Assure Magazine - October 2012

AssureOpinions to help manage risk and uncertainty / October 2012

Also in this issue:

Eurozone crisis

Corruption and trading: Are they hand in glove?

Maintaining the competitive edge

effective assuranceThe future holds an increasingly complex world, a tougher environment and more intense political pressure. With the demands placed on assurance functions growing, companies face ever greater challenges.

kpmg.ch/assurance

2

Contents

effective assurance 4

Assessment of Compliance 8

Compliance as a strategic success factor 12 How Compliance ensures sustainable corporate

development

eurozone crisis 15

Challenges and opportunities in the healthcare sector 20

Added value through Tax risk Management 22

use of unfair GTC 28

Corruption and trading: Are they hand in glove? 30

Maintaining the competitive edge 34

Assure / Foreword / 3

How can assurance functions manage increasing demands?

“Pressure from outside is intensifying, as well. During times of crisis, politicians’ demands for increased restrictions and regulations continue to grow.”

The advantages presented by the technological advances of the past few decades are undoubtedly manifold. Today’s companies are more efficient and productive than they ever could have imagined just a few years ago. Tasks that used to take hours, days or even weeks can now be taken care of in a matter of seconds and minutes. The corporate world has become quicker and distances today are smaller. So much for the bright side of the story. Not only the advantages but also the dangers brought by these changes are all too familiar. The greater complexity of the processes involved, however, makes monitoring them all the more complicated and occasionally more costly. Increased international networking also comes hand in hand with a multitude of risks – something the current situation in the eurozone illustrates all too well. The more challenging processes become, the more challenging it is to oversee them.

Pressure from outside is intensifying, as well. During times of crisis, politicians’ demands for increased restrictions and regulations continue to grow since companies are subjected to fundamental criticism of how they compete. The scope of regulatory requirements is rising steadily, including in the area of corporate governance. One direct consequence of these developments is that assurance functions are gaining significance and are being expanded and refined accordingly. Examples of this include internal and External Auditing, Risk Management and Compliance. Their purpose is to monitor risks, reduce complexity and ensure adherence to regulatory requirements. Building up and expanding the monitoring functions is one thing – ensuring that they function smoothly is something completely different. The extended assurance structures branch out more, some roles and responsibilities have to be redefined and an ongoing dialogue must be ensured. If assurance functions only focus on their own, limited scope,

they not only risk inefficiency but even ineffectiveness. In other words: Only well-thought-out coordination of the assurance functions can guarantee their effectiveness.

This issue of “Assure” contains several articles dedicated to addressing the challenges just mentioned. I am also pleased to present a study of the assurance structures of select Swiss companies put together by KPMG in cooperation with the University of St. Gallen (HSG). In addition, “Assure” offers an in-depth analysis of the potential consequences of a euro crisis for Swiss companies and answers questions about which business strategies could be pursued in the event of a eurozone collapse. This issue places a special focus on the latest developments in the hospital market and changes in the area of GTC legislation.

The world is becoming more complex, the business environment is getting tougher and legal hurdles are growing higher. Increasing demands on assurance functions mean that companies will face ever greater challenges. Let’s tackle them and continue evolving.

Let’s move forward.

roger NeiningerCEO

4

BackgroundWhat is assurance?Assurance refers to all controlling and monitoring activities which support the management in achieving their strategic, operational, compliance, and reporting objectives while avoiding the related risks. It is characterized by the triangular relationship visible in the illustration be-low.

The most common assurance providers include functions such as External Audit, Internal Audit, Risk Management, Com-pliance, and the management of Internal Control Systems (ICS). While the setup, the roles and responsibilities as well as the individual accountability can vary widely the principle purpose of all these

assurance functions remains to effective-ly and efficiently monitor and control the key risks of the company.

The functions can usually be grouped ac-cording to their level of independence from the business. While the first line of defense refers to the business itself and its responsibility to administrate the risks as risk owner, the second line of defense supports the effective management of these risks through monitoring and con-trolling activities. Finally the third line of defense provides independent and objec-tive assurance if the major risks of the company are sufficient well managed for example by effectively using control frameworks such as the ICS over finan-cial reporting.

Luka Zupan

effective assuranceA representative survey by KPMG in cooperation with the University of St. Gallen (HSG) discusses the current understanding of how the various assurance providers within Swiss corporations are organized and what their level of effective assurance is.

