From time to time bodies like the Financial Reporting Council and Committee of Sponsoring Organizations of the Treadway Commission post draft documents and invite comments from anyone who is interested. Sometimes I have important points and information so I send a response.
One issue that tends to come up a lot is that they produce documents that insist on Risk Listing and only Risk Listing. In this situation my comments usually point out what they have done and argue that they should write something that is more open and so allows people to use other approaches, provided they are sensible and designed to achieve the same ends. Although most of these organizations also say that managing risk as an integral part of management is a good idea, or even essential, they don't yet understand how to write about that, nor do they understand that Risk Listing does not accomplish it.
Here are some of my consultation responses:
Document or topic
Securities and Exchange Commission
Proposed Rule on Managementís Report on Internal Control Over Financial Reporting (2007)
The regulations missed the point of the act, which was to assess controls effectiveness. Instead of doing that it was assessing the design of controls and the operation of individual controls. A focus on the results was needed.
The phrase 'risk appetite' should not be used because it is misleading and in the general population there are several alternative ideas about what it means. Moreover, it is easy to use plainer, more immediately meaningful terminology. They did!
PAIB committee of the International Federation of Accountants
Predictive Business Analytics: Forward-Looking Measures to Improve Business Performance (in 2011)
The scope of the document should be reduced to book-keeping, financial reporting, and related audit, the only topics on which the authors are qualified to write. This would reduce the importance of the poor advice in the document.
The proposed changes requiring more disclosure of auditor's materiality numbers would not help users, but other techniques would. Three alternatives were suggested, with strong links to Confidence Accounting.
The document has some good intentions and moves in helpful directions. However, it prescribes Risk Listing as the only approach to risk management and needs extensive but minor amendments to open it up. Alternative wordings are suggested.
Hundreds of people receive notification of new publications every month. They include company directors, heads of finance, of internal audit, of risk management, and of internal control, professors, and other influential authors and researchers.