As much as senior executives hate to deal with new legislation such as Bill C-198 in Ontario and Sarbanes-Oxley in the U.S. — or with the compliance issue as a whole — they also really need to focus on what benefits can come from putting their business under scrutiny, says Lynn Brewer, the
high-profile whistleblower who helped expose Enron five years ago.
These days Brewer, author of Confessions of an Enron Executive and CEO of the Integrity Institute, is traveling the world spreading the message that good ethics translates into good business.
She has turned her sights on how companies can leverage their IT systems not only keep their business clean but help to avoid risk and prepare for the future. CIOs, she says, have a newfound importance because they have a critical role to play in this process.
ITBusiness.ca: What do you see as the key trend in terms of how companies are dealing with this issue of compliance?
Lynn Brewer: I have seen a shift from “Let’s get Deloitte,” or “Let’s get KPMG,” or “Let’s get everybody who can help,” to the focus now being put on the chief information officer, which is interesting, because so far they have been left in the dark. CFOs and CEOs had been signing on the dotted line to have outside assurances that everything is in place. Now they are turning to the CIO.
But clearly the issue that brought down Enron, was in large part, because they did not have the systems in place. Actually, they had fabulous IT systems in place, they just did not have the systems in place that could not be corrupted.
ITB: What IT systems were in place at Enron?
LB: They used SAP, but what became the focus of their corruption was an integrated system that they had created and had been three years in the making. Enron had done some very large trades, and really got caught with their pants down, so to speak, in that they did not have the risk management systems in place to make sure the deals were legitimate. That’s the best way to say it.
They decided to undertake in-house development of a solution that went from point of trade, to point of settlement and to physical delivery of commodity. And it would be integrated, presumably, because the less hands that touch any deal or any transaction, the less chance there is for the information, or the integrity of the data to be corrupted.
ITB: Was it a case of incompetence combined with corruption?
LB: Oh, no, no, no, no, no. It was not incompetence. It was definitely dishonesty. Because what they did was to look at the shortcomings of the system, the traders, the other people in the organization and those needing to do these trades instantaneously and in real-time. They then began to select parties they knew could get the deal through, and worried about fixing (any problems) later.
ITB: How could have this gone on for so long? Presumably you have must have been looked at by external auditors and who knows who else.
LB: We had GAP reports done every day. In the first six months of 2000, there were 264 trading violations, and yet not a single trader was fired, even though they exceeded trading limits previously established by the system.
Unfortunately, that’s part of the problem. It’s interesting you are interviewing me today because the Supreme Court has actually overturned the conviction against Arthur Andersen. It will be interesting to see what the outcome of that is. But ultimately, the fact of the matter is Arthur Andersen was not doing just our internal audit but also the external audit. They were getting paid $52 million to look the other way. You had employees throughout the organization getting stock options. Every day Enron stock goes up by one dollar, I make $2,000 in stock options. If it goes up by $15, I’m making $30,000 in one day. So you have enough people getting paid huge sums of money, they will overlook what is going on, or the pressure comes from above to get the deal done. You are only as good as your last deal. Ultimately, you get a lot of people who are willing to bend the system.
ITB: Where are most organization at in terms of having the right systems in place?
LB: The fact of the matter is you have a large majority of companies still using spreadsheets to manage their business and to do things they were not intended to do. They are managing a business rather than intelligently understanding predictively what the outcome is likely to be. If you know there are trading violations going on, and you don’t change the system to make sure that those trading violations can’t happen, you’re just allowing it to happen.
ITB: So what should you be using? There are a number of risk management tools out there and software that checks for compliance.
LB: If you look at the disparate tools that are out there, you have people using Word, using Lotus Notes and using Excel. I think we need to move to a solution that is more integrated. You have the finance department using one set of software, you have traders using a different solution, and you have other people using ERP. In many cases, none of these systems talk to each other. If they do, the data doesn’t necessarily come out with the same integrity. Lastly, what we are seeing — and this is the biggest frustration of board members — they are getting the information too late, and in a manner that they can’t even begin to tell what the data says.