Figure 1: Concept of the “three lines of defense”

1. Divisions • Established risk and control environment

• Risk definition and assessment• Risk Management and reporting

Bo

ard

of D

irec

tors

, Au

dit

Co

mm

itte

e,

Man

agem

ent

2. supervisory functionsFinance, HR and Risk Management, ICS, Compliance

• Strategic management• Guidelines and procedures• Operational supervision

3. Independent assuranceInternal Audit, External Audit and other independent auditing bodies

• Questioning of processes/ guidelines and creation of independent, neutral reports

risk & control

risk & control

risk & control

First line The first line of the control system comprises

the divisions performing daily Risk Management activities

second line The supervisory functions of the company

(Finance, HR and Risk Management, etc.) determine the direction, define the guidelines and offer assurance

Third line Internal and External Audit provide an independent

assessment of the first and second lines

Assure / Effective assurance / 5

The studyIn cooperation with the University of St. Gallen (HSG) KPMG conducted numer-ous in-depth interviews with 26 Swiss corporations of various sizes and indus-tries, the majority of which are listed on the Swiss Stock Exchange. This qualita-tive study aimed at identifying the vari-ous assurance providers, assessing the degree of coordination between them, the type of assurance process imple-mented as well as the general level of satisfaction with the current assurance setup. In addition it discusses how the costs of assurance are assessed and monitored and provides a general out-look regarding the current assurance agenda of the participating firms.

Assurance structure The large majority of interview partners confirmed the existence of the most common assurance providers including Internal Audit, Risk Management, ICS coordination, and Compliance. The study also noted that new functions such as Corporate Social Responsibility or Safe-ty, Health and Environment (SHE) have been added to the assurance structure in order to address new areas of risk such as environmental impact, political pressure from external stakeholder groups, etc.

With various assurance functions em-bedded within the organization it is cru-cial to have a clear understanding of the respective roles and responsibilities. While the level of definition varies be-tween the participating companies the study noted that especially for assur-ance providers who need to adhere to external standards and principles (e.g. IIA standards for Internal Audit; regulato-ry requirements for ICS) the roles and responsibilities are well defined. The only exception is the Compliance func-tion, where definitions of the overall roles and responsibilities are not always defined. This can partially be explained by the fact that there are no internation-ally recognized standards in this field and companies are left to define the purpose of this function on an individual basis.

While the roles and responsibilities at large are well defined the study noted that the overall level of cooperation is rather low and remains informal. Al-though approximately half of the study participants confirmed that there is some type of coordination between the various assurance providers only few ac-tually had a formal structure in place that would facilitate an effective exchange and alignment between the different as-surance functions. This lack of coordina-tion usually results in inefficiencies due to duplication of work and ineffective re-source allocation and significantly reduc-es the level of satisfaction of the au-ditees.

One example on how to address this is-sue is the creation of a formal Corporate Governance Steering Committee which would include the participation of all im-portant assurance providers. The pur-pose of this Committee would be to: Align the general assurance agenda

(e.g. which assurance provider covers what risks)

Facilitate the general planning (e.g. when will a specific department be visited by what assurance provider)

Improve the exchange of information (e.g. findings from previous audits, understanding of the business, etc.)

Act as sort of risk sounding board that focuses on identifying new emerging risks as well as reassess existing ones

KPMG sees a clear need for action in this area for companies that have not yet established such an assurance plat-form. Creating a Steering Committee would allow for a better alignment be-tween the functions, focus more effec-tively on the key risks of the company and improve the efficiency of the assur-ance process in general.

Assurance processWhile the study already noted little or-ganizational coordination between the various assurance functions the lack of collaboration is even greater during the actual assurance process, which in-cludes the planning of assurance activi-

ties, the actual execution and the report-ing to selected stakeholders.

The exchange of information mainly oc-curs on an informal basis and consists usually of assessing when what assur-ance function will visit a respective de-partment. As a result the auditees often find themselves repeatedly explaining the same processes, risks and the relat-ed control activities to different assur-ance providers. However the study not-ed that there is definite tendency to formalize the planning processes espe-cially in big organizations (+100,000 FTE). Partially this tendency can also be explained by the fact that the sheer number of assurance activities forces corporations with a large assurance structure to have an effective planning process in place.

Another challenge that presents itself within the assurance process is the fact that most assurance functions rely on their own individual risk assessments. While an individual assessment of key risks can facilitate the own assurance scoping it is contradicting to a common understanding of what the key risks of the companies are and causes difficul-ties in aligning the outcome of the vari-ous assurance activities.

Although the study noted that selected companies consolidate these individual risk assessments in order to report the top risks to Executive Management and the oversight boards (e.g. Audit Commit-tee, Board of Directors) the individual assurance providers do not take this combined perspective as the basis for their own assurance scoping.

