A
Salutary Lesson for ALL DirectorsA
Salutary Lesson for ALL Directors“Since the end of the 2006 financial year, the company has been through a trying period and the events are unacceptable for shareholders… The announcement of our full year financial result was delayed, as during final consolidation of the 30 April balance sheet, a number of significant items did not reconcile.”
“It is the view of the company that the discrepancies related to the processes in the conversion from the previous legacy IT systems to the new IT platform. The unreconciled balances totalled $17.2 million.”
“The review also identified improvements in the financial processes, controls and resourcing which were inadequate during the conversion process.”
“From the investigation undertaken it appears that the unreconciled balances are related to the upgrade of IT systems in the Pharmacy Distribution business. API had changed from two legacy IT systems to a fully integrated ERP system. The changeover was extremely complex; and, to minimise disruption, financial transactions were maintained on all three systems as each state’s operations converted separately and progressively.”
The above text is extracted verbatim from the Australian Pharmaceutical Industries (API) 2006 Annual Report. These quite profound statements are presented in the Chairman’s Report, which is the first chapter in the Annual Report.
The problem became public knowledge on July 14 when API issued a press release announcing that it had asked the ASX to suspend trading in its shares. Included in the announcement was a specific reference to the linkage between new systems and the company’s inability to release full-year accounts. A further statement, made by API on July 28th, promised a thorough investigation, with direct board oversight through a specially-formed board sub-committee.
Corporate disasters are usually accompanied by top executive changes and sometimes by board departures. In this case, there have been two changes in the executive and one at board level – though none of these have been explicitly linked to the problem with statutory reporting.
Chief Executive (Group Leader in API parlance) Jeff Sher was first to exit with the details of his departure subject to a confidentiality agreement. A press release dated August 14th announced his departure and the appointment of Stephen Roche to the role.
API lodged its statutory accounts on August 21st. A press release explained the decision to report a “one-off Other Expense of $17.2 million” and the findings of the review and the steps that API is taking in response to the situation. Among other matters, it makes specific reference to developing procedures to reduce complexity and risk in certain procedures for manual journal entries.
Also on August 21st, another API press release announced that Chief Financial Officer Daniel Lucas had been asked by the board to leave with immediate effect. Mr Lucas had been with the company for less than 6 months. The press release states unequivocally that Mr Lucas’ departure “is not linked to the $17.2 million one-off Other Expense that the company announced on 14 August 2006”.
The same press release announced the forthcoming retirement of non-executive director Michael Smith, and his immediate resignation as Chairman of the Audit and Compliance Committee. The press release noted that Mr Smith had served the company for 25 years and his retirement plans had been previously advised to the board.
The ASX share trading suspension was lifted on August 22nd. From a closing price of $2.25 immediately prior to the suspension, API opened at $1.63, rising to a high for the day of $1.94 and closing at $1.86. More than 8.5 million shares were traded on August 22nd. Since then the share price has seen a high of $2.06 At the time of writing, the company’s share price was $2.00.
The consequences of the situation described above are profound. Not unexpectedly, API has been the subject of extensive press coverage – much of it by its very nature damaging to the firm. For example, on August 15th, The Age said “Missing $17m floors API” and noted that the ongoing investigation was likely to cost more than $1m (according to page 19 of the 2006 API annual report the IT system implementation cost was $1.125million for 2006. The 2005 report shows costs for the Business Transformation initiative as $12.7m in 2005 and $5.8m in 2004).
Some explored deeper – quoting various sources and perhaps speculating about the wider causes. On August 16, the Sydney Morning Herald asked “Has API looked behind the sofa?”. The article quoted concerns from a Macquarie Equities analyst who joined the missing money to concerns about dividend policy and operations risks. A related article, “Brokers dump API” said that brokers had heavily downgraded their share price targets for API and were advising investors to dump shares in the company.
Prior to the release of API’s results, web-based journal www.crikey.com.au speculated that API might weakened by the events and susceptible to a takeover. After trading resumed, Reuters reported that API had hit a life low against an overall rise in the market. The Age said “API shares plunge as trading resumes”. The Herald Sun headline read “API belted on return” and the article speculated that the departing CFO Daniel Lucas had been blamed from the delays in producing final accounts.
