s worthwhile to focus on the tax category because it’s less well known than others in finance and is an engine of growth for Longview. We expect larger corporations increasingly to adopt software to manage direct (income) taxes to improve the quality and efficiency of what today in most companies is an inefficient, spreadsheet-driven process.
Longview’s tax offering consists of four main components. Its Tax Data Platform can be the central repository of a corporation’s tax information. I’ve commented on the need to maintain tax data separate from the data that’s used for financial reporting, managerial accounting and performance management. One reason is that tax accounting must be aligned with legal entities, not corporate organizational structures, because direct taxes are levied on legal entities, not corporate divisions or reporting hierarchies. A second is that tax data must be held in an “as was” state, without regard to subsequent corporate actions such as acquisitions and divestitures or management reorganizations. Longview’s Tax Data Collection software consolidates book and tax data from disparate source systems; it is designed to automate and streamline the movement of data and eliminate time-consuming manual work. It can do consolidations in different, parallel paths if dissimilar methods of consolidating tax-related data are required by the statutes of individual taxing authorities. The Tax Provision/Reporting component performs global tax accounting and reporting. And Tax Planning supports a company’s analysis and planning of its taxes.
Software vendors are taking two different approaches to dedicated tax management software. One mostly focuses on the needs of the finance department: It automates and simplifies incorporation of already calculated tax data into the financial consolidation and close process. This is useful for companies that operate in up to a handful of tax jurisdictions and have relatively simple legal entity structures. The other approach addresses the needs of the tax department as well as the rest of the finance organization. Longview’s tax offering falls into the latter category because it provides the functionality and data-handling capabilities that tax departments need to streamline their operations, enhance their ability to manage tax expenses and improve senior executives’ understanding of tax exposures and strategies to deal with them.
Longview’s tax software can replace desktop spreadsheets, which are the most common tool used for direct tax provisioning and planning in companies of all sizes. Spreadsheets are the wrong choice for managing taxes because they are so time-consuming. Tax departments use them to make often complex tax calculations, manage tax data and direct tax processes – these are tasks that dedicated software can handle easily but spreadsheets cannot. They are not well equipped to do these tasks quickly and accurately on a consistent basis. Consequently, facing looming deadlines, tax departments have little if any time left over to analyze and plan tax exposure and tax expense options more broadly and more intelligently. Spreadsheets also do not provide sufficient transparency or forward visibility in a timely fashion in the way that a dedicated system can. Spreadsheets make it difficult for companies to manage their tax risk exposure in a consistent fashion across all business units. They do not give executives sufficient insight into their risk exposure options. Our research on the financial close finds that a majority (53%) of finance executives believe that having better understanding of and deeper insight into their company’s tax positions would enable them to reduce their tax expense.
There are several other reasons why desktop spreadsheets are the wrong choice for handling taxes strategically. One is that tax laws and regulations are so fiendishly complex. For example, some countries have industry-specific statutory reporting requirements (for example, for insurance companies and other financial services). Tax calculations for subsidiaries in one country may not apply to those required for a regional headquarters or the parent company. There may be multiple tax rates applicable to a given legal entity and multiple bases or methods on which to apply each tax rate. Moreover, because book accounting for taxes and actual tax calculations almost always differ in multiple ways, it’s necessary to record and track these differences. Since rules, rates and assumptions will vary from year to year, it becomes necessary to adjust these differences. Desktop spreadsheets lack the dimensionality, data integrity and referential integrity necessary to be able to manage this level of detail easily. Dedicated tax management systems are designed to do it.
One reason why tax departments lag in adopting new tools is that until recently the technology necessary for managing the full range of requirements in direct tax analysis, provisioning and compliance was not mature enough for the organizations that needed it the most. Until recently, corporations that operate in multiple, worldwide jurisdictions with even modestly complex legal entity structures overtaxed the ability of IT systems to support them. However, using dedicated software for direct tax management enhances the efficiency of the tax department, enabling it to become more strategic and contribute to improving the company’s results.
Adopting a more strategic approach to managing direct taxes is an emerging trend in finance organizations, but it’s still at an early stage. Tax compliance is usually the main (and overwhelming) focus of tax departments. Most do this essential work reasonably well, but compliance is a tactical issue. To elevate tax management to a strategic level, tax and finance executives must have greater visibility into tax data and how operational decisions affect tax exposures. For example, finance and tax executives may construct a tax-optimized approach to transfer pricing, but their strategy may not be implemented if the company’s incentive compensation system is not aligned to this strategy. Operating managers in high-tax jurisdictions will try to maximize revenues because that’s what they’re rewarded for, even if it results in higher taxes than are necessary. Using spreadsheets is a significant barrier to tax departments taking a more strategic role in their company. When direct taxes are managed using desktop spreadsheets, there rarely is time for organizations to do much more than basic compliance. There’s usually not time to discover the fundamental disconnects between tax strategy and reality or other, similarly strategic activities such as analyzing and assessing the tax implications of long-term corporate plans.