The lack of formal collaboration also ma-terializes itself during the actual execu-tion of assurance activities, although most interview participants affirmed some type of cooperative approach with regards to special projects or initiatives (see illustration page 6).

The study also noted that coordination between internal and external assur-ance providers tends to be rare except

6

for the area of Internal Controls over fi-nancial reporting. In this specific area the knowledge sharing between the Ex-ternal Auditor and the ICS coordinator can take on various different forms, ranging from simply sharing documenta-tion up to submitting working papers to the External Audit colleagues. The lack of further collaboration is somewhat ex-plained by the different assurance scope since internal assurance functions usu-ally explicitly exclude the financial re-porting process from their scope argu-ing that this is being covered by the annual financial statement audit.

Regarding the analysis and reporting phase, a distinction has to be made ac-cording to the size and internationality of the organiszation. Generally the study shows that the bigger, more complex, and more internationally oriented a firm is, the more likely the addressees of as-surance reports will receive numerous reports from various assurance provid-ers. This sheer load of information can sometimes lead to a loss of overview and make it difficult to derive a clear pic-ture regarding the effectiveness of the corporate governance structure.

As a result the study shows that espe-cially companies which have a formal-ized central coordination try to provide a consolidated reporting of the assurance activities to the addressees thus making it easier for their stakeholders to get a clear picture on the general state of their

corporate governance structure. Howev-er it should also be noted that some sur-vey participants outlined that the level of consolidation needs to be considered as this may result in an oversimplification of the overall assurance situation of the company.

Overall, the study shows that the gener-al satisfaction concerning the level of co-operation between the various assur-ance functions during the planning, execution and reporting phase is rather low. Thus KPMG strongly believes that through a more coordinated approach the assurance structure could operate much more effectively and efficiently. Such means of improvement could be for example a common risk understand-ing, the alignment of the assurance planning and goals, or the increased col-laboration during the assurance execu-tion.

Assurance costsWhen looking at the cost of assurance three areas can generally be distin-guished: External Audit costs, Internal Audit costs, and other assurance costs (see illustration page 7). While the cur-rent economic trend to reduce overall costs within the organization would sug-gest that the companies assess their to-tal cost of assurance in detail the study noted that the large majority of study participants do not have a consolidated overview.

The study also revealed that none of the participating companies saw the need for a more transparent assessment and monitoring of its assurance costs. This comes somehow as a surprise, since for example External Audit fees are con-stantly under pressure and some Inter-nal Audit functions were forced to re-duce headcount.

KPMG recommends in this respect that an overall assessment of the total cost of assurance together with the linkage to the risks areas that are covered by the respective assurance providers would help to make the assurance efforts and

related costs more transparent and out-line what areas need stronger focus.

Such a holistic approach to cost man-agement could also be a key argument in achieving more effectiveness as well as efficiency in assurance, since this would motivate the different functions to better coordinate and collaborate in order to avoid duplication of activities and allow for stronger focus on key risks.

Assurance outlookAlthough the large majority of the inter-viewees perceive their assurance func-tions as effective or partly effective al-most two-thirds see the need to further improve their assurance structure. This goes hand in hand with KPMG’s opinion that there is a necessity to continuously improve and advance assurance func-tions.

The following projects and initiatives were mentioned in this respect (see illustration page 7): Creation of a formal assurance coor-

dination role that facilitates the col-laboration and efforts of the individual assurance providers

Definition of a new assurance operat-ing model that integrates all existing assurance providers under one com-mon assurance function

Relocation of assurance functions into prominent production and distri-bution markets

Implementation of additional tools and applications that facilitate the as-surance activities and provide a com-mon technological platform for plan-ning, execution and reporting

In spite of most interviewees having recognized the need for improvement in the area of assurance, only few have ac-tually started such initiatives. It is KPMG’s view that companies should repeatedly reassess their assurance portfolio in or-der to ensure their structures still meet the expectations of the various stake-holders and cover all key risks that a fast-changing and ever more complex

Always/exchange

Partial/project-related/informalinformal exchange

No cooperation

85%

9% 6%

Figure 2: Cooperation of assurance functions in implementing assurance activities

Assure / Effective assurance / 7

business environment may have in store. The most crucial factors to suc-ceed in further developing assurance and successfully implementing such ini-tiatives are a clear leadership and spon-sorship from the oversight committees such as the Audit Committee that has the authority and power to drive such change.

In a nutshellThis study consolidated the findings of 33 qualitative in-depth interviews with various assurance heads in 26 Swiss firms of different sizes and complexities.