On August 23rd, The Age continued its discussion in “API mauled on its return” and cast doubt on prior assurances that the new IT systems were working as intended. It quoted an ABN Amro analyst who reported that some, but not all pharmacists were receiving incorrect invoices. It also suggested that rumours of a takeover deal with Symbion Health (formerly Mayne) had limited the share price drop.
In a somewhat chilling link to our discussion of spreadsheets (Spreadsheet Havoc) in the July 2006 IT Governance Letter, a Kelly Mills article “Finding the right modelling tool” in The Australian on August 15 opened with the statement “Australian Pharmaceutical Industries needed to go beyond spreadsheets to improve its budgeting and make its business processes more flexible”. The article appears to indicate that API was undertaking two projects – one to implement the new ERP system and a project to implement new financial planning and reporting tools. It links the statutory reporting problems to the ERP system and suggests that the planning and reporting system is not involved. Yet it quotes API’s Information Management Leader Doug Horwood, who is reported as saying of the spreadsheet based process: “It was also fraught with the possibility of manual error in the processing”.
Australian Securities and Investments Commission Chairman Jeffrey Lucy spoke at an AICD Luncheon on August 17th. His topic: ASIC's regulatory approach to directors' responsibilities. The promotional literature said that he would provide ASIC's view on how directors can better meet their obligations in an evolving regulatory environment.
At the end of Mr Lucy’s speech, Infonomics Managing Director opened the questions from the floor by asking what advice Mr Lucy might offer to directors in the light of the API experience. His reply was succinct. He noted that directors are accountable for the company’s ability to fulfil its statutory obligations – including keeping of proper records and production of required reports. He said that audit committees should pay particular attention to the accounting systems.
Perusal of API’s annual reports indicates that he directors are well aware of their responsibilities. The Corporate Governance Statement in the 2005 Annual Report says:
“The Board’s primary role is the protection and enhancement of long-term shareholder value.
To fulfil this role, the board is responsible for the overall corporate governance of the consolidated entity including formulating its strategic direction, approving and monitoring capital expenditure, setting remuneration, appointing, removing and creating succession policies for directors and senior executives, establishing and monitoring the achievement of management’s goals and ensuring the integrity of internal control and management information systems (bolding by editor). It is also responsible for approving and monitoring financial and other reporting.
The Board has delegated responsibility for operation and administration of the Company to the Group Leader and executive management.
Responsibilities are delineated by formal authority delegations.”
It would seem that, in this case, the API board has been unsuccessful. We won’t speculate on why they were unsuccessful. Without a detailed investigation of the company’s procedures relating to governance of its management information systems, we cannot be sure that even the most skilled and well-equipped board could have detected the problems that beset API.
We note the review findings regarding “financial processes, controls and resourcing which were inadequate”. History shows that many projects are not properly resourced, and this is an area where increased board oversight may reap considerable dividends – particularly considering the currently buoyant professional skills market.
Current reality is that problems with IT projects are quite common. With the support of an effective system of governance, directors can be quite effective in detecting and, more importantly, preventing failures in IT projects (for example, see our discussions of the Australian Customs Service problems in the November 2005 IT Governance Letter).
Directors commonly use audit and related techniques to assure themselves of the integrity of the governance and management systems in other areas of their organisations. With information systems now clearly on the table as key risk factors, directors should consider similar techniques to assure themselves that their organisations system of IT Governance is effective.
The Australian Standard for Corporate Governance of Information and Communication Technology (AS8015:2005) provides guidance on how the board should oversee the organisation’s use and control of IT – in both projects and operations. It establishes the vital top-level framework for an effective system of governance that can be lead by the board, and does not require the directors to have specific knowledge of information technology.
Assessment of their organisation’s approach to governance of IT against the recommendations of AS8015 can give boards clarity on whether or not they can effectively evaluate, direct and monitor the use of IT by the organisation.
Our recent experience of assessing IT governance in diverse organisations is that considerable improvement is possible. Our findings have been quite consistent with those of major consulting and research organisations, such as Gartner, who recently said that “75% of organisations have ineffective governance of IT, which they are better to discard and rebuild”.
Our experience is also that a straight-forward 12 point self-assessment gives an accurate indication of the performance of the governance system. The Infonomics 12 point self-assessment is part of a series of Executive Briefs which are freely available at the Infonomics Web site.