01 November 2007

Red Flags: The Oracle of Omaha...

What do you do when you see a "Red Flag"? This was the question posed to Directors in a recent poll by Corporate Board Member Magazine in the November/December 2007 issue. C. Warren Neel the Executive Director of the Corporate Governance Center, at the University of Tennessee could not have answered this any better:

I don't want to see it; I want to "hear" the red flag before I see it. I want to hear about it before it happens. And I don't want to just know it happened, I want a diagnostic as to why it happened. I want a postmortem. What led us down that track? How did it start? Was it personnel-based? Process-based? Because of a malfunctioning system? Did we have the wrong strategy? Or what?


Welcome to the world of Operational Risk Management Mr. Neel. These are the scenarios that are played out on a continuous basis in the midst of the daily humming of business throughout the organization. These Ops Risk professionals are testing, exercising, stressing, and "Thinking of the Unthinkable" everyday so you do hear it before it happens. It may not be weeks, or even days. It could be hours or minutes. And then what will the Board of Directors do next?

This is perhaps one of the largest worries these professionals have. They don't know you, the Board or the steps you might or may not take once you get the warning, the news or the prediction. As the Board of Directors it's imperative that you learn all you can about who the Operational Risk experts are in the enterprise and to know them personally. Otherwise, how are you ever going to have an early warning system that you can trust and gets you the answers sooner than later?

What you need is an extension to the "Whistleblower" mechanism that tracks potential ethics violations and other wrong doing of corporate policy. It's a risk management method integrated with your current fraud management systems and combined with the ongoing behavioral analysis of "High" risk employees. Without this early warning process and supporting system in place the Board is forever doomed to be on the "reactive" end of the spectrum, continuously wondering how to respond to an incident that has already occurred.

How did Warren Buffet get the "Red Flag" on Freddie Mac even years before their implosion with senior management?

The charges against Brendsel were filed three years ago by the Office of Federal Housing Enterprise Oversight, which regulates Freddie Mac and its larger government-sponsored sibling Fannie Mae. OFHEO, which blames the accounting scandal on management misconduct is seeking damages and penalties against Brendsel totaling nearly $1 billion, including $24 million in severance benefits and stock awards.

Buffett said he was uncomfortable, among other things, about an investment by Freddie Mac that was unrelated to its business as the nation's second-largest financer of home mortgages.

"I follow the old dictum: There's never just one cockroach in the kitchen," Buffett said.

Details of his testimony were reported in Wednesday's editions of The Washington Post. They were confirmed by people familiar with the proceeding, speaking on condition of anonymity because they weren't authorized to speak about the case publicly.

Regardless of the outcome of this proceeding, the point could be made that the board had a huge "Red Flag" that Warren was selling his stake in the company. Predictions are based upon a number of factors and there must have been many pieces of information that added up to "somethings not right" at Freddie Mac. Today, there are ten positions open at Freddie Mac for operational risk related jobs and here is what they are seeking:

Position is part of a team supporting Operations as an operational risk management partner. Significant time will be spent as the face of the Audit Liaison function. Engages with the business areas to fully understand the operational process in order to coach and support the group in identifying and assessing operational risk and designing appropriate controls to mitigate the risk. Provides subject matter expertise on operational risk management systems and Freddie Mac operational processes.

Ensures all operational risk deliverables are completed within established timeframes with a high level of quality especially the mitigation of outstanding major/critical issues and monitoring of status on all outstanding issues. Deliverables include Operational Breakdown and Loss Event Reporting, Risk and Control Self-Assessments, SOX Assessments, Internal and External Audit Responses. Also supports Quality Assurance testing of SOX Key Controls and Root Cause Analysis.

  • Skills/Knowledge needed:
  • Indepth knowledge of operational risk management and controls with minimum 2 years experience.
  • Knowledge of key principals of auditing.
  • Knowledge of key principals of mortgage operations.
  • Knowledge of financial industry operations and/or accounting is preferred.
  • Ability to work independently with strong organizational skills to meet frequent deadlines.
  • Strong interpersonal skills with ability to build working relationships.
  • Flexibility and ability to multitask.
  • Strong analytical skills.
One might wonder why they are looking for someone with in depth knowledge of operational risk management (ORM) with only two years of experience. Sadly, this is because the organization relied for too many years on their financial auditors and their armies of freshly minted MBA's from some of the best business schools in the nation. However, the main reason is that the science of ORM is new compared to other disciplines in the accounting profession.

As organizations evolve their ORM departments and combine the attributes of fraud management, systems testing, continuity of operations, records management and employee behavioral analysis the Board of Directors will have a better opportunity to predict "Red Flags". They will ultimately become more preemptive in their actions and follow through to protect the shareholders assets. Until that happens, keep your eyes and ears on the "Oracle of Omaha"...

No comments:

Post a Comment