The key findings are: The most common assurance func-

tions are all well implemented while new providers cover areas such as

Sustainability or Safety, Health and Environment.

There is mainly informal exchange of information between the various as-surance functions and only few partic-ipants confirmed the existence of a formal coordination function.

There is a high potential for improve-ment with regards to the coordination of the individual assurance functions, e.g. common risk understanding, align-ment of the planning and execution of audits or the consolidated reporting.

The study participants perceive their assurance portfolio as effective or partly effective. For those firms which do not coordinate the various assur-

ance processes, the level of satisfac-tion is considerably lower.

The total cost of assurance is only rarely known or assessed in relation to the key risks and assurance activi-ties within the firm; monitoring of the total cost of assurance is not consid-ered a priority.

When organizing and establishing as-surance functions within an organiza-tion, close attention needs to be paid to the rapidly changing business envi-ronment and the organizational risks.

Luka Zupan Director, Head Internal Audit, Risk and Compliance Services

47%

37%

6%

2% 2%

2% 4%

External Audit

Internal Audit

Risk Management

Compliance

ICS Coordination

Quality Control

Other

No current projects/initiatives

Organizational improvements

Improvements in the assurance process

Initiatives concerning implementation of tools

27%

39%

15%

18%

Figure 3: Percentage share of costs by assurance function Figure 4: Initiatives for the structuring of assurance functions across all respondents

8

Is Compliance simply “nice to have”?Companies are finding themselves con-fronted with increased complexity not only in the legal framework but in their internal and external regulatory frame-works, as well. In today’s world, an in-dispensable part of good corporate governance is having an effective Com-pliance organization and Compliance management system in place. These can help address violations against inter-nal and external regulations, for in-stance, in order to prevent or limit finan-cial damage, criminal consequences and loss of reputation, to name just a few examples. The spectrum of potential risks extends from marginal, individual, noncompliant conduct without serious consequences to practices that could endanger the very existence of entire companies.

The term “Compliance” means adher-ence to rules (statutory provisions as well as both internal and external guide-lines). With a definition this broad, the subject areas that fall under the catego-ry of Compliance are just as diverse (e.g. data protection, fraud, corruption, money laundering, competition law, pat-ent law and environmental law).

Particularly within the area of corruption, Swiss regulations have – slowly but steadily – become progressively rigor-ous. Both the general public and the reg-ulators are demanding increasingly that senior management take steps to en-sure Compliance. Since Art. 102 of the Swiss Criminal Code (StGB; Corporate Criminal Liability) entered into force in

October 2003 and in conjunction with Art. 322 StGB (Bribery of Public Offi-cials), businesses are under an increas-ing obligation to take every necessary and reasonable organizational precau-tion to prevent bribes from being paid to foreign public officials. This means that just introducing a set of Compliance reg-ulations is not sufficient if the company’s own rules are not enforced with ade-quate determination. Consequently, ex-amples are piling up in which penal or-ders have been issued or fines imposed. The additional publicity this generates can have a hugely negative impact on the company.

How great is the company’s exposure? At which levels and with which financial impact would a loss of reputation affect the company?

Every company must determine for it-self whether its current efforts to struc-ture and maintain its Compliance sys-tem are sufficient in light of the potential risks.

Compliance system requirementsMany different definitions exist detailing the requirements of a suitable Compli-ance organization and an adequate Compliance management system. All of these different definitions of those re-quirements, however, contain the fol-lowing main pillars. How they are struc-tured in detail depends on the risk situation, complexity and size of the company.

Hans-ulrich Pfyffer

Fabian Winterberg

Assessment of ComplianceDemands placed on Compliance organizations are on the rise

Assure / Assessment of Compliance / 9

Responsibility – General definition of responsibility (incl. delegation) for Compliance.

Corporate culture – Company’s out-ward declaration of its commitment to Compliance.

Compliance organization – An effec-tive organization based on the corpo-rate strategy and objectives which also anchors the Compliance function into the overall assurance framework.

Compliance program – Effective tools based on a broad identification and assessment of risk.

Monitoring and review – The appropri-ateness of the structure and its main-tenance is analyzed on a regular basis and adjustments are made in a timely manner.

Is the Compliance system appropriate?Overall responsibility for Compliance lies with the highest-level entity within the company such as the Board of Directors. To live up to this responsibility, the appro-priateness of the Compliance system must be scrutinized. It is in senior man-agement’s best interest to know the sta-tus of both the structure and its mainte-nance as well as to identify and assess gaps in the system in order to efficiently close them. Since the internal and exter-nal requirements and risks are constantly changing, this assessment process must be performed periodically.

