Editor: Please tell our readers about your respective practice areas.
Mulhare: Our Financial Services group does audits, tax work and consulting work for a variety of middle-market as well as large insurance companies and banks.
Blaustein: The Amper Litigation Support and Business Valuation group deals in all sorts of litigation - partnership disputes, estate disputes, etc. and we do business valuations for various transactions - mergers and acquisitions, shareholder and partnership disputes and for estate tax purposes. The group has approximately 50 people.
Editor: Why has Enterprise Risk Management (ERM) become a subject of paramount interest to your clients?
Mulhare: Clearly what has happened in these last few weeks has heightened everybody's interest in risk management. One could ask: how could this happen if firms, both financial and non-financial, claim to have some kind of risk management processes in place? What it comes down to is this: what is true risk management? Many business people are going to say they had something in place that didn't work.
Editor: Do you feel there are some enterprises that slipped through the net that did not have it in place?
Mulhare: In the financial services industry, the rating agencies were pressing businesses in terms of most of their operations, and insurance companies for all of their operations, to have a system of risk management in place. However, there were those in all these situations who chose to override the system and take on more risk. The New York Times carried an interesting article about the pressure from shareholders, Congress and the mortgage industry on Fannie Mae and Freddie Mac to expand the number of mortgages they were securing. The CEO of one of the agencies pointed out that even though red flags were going up and colleagues were urging the agencies to charge more for the mortgages or cautioning that the mortgages did not fit the models for financeable paper, he had to make the business decision to acquire dubious paper.
Blaustein: Part of the problem in expanding the risk that was associated with some of the mortgages that were acquired was whether that risk was fairly valued and was truthfully disclosed on company financial statements. There is conjecture that the risk itself was not properly taken into account when the financial statements quantified the value of these assets under fair value measurement. Value deals with two elements: the definition is easy; the application is more difficult. Value is basically what future economic value or benefits can one anticipate receiving from this asset in the future. Once the economic benefits are quantified, what am I willing to pay for it? The economic benefits and their price all deal with risk, and the whole concept of value deals with risk. Where mortgages are in a declining, in almost a free-fall situation, there is no adequate measure of the risk involved, and that's what you're hearing in the media now under the rubric, "mark-to-market" accounting.
Editor: Today's mark-to-market relates to a current sale in the market as opposed to holding to maturity, and as long as you have the mark-to-market type of accounting, as the market goes down, the security goes down.
Blaustein: The problem we're having now is while you generally look to the market to establish a guideline for the value of your particular asset in any one of several approaches to value, when you have a market that is falling and is in chaos, the "market value" of the comparable assets in a forced liquidation or a distressed sale doesn't create the market for valuation of assets on any particular balance sheet, and that's the problem with the mark-to-market.
Editor: Maybe you can provide our readers with some background on ERMs starting with the Treadway Report and Sarbanes-Oxley.
Mulhare: ERM in the 1990s focused on financial controls, but ERM today is much broader, including such areas as reputational and environmental risk. Treadway, COSO and Sarbanes-Oxley reporting are certainly embedded within ERM but this is a relatively small portion. Many distressed firms will say they were Sarbanes-Oxley compliant, but did they know they had that additional risk.
Again, you have to look at all facets of a business, making certain you understand the full inventory of risks. Certainly in financial services, financial managers should evaluate how much capital they have put at risk for any one of the financial products they undertake. In the future managers will understand they need more sophisticated models. Also, two things will have to change: one, stronger controls will be needed to prevent any management overrides, and second, boards of directors will need a better understanding of what the risk model is - then impose a discipline preventing management from overriding the very controls that are there to protect the enterprise.
Editor: There are instruments today such as credit default swaps that do not come within the purview of any regulations.
Mulhare: As of today. While my background is in insurance, it is incomprehensible that there is a product that effectively is insurance, but does not require the insurer to have the cash on hand to back up the guarantee provided to another party. I expect that we shall see a tremendous amount of regulation, and products such as credit swaps will be controlled in some way.
Editor: Do you foresee that other forms of derivatives will have to be regulated to a greater degree than they have been?
Mulhare: Wall Street is made up of a very smart group of people, and there will be other products appearing that no one ever contemplated. How do you draft regulatory guidelines that are broad enough, first, not to stifle this type of initiative but at the same time create more control than we have had in the past?
One safeguard is making sure management has the self discipline to live by the risk management program they have set up; another is for management to truly understand the risks of the products the company is assuming. One of the fascinating things that will happen is the unraveling of all the credit default swaps related to Lehman Brothers, which will provide a real-life example of how these swaps were used. Both companies and regulators should agree on modeling a structure that can prevent this from occurring again - from the companies' standpoint a means of controlling and understanding their risks, from a regulatory standpoint a means of regulating the risks that facilitates the market's use of these products.
Blaustein: I think you will see more valuation specialists offering their services outside these companies. The responsible companies will to some extent outsource valuations of some of these financial instruments - because of the risk and because of the complexity of doing the valuations.
Editor: Because so many counter-party agreements have not been disclosed, would you suggest they be disclosed in the future?
Mulhare: If enterprises are counting on these agreements to stay in business or prevent a loss, they should be disclosed and regulated.
Editor: Why have SOX, the Revised Sentencing Guidelines and other mechanisms been working fairly well with industrial companies but not with the financial community?
Blaustein: There are so many different financial products in the market that it is difficult to monitor valuations for financial reporting purposes whereas it is much easier to value the assets of industrial companies. There are not as many fluctuations in price and there are markets available to do comparisons with. The financial community has created such a world for itself that it becomes extremely difficult to monitor.
Editor: What new guidelines would you propose that would provide greater controls for the financial community?
Mulhare: In the case of credit default swaps, there should be a means of measurement such as setting up a clearinghouse along with a reporting system on exactly the number and amounts of swaps outstanding - a way for companies to measure the amount of risk that someone might be unable to deliver on the swaps and what benefits would accrue to the parties.
Editor: Are you suggesting that greater regulation is in store for all of us as well as perhaps more professional management?
Blaustein: That's true, and you should see more fixing of responsibility within the companies in establishing values for financial products.
Mulhare: There has to be a careful look at the rating agencies and their role in this debacle. The perception is that they might have rated products in the mortgage-backed area differently were it not for their being beholden to the securities' issuers.
Editor: What role does employee education play in bringing about greater compliance?
Mulhare: Going back to Sarbanes, an important part of Sarbanes was "tone at the top" - making sure employees know that doing the right thing is important, and providing a safe channel to report if they see any kind of fraud or concern about management misreporting. If employees see there are things that are defeating the risk-management system, they have to know they have a safe place to report it.
Editor: What is the role of the independent auditor and the inside auditor in Enterprise Risk Management?
Mulhare: I think the external auditors have so much on their plates, I don't know if you'd want to expand what they do in that area. I do think it's a tremendous opportunity for internal auditors to get more involved with the operational side of a company and take on some of the responsibility of monitoring the risk-management process.
Blaustein: In the light of some of these financial instruments or material assets held in these companies I would recommend that a chief financial evaluation officer, someone whose work will be reviewed separately by the outside accountants before it can be included in the financial statements, might be a worthwhile addition so that at least there is oversight and an independent review before any of this goes public.
Published November 1, 2008.