Editor’s note: Ann Elizabeth Robinson is a partner with Visage Solutions, LLC.

(Note: Part I of the series argued that compliance, if conducted proactively and in the context of Enterprise Risk Management, can lead to increased competitiveness. Part II compared the COSO Internal Control –Integrated Framework (1992) with the newly drafted COSO Enterprise Risk Management Framework (2003). COSO is an acronym for the Committee of the Sponsoring Organizations of the Tread way Commission.)Corporate governance…or the lack thereof…continues to hold the spotlight in the media. Witness the most recent high profile unraveling of the Board of the bastion of American innocence and childhood dreams, the Walt Disney Company. This case sets the context for Part III of the series on how Sarbanes-Oxley compliance solutions can be the springboard for getting into an Enterprise Risk Management (ERM) frame of mind.

Roy E.Disney, nephew of co-founder Walt Disney and son of co-founder, Roy O. Disney, stepped down from the Board of Directors and resigned as Chairman of Walt Disney Animation. Disney was forced out by a Board which Disney claims has become insular and a rubber-stamp for Chairman and CEO Michael Eisner. Disney is dismayed at the decline in the quality of the Disney product, service, and corporate governance, such as rides that do not work in theme parks; rising prices charged for Disney products, Disney movies with more objectionable material, and a lack of guidance at the top to protect Disney assets and the Disney name. Disney’s forced resignation was closely followed by the protest resignation from the Board by Stanley Gold, a key ally of the former Walt Disney Vice Chairman, Roy E. Disney.

The letter of resignation submitted by Stanley Gold criticizes the company for its insularity in corporate governance and called for the resignation of Michael Eisner as Chairman and CEO. He claims that the forced resignation of Roy Disney is an attempt by the Board to “squelch dissent by hiding behind the veil of ‘good governance.’ ” He criticized the Board for rubber stamping decision of senior management, infrequent Board meetings, and for not having serious discussions about “the Company’s flawed plans and management’s unmet projections and unfulfilled promises.

He had specifically asked the Board to concentrate on the Company’s “poor performance, lack of credibility and accountability and poor capital allocation.” He also was dismayed that the Board does not approve the five-year strategic plan…and that the Board had objected to his proposal for a “Diagnostic Review, designed to give the non-management directors the tools necessary to evaluate performance and establish a comprehensive framework and baseline from which the Board could be active partners in developing plans to maximize the value of Disney’s existing assets and businesses.” (from December 1, 2003 Letter from Stanley P. Gold to the Board of Directors of Walt Disney Company, published by PR Newswire).

Muzzling directors?

Gold raised specific examples before concluding: “It is clear to me that this Board is unwilling to tackle the difficult issues I believe this Company continues to face…management failures and accountability for those failures, operational deficiencies, imprudent capital allocations, the cannibalization of certain Company icons for short-term gain, the enormous loss of creative talent over the last years, the absence of succession planning and the lack of strategic focus. Instead, the Board seems determined to devote its time and energies to adopting policies that focus not on substance, but on process, and, in reality, only serve to muzzle and isolate those Directors who recognize that their role is to be active participants in shaping the Company and planning for succession. Further, this Board isolates those Directors who believe that Michael Eisner (when measured by the dismal results over the last 7 years) is not up to the challenge.”

Gold closed by asking that the letter be disclosed and filed as an exhibit to Company Form 8-K.

There are many ways of addressing how compliance solutions can assist a company to engage in enterprise risk management. Primarily, since having an internal control framework is mandated by law, there is an incentive to spend the money to meet the requirements and intent of Sarbanes-Oxley, designed to protect the stakeholders of public companies. From a management point of view, the compliance requirement is an incentive to take a hard look at the strategic direction of a company and to focus operational and financial goals in an integrated, holistic manner.

From an information management point of view, specific enterprise-wide IT solutions become relevant…and may be operationally a prerequisite for being able to be SarbOx compliant. One could also look at each category of components (five within the Internal Control Framework–“ICF”–and eight within the Enterprise Risk Management…”ERM”– Framework) or examine the sets of objectives (three for ICF and four for ERM) in the light of solutions…i.e., applications that implement these frameworks. Some examples are discussed below and will be outlined next week.

Incentive To Allocate Resources: Internal Controls to Risk Management:

Because companies are required to invest time and resources in the creation of an internal control framework and in the disclosure of corporate activities that could affect the value of the company, the priority for such expenditures increases dramatically. Also, the negative consequences of not complying could mean heavy fines or years of jail time for executives, management, board members, and directors involved. Under the COSO Internal Control Framework, risk must be assessed and emerging risks must be monitored in relation to three categories of objectives: operational effectiveness, financial reporting reliability, and compliance.

In Enterprise Risk Management, the monitoring of risk becomes related to the whole enterprise, with the concepts of managing “portfolio risk”; inherent risk (before management decisions and action); and residual risk (after management decisions to avoid, share, reduce, or accept the risk). Therefore, compliance expenditures, if the scope is expanded to include the wider concepts in ERM, become not only a cost but also an investment in the strategic direction of the company…and, if done well, increased future revenue streams.

The Disney case demonstrates the need for an informed and active leadership to guide an enterprise. It also demonstrates that under Sarbanes-Oxley, the Board may need to be more proactive in creating the strategic direction for the company…or lawsuits could ensue.

Visage Solutions are results-focused operation assessment and risk management consultants who offer extensive real-world executive management experience. Visage Solutions offers a suite of services that provide a strategic approach to operations to improve business processes that affect the bottom line. Sarbanes-Oxley related services include OpsAudit and Compliance Process Improvement Services supporting Sections 301, 302, 404, 406, 409, 802 and 806. See www.visagesolutions.com ) for more information and important links.