An external assessment can also be per-formed within the scope of an assurance or advisory mandate, either in conjunc-tion with or in addition to an internal as-sessment. While an assurance mandate explicitly results in an auditor issuing an assurance statement (attestation), a flexi-ble advisory mandate is geared toward improving and refining the Compliance system.

Figure 1 lists the key differences be-tween the external mandate options.

Approach for an assessment aimed at optimizationThe first step is to realize that assessing the appropriateness of the Compliance system requires a certain amount of preparatory work. Senior management should initiate an assessment and make it clear that they fully support the as-sessment and any improvements that might be necessary as a result.

During the first phase of the assess-ment, the existing organization as well as any regulations and tools in place are evaluated. A meeting with the individu-als in charge to discuss the structure and maintenance of the Compliance system is indispensable; the expecta-tions of the various stakeholders must also be polled.

During the second phase, this outline serves to identify optimization potential in the way the Compliance system is structured and maintained. It should be compared with relevant good practices.

The objective of the last phase is to pro-vide a clear report geared toward the target group that sets out the findings, recommendations and plans of action required to achieve the optimization po-tential as established in cooperation with the individuals responsible. This provides an opportunity to create trans-

parency and, above all, to define respon-sibilities (and deadlines) for implementa-tion. Senior management must be able to easily identify any shortcomings, which steps are necessary to rectify these and simultaneously monitor their remediation.

Findings from completed assessmentsDespite the fact that a Compliance sys-tem’s structure and maintenance de-pend on the characteristics of the com-pany in question, the following findings/shortcomings have come to light within the scope of Compliance system as-sessments we have completed: Leadership – The Compliance system

can only “live” effectively if a clear or-ganizational structure is in place, the responsibilities have been defined transparently and these responsibili-ties are also embraced accordingly.

Transparent communication – Top-down communication must clearly convey senior management’s Compliance-related expectations of employees. Conversely, bottom-up communication must keep senior management adequately informed about the status of Compliance. Com-panies should not shy away from a clear, outward declaration of their commitment to Compliance.

1 IDW auditing standard (Institute of Public Auditors in Germany): Principles of proper auditing of Compliance management systems (March 2011)

Figure 1: External Compliance assessment

Assurance mandate Advisory mandate

Nature of the mandate: Formal, based on standards (such as ISAE

3000, IDW PS 9801) Scope is generally narrowly defined Standardized reports

Nature of the mandate: Minimal requirements Tailored scope and reports

Added value: Assurance statement issued: High level of assurance

(assessment worded positively) Lower level of assurance

(assessment worded negatively)

Added value: Support for structure, implementation or

maintenance possible The focus lies on identifying optimization

potential and recommending improvements Benchmarking

10

Updated directives system – A Com-pliance system assessment provides an excellent opportunity to update, clearly define and simplify the direc-tives system as well as to eliminate contradictions and reduce duplica-tions.

Integrated Compliance system – The Compliance system is a key compo-nent of a good corporate governance system. Its effectiveness and effi-ciency can be boosted by viewing the Compliance system as an inte-gral component of the overall assur-ance framework and clearly defining interfaces to other assurance func-tions.

Ongoing training and awareness among staff (and/or third parties) – The Compliance system’s effective-ness can only be maintained if staff receive regular training and are made aware of the issues involved. De-pending on the company’s risk situa-tion, closely related third parties (such as suppliers, vendors/agents) should also be included in these train-ing sessions.

Documentation – a necessary evil – Documentation regarding the struc-ture and maintenance of the Compli-ance system must be improved. This not only achieves greater transparen-cy for the Compliance system in gen-eral but also provides evidence of how the system is structured and maintained. That, in turn, simplifies in-ternal examinations and represents an absolutely vital tool when defend-ing the company in any potential criminal proceedings.

Hans-ulrich Pfyffer Partner, Audit

Fabian Winterberg Senior Manager, Internal Audit, Risk & Compliance Services

ConclusionThe effectiveness of both the Compli-ance organization and the Compli-ance management system should be reviewed on a regular basis. This pro-motes an ongoing refinement of Compliance efforts and also repre-sents a safeguard for the manage-ment bodies. To do so, companies have several options to choose from. At minimum, a self-assessment should be performed regularly. In ad-dition, Compliance should be periodi-cally (every three years, for instance)

reviewed during a voluntary external assessment. This assessment could be a tailored service provided within the scope of an advisory mandate with a priority on identifying improve-ment potential. In the case of highly mature Compliance organizations, we recommend having the assess-ment performed by an independent auditor with the goal of obtaining ex-ternal confirmation that the supervi-sory and organizational obligations have been implemented.

