(The news featured below is a selection from the news covered in SEC Today, which is distributed to subscribers of SEC Today.)

Former SEC Chairman Provides Tips on Internal Controls

Financial Executives International and Approva, which provides auditing and monitoring software, recently hosted a Webcast featuring former SEC Chairman Harvey Pitt who described how to implement a top-down, risk-based approach to internal controls. Pitt, the CEO of Kalorama Partners, urged companies to focus on the things that are most important. He cited the SEC's guidance which confirmed the acceptability of focusing on areas that pose the greatest risk. The top-down approach avoids treating every risk equally, he said. It uses a cost/benefit analysis and is almost always cheaper to implement and more effective, according to Pitt.

Pitt outlined five steps to consider in applying the top-down approach. When collecting financial data, he said to avoid overload by consolidating the information and segmenting out the critical data. Avoid a two-dimensional financial analysis, he said, by using key matrixes to compare a core group of competitors and to identify any anomalies. In order to identify the risks, Pitt said one method is to trace the product cycle from production to sale. He urged companies not to limit themselves to traditional accounting methods and controls, but to also apply non-accounting methods such as variance analyses of forecasts versus results, customer and supplier feedback, and internal ethics surveys.

Risk should be quantified and ranked from high to never according to its impact, he said. In order to control risk, companies must understand their processes and create "what if" scenarios of means by which individuals may intentionally or inadvertently circumvent the controls.

Pitt acknowledged that the processes involved in the top-down, risk-based approach to controls may be daunting for complex organizations. He urged these organizations to focus on one thing at a time and not to obsess over everything. Companies should focus on the processes they have before building something new, he said, and then determine what is effective and memorialize it. Pitt added that companies should question conventional wisdom.

The process should be pushed down through the organization which will lead to assumptions being discarded or adjusted. Update the process at least annually, he said, and share the results with the board, management and outside advisers. Pitt believes that an external review can strengthen the process. Look for help when needed, he said. That will provide validation of the process to the auditors. The top-down approach will prove more effective at managing risk and less costly to implement and maintain, according to Pitt. It often results in fewer controls to monitor, he said.

During a question and answer period, Pitt was asked whether he believes more guidance will be forthcoming. Pitt said the PCAOB, under its new chairman Mark Olson, is making a concerted effort to provide more guidance. When asked who should be involved in the process, Pitt said the internal audit team and the CFO should be the drivers, but on a parallel level, compliance and general counsel representatives should be involved.