Indeed, one sign of the tax function’s lack of strategic impact is its invisibility. There is a general lack of understanding of how the tax department functions, even within the finance department. For example, our research discovered that nearly two-thirds of finance executives (and, specifically, 60% of CFOs and controllers) do not know how long it takes their tax department to calculate tax liabilities.
Another reason is the relatively low status of tax departments in their company, which we can gauge through the distribution of titles and relatively low compensation for the highly credentialed individuals in these departments. Those that work in tax also tend to be tight-lipped and reluctant to reveal that their processes are time-consuming and difficult to manage, lest they be viewed as less than competent. The tax department’s invisibility contributes to a lack of focus on direct taxation by senior management, which also diminishes an understanding at that level of the potential benefits of investing in technology. Companies that are most likely to want to improve how they manage their direct taxes appear to be the ones where a senior finance department executive has spent time in tax and therefore has a firsthand appreciation for the challenges.
I’ve commented on the need to make tax more strategic. An increasing number of companies are finding that investing in dedicated software to improve the performance of their tax department is worthwhile. It gives them a deeper understanding of how best to manage what is usually one of their biggest expenses and enables them to make more optimal decisions about taxes. I recommend that all larger companies look into the benefits they can achieve by making their tax department more strategic and that they investigate dedicated software such as Longview’s that can enable them to have such a strategic tax function.
Robert Kugel – SVP Research
The proliferation of chief “something” officer (CxO) titles over the past decades recognizes that there’s value in having a single individual focused on a specific critical problem. A CxO position can be strategic or it can be the ultimate middle management role, with far more responsibilities than authority. Many of those handed such a title find that it’s the latter. This may be because the organization that created the title is unwilling to invest the necessary powers and portfolio of responsibilities to make it strategic – a case of institutional inertia. Or it may be that the individual given the CxO title doesn’t have the skills or temperament to be a “chief” in a strategic sense.
In business, becoming a chief anything means leaving behind most of the hands-on specific skills that made one successful enough to receive the promotion. This is often the hardest requirement, especially for those coming from an administrative or a highly technical part of a business. Take the chief financial officer position. The person who gets that job often was a controller – an individual who must be able to manage the minutiae of a finance organization. Most of the detailed skills required of a great controller are counterproductive for a CFO, who must focus on the big picture, work well with all parts of the business and be the face of the company to bankers and investors. People who can’t leave the details behind are by definition not strategic CFO material. Similarly, the job of the chief information officer ultimately is not about coding, technical knowledge or project management. It’s about understanding and communicating how the most important issues facing the business can be addressed with technology, ensuring that the IT organization understands the needs of the business and delivering value for the money spent on IT.
The same distinction applies to newer C-level titles. For example, since the financial crisis a few years ago, there has been a growing recognition that banks must manage risk more comprehensively. In response, a number of banks have created the position of chief risk officer or, if they already had one, have invested a broader range of responsibilities in that office. Managing risk strategically has gained importance in financial markets as rising capital requirements and increased regulation force banks to structure their asset portfolios and manage their assets more carefully to maximize their return on equity (ROE). In most banks, optimizing risk – getting the highest return at any given level of risk – and managing risk more dynamically over a credit cycle requires a strategic CRO to lead the effort. Even so, in many organizations the office of the CRO doesn’t have the weight it needs to make such a difference. Here are the most important requirements for chief risk officers who want to transform a middle management job into something more strategic.
Approach risk management as if it were a four-dimensional chessboard. Having the proverbial “seat at the table” (a hackneyed business phrase that’s shorthand for being taken seriously by the senior leadership group) means being able to bring something of value to the table. While an appreciation of the overall business and its strategy is necessary as one rises through the ranks, a purely functional position usually doesn’t require an especially deep understanding of the other parts of the business. For a chief risk officer to play more than a titular role, however, he or she must have a solid understanding of all the major operating pieces of the business on both sides of the balance sheet and a knowledge of the industry’s competitive dynamics – three dimensions of the chessboard. This is particularly important because risk is just a constraint, not the sole consideration in decision-making. That is, the role of the CRO is not simply to enforce constraints that minimize risk – it’s about optimizing risk within the context of the corporate strategy. Stiffer capital requirements are a defining characteristic of today’s banking industry, especially in the United States. Optimizing risk is a necessary condition for optimizing return on equity and the long-term success of the bank. Moreover, the role requires thinking ahead several steps and understanding the dynamics of the business – that’s the fourth dimension. A solid grasp of credit and financial market cycles is essential in leading a risk organization. The ability to use past experience to forecast the consequences of even disparate sets of actions makes the risk organization strategic.
Learn another language. Understanding of other parts of the business goes a long way toward being able to work more effectively, and a CRO should be to translate risk jargon into words and concepts that are relevant to specific parts of the business. It works both ways, too. Understanding the objectives, objections and concerns of other executives means being able to grasp the nuances of their questions and comments. It also helps in explaining the thinking behind the trade-offs necessary to optimize a balance sheet to achieve an optimal ROE for the level and structure of the risk. It’s also essential to be able to communicate the essence of risk management to laymen, for example, by distilling the complexities of a black-box risk strategy into an elevator pitch. All risk models are translatable into easy-to-comprehend concepts. A CRO must be able to do this and even develop an institutional shorthand within the organization that everyone understands – the functional equivalent of describing a feature film as “a car-chase buddy movie.”