Assure / Überprüfung der Compliance / 11

12

Numerous incidents have made Compli-ance a hot topic. On the one hand, viola-tions against applicable rules have repeat-edly led to proceedings with a big public impact. On the other, conflicts of interest have prompted media coverage over and over again. The risks associated with Compliance have grown in light of in-creasing regulatory density and greater public attention. New media have made it easier to uncover incidents and spread word of these, thus also increasing the reputation risk of the companies involved. Yet how can these challenges be ap-proached and how can Compliance be-come a strategic success factor?

Compliance as part of the corporate cultureUnderstanding Compliance as a techni-cal set of rules that guarantee adher-ence to legal standards falls short of its

true essence. In the broader sense of ethical corporate governance and the le-gitimate conduct of all players involved, Compliance requires a corporate culture specifically geared toward this objec-tive. This culture is shaped to a large de-gree through the conduct of the compa-ny’s most senior management, the Board of Directors and the executive board. “Tone at the top” is the catch-phrase used here, roughly equivalent to the sage advice of setting a good exam-ple.

A corporate culture based on ethical values is supported by a targeted, con-sistent HR policy. When selecting, de-veloping and remunerating staff and ex-ecutives, in particular, certain criteria must be taken into consideration with regard to the targeted corporate culture and the conduct desired.

Peter Kalberer

Compliance as a strategic success factorHow Compliance ensures sustainable corporate development

Risk Management

Compliance Business operations

Internal Audit

Internal control system

Methodology

(Risk assessment, risk evaluation, process description, definition of control)

Company-wide measures

Measures at the process level

Figure 1: Integrated assurance

Assure / Compliance as a strategic success factor / 13

Impact on strategy and business activitiesEthical criteria and Compliance also have a vital impact on a company’s strategy. Which business segments a company in-vests in is relevant and could even be a decisive factor in the future of the compa-ny. That can be seen clearly in the clean-money strategy generally adopted by banks today. Those who embraced this approach at an early point in time are now at an advantage.

Adequate objectives are also needed in order to credibly implement a strategy. This includes adjusting a company’s finan-cial targets or even the goals of individual employees to bring them in line with the new strategy. In the short term this change could result in some painful loss-es. That, however, is precisely where the attitude of senior management shines through. That is where a company’s seri-ous, credible focus on ethical business ac-tivities becomes visible.

Corporate governance and ComplianceThe Compliance function forms a key component of corporate governance. One indicator of good corporate governance is that Compliance is organized in such a way that permits efficient adaptations to changing legal and regulatory conditions. Given the number of new regulations and the speed with which these are being in-troduced, this is particularly vital. To guarantee efficient implementation, Compliance must not be viewed in isola-tion, rather the full range of different as-

surance functions within a company such as Risk Management, an internal control system, Internal Auditing and Compliance must be looked at from a holistic view-point. They all serve the same purpose, namely to identify risks to the company at an early point in time and prevent dam-age. Of course each of these functions has its own tasks and its own specific fo-cus. Good coordination and cooperation between them, however, makes it possi-ble to considerably boost their efficiency. The first step toward doing this is to es-tablish a coordinated methodology of identifying risks. If risks are uniformly doc-umented in the individual business pro-cesses, duplications can be avoided. This also enhances the clarity and comprehen-sibility of reports about risks and meas-ures. That, in turn, puts the Board of Direc-tors and the executive board in a position to take timely corrective action.

In this regard, fostering a culture of critical reflection becomes vital. Compliance must ask critical questions and be able to point out risks. If corporate policy is sanc-tioned by Compliance without question, dangerous risks could potentially remain undiscovered. One prerequisite of this type of culture is a Compliance system that is properly incorporated into the or-ganization itself with access to both the Board of Directors and the executive board. In order to keep pace with both the company’s development and the regulato-ry environment, the Compliance organiza-tion and its main areas of focus must be reviewed and adjusted on a regular basis.

Assurance conceptThe first step toward a coherent assur-ance concept is to ensure that the various assurance functions are well networked. Apart from coordinating the methodology, one other decisive factor lies in the use of standardized, high-quality data. Using the right data is indispensable both as a foun-dation for risk assessments as well as for corporate management. Frequently this aspect is not adequately taken into con-sideration and decisions are made based on unsupported data. That can be prevent-ed, however, by introducing consistent databases as the foundation for a coordi-nated assurance concept.

