Editor’s note: Glenn Conway is a partner with Visage Solutions, LLC. “Managing Risk” is a regular feature in Local Tech Wire.Over the last few years, the number and type of C-level executives has expanded from the traditional CEO, CFO, COO and CIO to include CAO’s (Chief Accounting Officers), CKO’s, CTO’s ,CRO’s, CDO’s, CEthO’s, and other CxO’s (Knowledge, Technology, Regulatory, Disclosure, Ethics and ‘other’, respectively).

Sarbanes-Oxley compliance may also drive the need for another C-level role, one that should be seriously considered for 2004-2006 and maybe beyond. That role is the CPO, the Chief Process Officer. Companies with adequate financial resources should consider appointing a full time CPO, whereas small and mid-cap companies might consider outsourcing a part-time CPO. Here is why.

Financial Reporting and Disclosure Processes will change in 2004 with enforcement of SarbOx §404, §409 and other rulemakings.

Corporate disclosures are driven by processes. This includes processes that identify, catalog, and evaluate disclosure-drivers or events, which result in additional processes (preparation and issuance of disclosures). Financial reporting processes (a subset of disclosure processes) involve a myriad of transaction, estimation and reconciliation processes. For example, closing the books, preparing adjusting entries and estimates, and assembling the financials are all processes. The Internal Audit Department, Internal Legal, Outside Legal and Public Audit functions all perform one or more processes on or with the financial and disclosure information. In summary, everything connected with §302, §404, §409 and Financial Statement preparation depends on the timely, consistent execution of dozens or hundreds of processes. And in 2004 and 2005 most public companies will have to change or modify a number of these core processes — either to survive or to satisfy ‘compliance’ needs. This will place a premium on timely and astute resolution of process conflicts.

Who judges or evaluates whether or not all of the core business processes are effective, efficient, well-integrated and enforced? Moreover, who has accountability and authority to cut across organizational and departmental boundaries to resolve inconsistencies and process conflicts to meet organizational, filing and compliance deadlines? That is, who has the authority besides the CEO and CFO?

When I/T general controls are added to the mix, there may be dozens or hundreds of critical processes in the I/T arena that must be coordinated with other operational areas. This creates an integration requirement that is not usually managed by the traditional CIO or chief I/T officer.

The PCAOB is changing the game even further, driving the need for effective, fast change-management.

The mix will get more confusing before it clears up. Over the last 90 days the PCAOB (Public Company Accounting Oversight Board) has enacted several new rules for Public Auditors, and is currently changing the requirements for Financial Statement audits. This includes audit documentation standards that will alter the scope of Public Auditor work associated with Financial Statement audits. The PCAOB has proposed implementing the audit documentation standards to be effective 6/15/04, concurrent with the first §404 Management Assessment requirements. Other rulemakings have already been enacted, subject only to SEC final approval. So — not only must public companies deal with §404 audits for the first time, but their financial statement audits will change as well.

(See www.pcaobus.org/pcaob_rulemaking.asp for more information, specifically dockets 005, 008, 010, and 012.)

No longer will audits be performed according to ‘industry standards,’ GAAP and GAAS. Instead, they will be performed subject to the ‘Standards of the PCAOB,’ which will incorporate GAAP, GAAS. and new, PCAOB-defined criteria. As Public Auditors come to grips with their new obligations, they will necessarily impose additional time, information, and support requirements on their clients. If client companies don’t anticipate and pre-plan for the new audit rules, they will see much wasted time and effort within their own ranks as their public auditors do their audit work. Not only will audit fees escalate, but corporate audit support expense will escalate as well.

Existing Process Improvement Initiatives may have to be restrained or curtailed.

Now consider ongoing business improvement programs. With the requirements for Internal Control improvements, and the need to more readily support financial and control audits in 2004, existing Process improvement programs (Baldridge, Six-Sigma, ISO-9000, etc.) must be re-evaluated. This is because business process streamlining and process-optimization programs necessarily involve changes to existing business processes in the interest of time and/or production-cost efficiencies. But production efficiency improvements that cause financial and disclosure control deficiencies or gaps will invite §404 control attestation problems.

The Soup gets even murkier.

Finally, throw in M&A activities, integration of new I/T infrastructures, outsourcing, downsizing, and countless other business challenges, and the result is an extremely dynamic business management challenge. Who manages and focuses on coordinating all of this change?

What is needed is a “process sheriff” to establish and maintain order, or at least maintain effective communication and prioritization of process changes and modifications to support all of the changes going on. The Chief Process Officer (CPO) would be tasked with monitoring pulse-points and issues across the business process universe within the company, with the mandate and charge to coordinate and prioritize remedial action and focus as the problems unfold. He/she would report to the CEO and interact with the Public Auditor, Internal Audit, CFO, CEO, COO, CIO, and Division Presidents to characterize and localize the greatest process and business risks, and focus attention on resolving the process problems. He or she could also be empowered to suspend certain BPI programs that endanger §404 attests before they go too far.

What is needed is a multi-dimensional Process Guru who can communicate, coordinate and articulate to help integrate business processes. What is needed is a CPO.

Visage Solutions are results-focused operations, financial process and risk management consultants who offer extensive real-world business and executive management experience. Visage Solutions offers a suite of services that provide a strategic approach to operations to improve business processes that affect the bottom line. Sarbanes-Oxley related services include OpsAudit• and SingleVUE Compliance Process Improvement Services supporting Sections 301, 302, 404, 406, 409, 802 and 806.

Visage Solutions: www.visagesolutions.com