If you looked at the Enron 2000 Letter to Shareholders, the CEO says the company has a hit a record $1.3 billion in income. But if you look at the audited financials, it only said $978 million. There was no footnote, no explanation, and so you know you have these multiple versions of the truth.
ITB: That would be a challenge everywhere, keeping clean data.
LB: It is. In today’s world, you are going to be guilty until proven innocent. If you knew there was a weakness in the system, then wouldn’t you want to fix it? I watched the systems at Enron from a legal perspective and what it was that they needed to capture to reduce our risk relative to these contracts and to all the off-the-balance-sheet partnerships. The other dramatic example at Enron is our trading platform called Enron Online which was a Web-based closed system. Everybody said it was open but it was closed, I could see both sides of the deal. In that world, you have people corrupting the system. How do you create an entire business unit with no budgetary considerations and a CFO willing to pull his financial magic out of the hat? That’s often times what happens in large, particularly global, organizations where you have people in India using one solution and another group using another environment.
In Enron’s world, we spent an exorbitant amount of money building these businesses up and we didn’t even know whether they are going to be profitable.
ITB: So, in other words, it goes way beyond compliance, and it’s about finding better ways to run your business?
LB: What has gotten us into this situation is that we have spent most of our lives getting to the end of the quarter and saying “How did we do?” or, getting to three days before the end of the quarter, trying to run these numbers and then saying “What do we need to do make sure we hit our numbers?” And that’s what creates risk for companies. In Enron’s world, the systems were not talking to each other. There was one meeting (we had) — all in one hour over a conference call — where we decided to weigh a code of conduct so the CFO could do these off-the-balance-sheet partnerships, a discussion of whether or not we split our stock, a talk about executive compensation pay and a decision about whether to build a power plant in India. I think most companies operate pretty much the same and we do not operate our businesses with a forward-looking perspective.
ITB: So given this, if you are a CIO, where do you start, this sounds like a very daunting task.
LB: Absolutely. The CIO and the CTO are really in the forefront. They are being forced to expand the systems that they have already. You would not believe how many corporations are using ERP system for compliance. In many cases, they have spent a lot of money on SAP but we’re not here to drive a Volkswagen on the Autobahn.
ITB: Are you optimistic?
LB: I am optimistic, because I know companies are working on it. I know companies want to do the right thing, I do feel incredible empathy for CIOs and CFOs. Half the CFOs feel pressure to cook the books and the reason is they don’t have sufficient systems and they don’t have efficient operations. Like, give these guys a break. How does a CIO, or CMO, or a CTO operate under this sort of pressure cooker where it’s, “Get me the information, and get it to me now.” Well, then it becomes, “I’ll just grab a number out of the sky.” It really is that they are operating at a disadvantage because the pressure is coming from external sources.
ITB: Is there a plan of action or road map that CIOs can follow?
LB: Number one is to make sure that the systems actually talk to one another. That’s absolutely critical. Secondly, that you can get this information real-time. It’s just a real-time world. Thirdly, make sure your data can be understood by everybody. Lastly, ensure the integrity of the data is there.
ITB: Have things at least gotten better since the days of Enron?
LB: Probably the most frightening statistic is this. Between 2000 and 2001, the year Enron imploded, the Securities Exchange Commission (SEC) in the U.S. received about 6,400 whistle-blowing reports among the 10,000 or so publicly traded companies. In 2004, it’s 45,000 that come up even if you take out 75 per cent because they won’t have all the facts or the investigation may not go further. Remember, when you report to the SEC, you are reporting financial frauds and securities frauds that are clearly driven by systems. It means the SEC is receiving more whistle-blower reports which clearly puts companies at risk. The thing for CIOs is that the call they don’t want to get from a CEO or a CFO is: “Why the hell didn’t I know this.’ That’s my concern for these guys. Their role is to make sure they have this information. And unfortunately, there are a lot of companies trying to use systems outside what they are intended for, and that’s what’s creating the risk. Every company has the potential to be an Enron.