As a part of a company’s assurance con-cept, Compliance should not just be limit-ed to company-wide measures such as formulating internal guidelines, training staff and comprehensive controls. Organi-zational measures must also be in place to ensure and check for Compliance with regulations at the process level.

This example also illustrates its close link to the internal control system which not only manages company-wide controls but also the risks at process level. A joint ap-proach by Compliance and Risk Manage-ment within the scope of the internal con-trol system makes it possible to reliably asses the risk situation and any action that needs to be taken. These findings can also be used for quality assurance and process optimization purposes.

Business Operations

Database

Internal AuditCompliance

Risk Management Internal control system

Figure 2: Efficiency through a systematic database

14

ConclusionIf viewed from a holistic, comprehen-sive perspective within the company, Compliance is a strategic success factor when used in conjunction with the other assurance functions. Of

prime importance is an ethical corpo-rate culture shaped by senior man-agement combined with profession-al, integrated implementation of regulatory requirements.

Project coordinationInternal implementation of the numerous regulatory changes such as FATCA or the flat-rate tax, for instance, frequently takes place within the scope of a project. In this context it also makes sense to take a clos-er look at the impact these new regula-tions will have on business processes. Many of the new requirements not only call for organizational changes but modifi-cations to IT systems and client data up-dates, as well. Good, forward-looking proj ect coordination can help consolidate the diverse requirements of a variety of individual projects, thus considerably re-ducing both the time and cost of imple-mentation.

role played by the Board of DirectorsAccording to company law, the Board of Directors is responsible for the overall su-pervision of senior management. This also applies specifically with regard to Compli-ance. Within the Board of Directors, this task is generally assigned to the Audit Committee which prepares the relevant items on the agenda for the Board of Di-rectors as a whole. The Audit Committee fulfills a vital function by issuing clear specifications defining the scope and structure of the assurance system. Re-quirements governing the efficient, com-prehensible implementation of Compli-ance and other assurance functions simplify the job for those entities entrust-ed with the task. These tasks are also lent sufficient substance if regularly put on the agenda and discussed at board meetings. However, only the Board of Director’s un-equivocal commitment to Compliance and ethical corporate governance can lay the foundation for a sustainable corporate culture.

Peter Kalberer Director, Management Consulting

Assure / What are the implications of a potential eurozone collapse? / 15

Swiss companies have been watching developments in the euro crisis for some time now with discussions pre-dominantly centering around the EUR exchange rate and the impact it will have on Switzerland’s exports. Now that the Swiss National Bank (SNB) has thus far successfully defended the minimum EUR/CHF exchange rate of 1.20, current developments in the euro crisis have shifted attention to the euro’s future via-bility. Within that context, fundamental questions arise regarding the future of Europe which, of course, concern Swiss companies, as well. Correspondingly, companies are trying to gain a better un-derstanding of how the euro crisis is un-folding and which repercussions it will have. Committees were established to assess the situation and analyses have been completed – however the path that the euro and Europe will take is by no means clear, even after the German Federal Constitutional Court announced its ruling on 12 September 2012 con-cerning the suit filed against the euro bailout package. Yet one essential ques-tion remains unanswered, specifically, what companies should do today in or-der to effectively prepare for the with-drawal of a eurozone member state or, in the medium term, the collapse of the eurozone.

The departure of a eurozone member state would have major consequences at many different levels. The degree of stress this causes would depend greatly on whether withdrawal was done in an orderly or disorderly fashion. Not only that, but the latent structural problems

of the country in question will continue to exist and impair the country’s future viability even further. That means the ad-vantage gained through the departing country’s ability to improve its competi-tive position through currency devalua-tion is likely to be limited. The potential scenarios thus run the gamut from “muddling along” to a severe global economic crisis. One key requisite is a secretly planned, effectively implement-ed currency reform and redenomination in order to prevent speculation and capi-tal market upheavals. A suboptimal cur-rency conversion therefore poses con-siderable risks for everybody involved in the economic system.

Which risks are businesses exposed to during a euro crisis? The first step when performing a risk as-sessment is to define the basic scenari-os that can be expected. In principle, these are:1. The eurozone continues to “muddle

along” just as it has been for nearly three years. It can be assumed, how-ever, that this unplanned approach will soon come to an end since every delay costs more money and even the European Stability Mechanism’s (ESM) ability to withstand stress is limited.

2. Orderly departures occur which pro-ceed in accordance with a well-coor-dinated process and include the nec-essary currency reform. This is a complex undertaking and requires both confidentiality as well as a thor-ough preparatory phase.

