Performance Management: Accuracy and Risk


The Financial Executives Research Foundation, in partnership with Workiva, is working on a research project focusing on the trends, opportunities and challenges private and public companies face in enhancing performance management.

In this video, FERF speaks with Joseph Howell, Executive Vice President, Strategic Initiatives at Workiva, about data accuracy as well as integrating risk and performance management. A transcript appears under the video.

FERF: How do you verify the accuracy of your data?

Joseph Howell: When you're building a control environment, you need to have a framework to understand that control, and to understand what you should be looking for. The framework of choice has been the COSO 2013 framework, and that’s actually been a very powerful tool to be able to step back and to address not just your financial reporting controls, but the other controls of the business including directing non-financial measures such as sustainability reporting.

The thing that is important here to understand is that to be able to provide the kind of reliable information that you need for sustainability reporting or any kind of performance reporting, is this need to have controls, to have a framework, to measure or understand the controls to see how well that they're working. But it's also very important to be able to have an ability to step back and to understand, honestly, where could that go wrong?

FERF: Are we seeing more interest in real-time performance management?

Howell: The traditional month-end accounting close and reporting cycle is simply inadequate for most instances, so you need to have things that are reported much more frequently that are usable, measurable, repeatable, and understandable. Part of the issue that people need to address is the fact that you think you understand a measure and you don't. You think you know what's in there, and what's in there is something that’s fundamentally different from what you understood.

Sometimes that can even be more frequently than a week depending on what it is you're trying to measure, the ability of control you have over it and your ability to use the information without becoming overloaded or insensitive to it.

FERF: Do compliance needs influence performance management systems?

Howell: The regulatory changes that we face now are probably in several different categories. There's the category of regulations most people think of as regulations, such as Dodd-Frank and Sarbanes-Oxley and 404. There is uncertainty about where those might be going, but where we know they are today is that there is still pressure for internal control, and the SEC and the Department of Justice continue to put pressure on executives as individuals for the risks of the company noting that, that, companies don't commit crimes, people do. Companies don't have massive failures, people do. And so, they're looking to the individual executives to step up and take personal responsibility.

The other area, broadly thinking about regulations, could be accounting standards and reporting standards, and we are seeing some significant changes. The new revenue recognition standard, now frequently called, by accountants at least, 606 for Topic 606, is the biggest change in accounting standards in many generations. And some have said it’s probably the biggest change in accounting that we will see in our careers.

That’s followed by the changes in the new lease standard. There are a number of companies that have, at least with respect to revenue recognition standard, stepped back and taken a look and said, "We don't think that that's going to be material to us." They're looking simply at their external financial statements, not all of the issues that they need to address to make sure that their processes, their people, and their technologies are aligned to address the new way of generating that answer.

They might be quite correct that you're getting the same answer, but you're not getting it in the same way. And you need to revise your processes and make sure your people are trained, and that your technology and your systems are designed properly for this new requirement.

FERF: Do companies face controls-related system risks?

Howell: The thing that's true about risks is that when you step back and you do a risk assessment, most people doing their own risk assessments are more likely than not to dismiss things as being so improbable that, that we're not going to consider that.

But on the other hand, what they often do, is that they put too much energy behind things that are, they say might be more probable but if they did go wrong, would not be very serious. So, we end up with lots of controls over things like payroll, and fewer controls over areas that where you could have some devastating consequences.

The risk is that, then, that many of those controls are either not necessary or done at an overkill so you end up with over-controlled environments where the risks are still not being addressed because they haven't really addressed where they need to put their energy through a proper risk assessment.