Patricia Prandini, CISA CRISC Rodolfo Szuster, CISA CIA CBA Presentado por:
Mark Carey, CPA, CISA President 866.335.2736 x8431 [email protected] Management-ese: An Introductory...
-
Upload
david-bruce -
Category
Documents
-
view
214 -
download
0
Transcript of Mark Carey, CPA, CISA President 866.335.2736 x8431 [email protected] Management-ese: An Introductory...
Mark Carey, CPA, CISAPresident
866.335.2736 [email protected]
Management-ese: An Introductory Course
What Does Senior Management Care About?
• Shareholders (or controlling stakeholders)• Themselves! (Stay out of jail, protect
reputation, increase pay, get promoted, etc.)
• Customers• Employees
Shareholder Value
Definition: Present Value of future cash flows of the business discounted at its weighted average cost of capital, less the value of its debt.
Issues: Very difficult (impossible) to manage directly. You must break down, manage and measure individual components.
Earnings Per Share
Definition: Total Revenues (sales and other income) less tax and interest, divided by the number of shares issued.
Issues: Due to accounting opinions, rules, EPS is extremely subjective. Does not correlate very well to value creation measures
Cash Flow
Definition: Incoming cash from operations, investments and financing activities, minus outgoing cash from operations, investments and financing activities over a period of time.
Note: Cash Flow is fact based, EPS is opinion based
Weight Average Cost of Capital (WACC)
• The opportunity cost to all the capital providers weighted by their relative contributions to the company’s total capital
• Or what rate of return could each provider of capital receive on other investments of similar risk
Capital Asset Pricing Model (CAPM)
• Definition: A Model/Theory that argues that the returns both received and expected by investors are related to the risk incurred by owning particular financial assets. In general, the higher the risk, the greater the return should be.
Return EfficientFrontier
Hurdle Rate
Risk
Risk/ Return
Risk• Non-systemic (or unique or diversifiable) risk
– Non-systemic risk is caused by company specific events such as lawsuits, unsuccessful marketing programs, losing major customers, factory shutdown, fraud, security breaches, etc.
– In portfolio theory, investors do not care about non-systemic risk, because it can be diversified away
• Systemic risk (or market)– Systemic risk comes from external events that impact all
firms, such as recession, war, rising interest rates, inflation, etc.
– Systemic risk cannot be diversified away• SO WHAT:
– Finance majors are trained that shareholders do not care about non-systemic risk!
– However, individual shareholders, executive team, regulators, etc. DO care about non-systemic risk
Defining your customers
• Who are your customers?– Senior management, business managers,
Board of Directors, line personnel, end customers, government regulators
• What is their problem (pain)? – Past interruptions, SLAs with customers, single
points of failure, loss of data, vital records, etc.
• How do you solve that problem?• Can you describe how your program
solves that problem in 30 seconds or less?
Shareholder Value Drivers
• Increase cash inflow• Decrease cash outflow• Improve efficient use of capital
• Question: How will your information security initiative impact cash flow or improve efficient use of capital?
Value DriversLevel 1 Level 2
ShareholderValue
Growth
Efficiency/ Effectiveness
Capital
BusinessScope Expansion
Organizational Effectiveness
Operational Efficiency
Capital and Structure
Other Assets
Creation of Future Options
Market Variables
Political-Legal
Social-Cultural
Allocation of capital
Economic
Technological
Sarbanes-Oxley
• Section 302: Executive Certification by the CEO and CFO as to the accuracy of financial statements
• Section 404: Manage must articulate their responsibilities to establish and maintain adequate internal controls over financial reporting, and management’s conclusion on the effectiveness of these internal controls at year-end in the annual report
• Section 409: Real Time Disclosure – Public disclosure of material changes in the financial condition or operations
BOD Roles and Responsibilities
• Management selection, evaluation and compensation• Approval of major strategies and financial objectives • Advising management• Selection of Board candidates• Reporting, risk management, controls and
compliance– effective system of controls– managing the major risks faced by the corporation– reporting accurately the corporation’s financial condition and
results of operations– adhering to key internal policies and authorizations– complying with significant laws and regulations
Source: Statement on Corporate Governance, The Business Roundtable, 1997
Why Security
• To protect future cash flows• To keep you out of jail/civil court• Satisfy regulatory requirements• Satisfy customers/increase sales