When It Comes to Risk-based Auditing, Don’t Let the Tail Wag the Dog
February 16, 2015Contributing Your Voice to Internal Auditing’s Body of Knowledge
March 2, 2015A recent report in the Wall Street Journal once again brings into sharp relief just how the repercussions of a crisis can play out. The Feb. 17 article, “U.S. Regulators Revive Work on Incentive-pay Rules” (subscription required) outlines how regulators are considering “clawback” provisions in compensation packages for certain employees of Wall Street firms. The idea is to require organizations to structure compensation so that executives would have to return bonuses if they are found to have committed an egregious error or fraud during their tenure.
The 2008 financial crisis had a significant impact on internal audit’s scope of work and influence. Indeed, the 2010 U.S. Dodd-Frank Wall Street Reform and Consumer Protection Act continues to impact internal audit plans across multiple industries. Now we have the potential for additional fallout as federal regulators consider rules to curb compensation packages that might encourage excessive risk-taking.
According to the Journal article, a number of financial institutions modified their compensation packages in the wake of the nation’s financial meltdown. Some voluntarily defer bonuses over a number of years and some, including at least one major bank, have recouped money from executives who engaged in misconduct. The article goes on to say that investors now are pushing for disclosure when “clawback” policies are applied.
From my experience, regulation is typically the byproduct of failure. Regulators gain entry into areas such as executive compensation when management, boards, and (even) internal auditors fail to carry out their responsibilities effectively. You rarely have a situation in which a new regulation is proposed and adopted when there isn’t at least the perception of failure along the way.
In this case, the road to regulation was paved, in part, by executive compensation models that, either by design or happenstance, focused on the short term. It should seem obvious that, if compensation is based on what gets done only in the here and now, then longer-term consequences are not always a factor in risk-taking or decision-making processes.
Failure to effectively manage can lead to new regulations that, in turn, create additional compliance burdens for organizations — in this case, banks, broker-dealers, investment advisers, and other financial institutions.
There are other considerations, as well. When clawback provisions are triggered, they don’t just damage the credibility of the executives involved. They also have the potential of impacting morale within the organization and making it very difficult for the company to recover with the current set of executives still in place. There’s fallout even if the clawback involves former executives, because you then have current executives wondering if they, too, will eventually have to surrender bonuses.
So where does internal audit fall in all this? This is such an important area that The IIA has published a Practice Guide for its members on Auditing Executive Compensation and Benefits. As the Practice Guide notes, “Internal auditors have an important role in providing assurance that appropriate and effective controls are in place around executive compensation and benefits (ECB) programs.” The Practice Guide explores several risks that executive compensation and benefits present to companies, including employment market risks, compliance risks, financial reporting risks, reputation risks, and operating risks.
The Practice Guide is an excellent resource for internal auditors who may be wading into the potentially treacherous waters of executive compensation audits for the first time. The Practice Guide includes discussion of an ECB audit approach, audit considerations, and some valuable guidance on developing a program for an ECB audit. The Practice Guide acknowledges that ECB is a “sensitive” area for internal audit coverage. It also notes that, while there may be obstacles to obtaining information for an ECB audit, “internal audit needs to proceed in accordance with its charter.”
Auditing ECB may create an awkward situation for internal auditors who suddenly find themselves evaluating how their administrative bosses are paid. Understandably, some may be reluctant to point out when a compensation package is not structured in the best interest of the organization. But these situations afford internal auditors the opportunity to show true leadership. It is our obligation to say what has to be said, and we must be courageous in meeting those obligations.
I’d like to hear your views and about your experiences on executive compensation.
I welcome your comments via LinkedIn or Twitter (@rfchambers).