Edge: What do you see as the key trend in terms of how companies are dealing with this issue of compliance?
Brewer: I have seen a shift from ‘Let’s get Deloitte,’ or Let’s get KPMG,’ or ‘Let’s get everybody who can help,’ to the focus now being put on the chief information officer, which is interesting, because so far they have been left in the dark. CFOs and CEOs had been signing on the dotted line to have outside assurances that everything is in place and now they are turning to the CIO.
Edge: What was the essence of the problem at Enron?
Brewer: Clearly the issue that brought down Enron was in large part because they did not have the systems in place. Actually, they had fabulous IT systems in place, they just did not have the systems in place that could not be corrupted.
Edge: What IT systems were in place at Enron?
Brewer: They used SAP, but what became the focus of their corruption was an integrated system that they had created and had been three years in the making. Enron had done some very large trades, and really got caught with their pants down, so to speak, in that they did not have the risk management systems in place to make sure the deals were legitimate. That’s the best way to say it. They decided to undertake inhouse development of a solution that went from point of trade to point of settlement and to physical delivery of commodity. And it would be integrated, presumably, because the fewer hands that touch any deal or any transaction, the less chance there is for the information, or the integrity of the data to be corrupted.
Edge: Was it a case of incompetence combined with corruption?
Brewer: Oh, no. It was not incompetence. It was definitely dishonesty. What they did was to look at the shortcomings of the system, the traders, the other people in the organization and those needing to do these trades instantaneously and in real-time. They began to select parties they knew could get the deal through, and worried about fixing (problems) later.
Edge: Where are most organizations at in terms of having the right systems in place?
Brewer: The fact of the matter is you have a large majority of companies still using a spreadsheet to manage their business and to do things it was not intended to do. They are managing a business rather than intelligently understanding predictively what the outcome is likely to be. If you know there are trading violations going on, and you don’t change the system to make sure that those trading violations can’t happen, you’re just allowing it to happen.
Edge: So what should you be using? There are a number of risk management tools out there and software that checks for compliance.
Brewer: If you look at the disparate tools that are out there, you have people using Word, Lotus Notes and Excel. I think we need to move to a solution that is more integrated. You have the finance department using one set of software, you have traders using a different solution, and you have other people using ERP. In many cases, none of these systems talk to each other. If they do, the data doesn’t necessarily come out with the same integrity. Lastly, what we are seeing, and this is the biggest frustration of board members, they are getting the information too late, and in a manner that they can’t even begin to tell what the data says.
Edge: That would be a challenge everywhere, keeping clean data.
Brewer: It is. In today’s world, you are going to be guilty until proven innocent. If you knew there was a weakness in the system, then wouldn’t you want to fix it? I watched the systems at Enron from a legal perspective and what it was that they needed to capture to reduce our risk relative to these contracts and to all the off-the-balance-sheet. That’s often times what happens in large, particularly global, organizations where you have people in India using one solution and another group using another environment. In Enron’s world, we spent an exorbitant amount of money building these businesses up and we didn’t even know whether they were going to be profitable.
Edge: If you are a CIO, where do you start? This sounds like a very daunting task?
Brewer: Absolutely. The CIO and the CTO are really in the forefront. They are being forced to expand the systems that they have already. You would not believe how many corporations are using ERP systems for compliance. In many cases, they have spent a lot of money on SAP but we’re not here to drive a Volkswagen on the Autobahn.
Edge: Are you optimistic?
Brewer: I am optimistic because I know companies are working on it. I know companies want to do the right thing, I do feel incredible empathy for CIOs and CFOs. Half the CFOs feel pressure to cook the books and the reason is they don’t have sufficient systems and they don’t have efficient operations. Give these guys a break. How does a CIO, or CMO, or a CTO operate under this sort of pressure cooker where it’s ‘Get me the information, and get it to me now.’ Then it becomes ‘I’ll just grab a number out of the sky.’
Edge: Is it possible for CIOs to delegate this responsiblity to somebody else, or possibly look to an outside partner?
Brewer: The thing for CIOs is that the call they don’t want to get from a CEO or a CFO is: ‘Why the hell didn’t I know this.’ That’s my concern for these guys. Their role is to make sure they have this information. And unfortunately, there are a lot of companies trying to use systems outside what they are intended for, and that’s what’s creating the risk. In Enron’s world, the systems were not talking to each other. I think most companies operate pretty much the same and we do not operate our businesses with a forward-looking perspective. Every company has the potential to be an Enron.