Assert leadership when it’s needed. Some leaders are born, but everyone else needs to unlearn habits that detract from their effectiveness as a leader. People in risk or compliance roles may have a harder time than others because the basic skills necessary to excel in this area tend to be found in less introspective souls. Those who work in a compliance function can fall into the trap of using “the rules” as a cudgel for wielding power rather than persuading and gaining assent. Joining the senior leadership team, though, transforms the CRO from a simple enforcer to one who works with others to find solutions.
Beyond these three personal and interpersonal requirements, appropriate use of information technology – data and software – is essential to strategic risk management in banks (and other financial services companies). Successfully exploiting the advantages that can be had with advanced IT is fundamental requirement of making the role of a CRO strategic. SuccessfulCROs must weigh the make-or-break information technology issues of mastering data quality and using the right software tools.
Data is the lifeblood of risk management. The credibility of the risk organization is based on accuracy and availability of data. Bad data drives bad decisions and undermines the authority of the risk organization. As data sets proliferate, grow larger and increasingly incorporate external data feeds (not just market data but news and other unstructured data), the challenge increases. The proverbial garbage-in-garbage-out (GIGO) becomes Big GIGO, as I have written. Data quality must be built into all of the systems. Speed in handling data is essential. The pace of transactions in the financial markets and the banking industry continues to increase, and their risk systems must keep up. Our benchmark research shows that financial services has to deal with more sources of data than other industry sectors.
Yet beyond these maxims is the reality that all large financial institutions fall short in their ability to handle data. “You can have your answers fast or you can have them accurate,” is often said in jest, but it reflects the business reality that analyses often are not black-and-white – utterly reliable or completely false. They may have to be based on information that to varying degrees is incomplete, ambiguous, dated or some combination of these three. Adapting to this reality, new tools utilizing advanced analytical techniques can qualify the reliability of a bit of analysis. It’s better to get some assessment and see that it’s 33 percent reliable than to get no answer or – worse – get an answer without qualification. In most cases, it’s better to get an approximate answer now than to wait for an ironclad answer in a day or two. The decision-makers have an idea of the risk they’re taking if they act on the result, or they can take a different approach to look for a way to get an answer that is more reliable.
Software is essential to risk management and optimization. Technology can buy accuracy, speed, visibility and safety. Many banks ought to do more dynamic risk management. Analytical applications using in-memory processing can substantially reduce the time it takes to run even complex models that utilize very large data sets. This not only improves the productivity of risk analysts but it makes scenario analysis and contingency planning more accessible to those outside the risk organization. If you can run a complex, detailed model and immediately get an interactive report (one that enables you to drill back and drill around), you can have a business conversation about its implications and what to do next. If you have to wait hours or days as you might using a spreadsheet, you can’t.
Desktop spreadsheets have their uses, but in risk management the road to hell begins in cell A1. Spreadsheets are the right tool for prototyping and exploratory analysis. They are a poor choice for ongoing risk management modeling and analytics. They are error-prone, lack necessary controls and have limited dimensionality. The dangers of using spreadsheets in managing risk exposure were laid bare by the internal investigation conducted by JP Morgan, which I commented on at the time. There are many alternatives to desktop spreadsheets that are affordable and require limited training. For example, many financial applications for planning and analysis have Excel as their user interface. There are more formal tools, such as a multidimensional spreadsheet, that are relatively easy for risk modelers to use and offer superior performance and control compared to desktop spreadsheets.
Automate and centralize. Information technology delivers speed, efficiency and accuracy when manual tasks are automated. The payoff from automating routine reporting and analytics may seem trivial, but this is usually because people – especially managers – underestimate the amount of time spent as well as the routine errors that creep into manual tasks (especially if they are performed in a desktop spreadsheet). The need for automation and centralization especially applies to regulatory and legal activities, such as affirmations, attestations, signoffs and any other form of documentation. Especially in highly regulated industries such as financial services, there is no strategic value in meeting legal requirements, but there is some in doing so as efficiently as possible and limiting the potential for oversights and errors. Keeping all such documentation in a central repository and eliminating the use of email systems as a transport mechanism and repository for compliance documentation saves time of highly compensated individuals when inevitable audits and investigations occur and limits the possibility that documents cannot be found when needed.
Senior executive sponsorship is also a critical need if the chief risk officer is to be a strategic player. If the CRO has done all of the above, that’s not going to be a problem because the CRO’s objectives and the CEO’s objectives will be largely aligned. True, that’s not always a given. Some organizations will not embrace the notion that managing risk can be strategic. CROs who find themselves in an organization where their aspirations to serve a strategic role are not met should find another one that appreciates the value they can bring to the table.
Robert Kugel – SVP Research