Frank Wendt

What are the implications of a potential eurozone collapse?

16

3. Disorderly departures occur which lead to chaotic processes with con-sequences that are neither calculable nor predictable. Other countries face an imminent “risk of contagion” and bank runs, capital market upheavals as well as social unrest are likely.

4. In the event of several disorderly de-partures, the entire eurozone could collapse. This is the worst-case sce-nario. The consequences would be all too visible in the global economic cri-sis that ensues and could lead to the sustained economic decline of Eu-rope. While this scenario is not very likely at the present time, it should still be taken into consideration with-in the scope of the stress level analy-sis mentioned.

These basic scenarios could be refined even further and defined in greater de-tail. Their purpose is to help identify ar-eas of risk within the company. We rec-ommend preventing the scenarios from becoming too detailed, however, since their increasing complexity would make the implications unclear. Areas of risk can be classified as follows:1. Financial risk2. Legal/contractual risk3. Transfer risk4. Customer/supplier risk5. Operational risk6. Sales and strategic risk

1. Financial riskSince financial risk was the first risk identified by businesses, Treasury has taken on a leading role in efforts to deal with the euro crisis. The following sub-risks should be looked at:a. Counterparty risk is currently in the

midst of a major transition process. Companies are shifting their treasury business to banks outside the euro-zone or are circumventing banks by investing with the European Central Bank (ECB) (if in possession of a banking license) or by trading with other industrial and trading firms. Similarly, counterparties are being monitored closely by means of credit default swap spreads so that coun-termeasures can be taken in good time.

b. The currency risk strategy has to an-ticipate possible euro exits and be able to react flexibly to changes; cur-rency risk exposures need to be adapted and hedging transactions might have to be terminated. Similar-ly, the impact on hedge accounting should also be taken into considera-tion. It is important that the opera-tional hedging strategy be switched over to a rolling basis.

c. Financing risk refers to the legal units that could potentially be affected. It raises the question of whether exter-nal, local financing or intercompany

financing should be pursued. Factors in favor of local financing include pre-venting the devaluation of intercom-pany receivables and possible capital controls – yet these are offset by rela-tively high financing costs which would have to be reduced through guarantees. Generally speaking, companies are advised to be prepared to replace their financing partner and also ex-pect the cost of financing to rise. Considerations such as these have an impact on financing and interest rate risk strategy even today.

d. A currency conversion carries devalu-ation risks in the departing eurozone member states as well as apprecia-tion risks in the remaining member states. Since this affects all assets and liabilities in local units, capitaliza-tion must be adjusted accordingly.

e. Redenomination risk is another vital element and is addressed below in greater detail.

Most treasurers have already conducted initial analyses and are well positioned. Usually it will not be possible to com-pletely eliminate all contractual risks; however, in the event that such a situa-tion actually materializes, these residual risks can be mitigated by taking swift ac-tion.

2. Legal/contractual riskThe problem inherent in redenomination risk is that some contracts denominated in euro could be converted to the new currency of the exiting country or they could remain in euro. Essentially, local contracts (between two domestic con-tracting parties) in an exiting member country can be expected to be convert-ed to the new currency. This is mandat-ed by the principle of “lex monetae” which gives a country monetary sover-eignty within its own territory.

Uncertainties do exist, however, in the case of cross-border contracts, even if these are denominated in euro. Contrac-tual risks in the event of redenomination include:

Figure 1: Risks to companies

Basic scenarios

Euro crisis risks

Financial risk

Operational risk

Transfer riskStrategic risk

Sales riskCustomer/

supplier risk

Employee risk Legal/contractual risk

• “Muddling along”

• Orderly withdrawal(s)

• Disorderly withdrawal(s)

• Disorderly collapse

Assure / What are the implications of a potential eurozone collapse? / 17

1. The applicable law set forth in the contract and the jurisdiction – prob-lems could arise if it is located in the exiting eurozone member state.

2. However even if the jurisdiction lies in another country, the place of pay-ment and service provision could also play a key role in disputes and the enforcement of a claim.

3. The domicile of the counterparty could be material in the event of capi-tal controls. Essentially, the “lex mon-etae” principle also means that a counterparty is not permitted to vio-late local law, even if this prevents contract fulfillment.

The risks of this are twofold:1. Redenomination risk: Cross-border

contracts in particular should be ana-lyzed if these are vital to the compa-ny’s business success. Whenever necessary, existing clauses should be renegotiated and new standard clauses should be drafted for new contracts.

2. Termination risk exists if the currency conversion could trigger payment and currency terms, MACs (Material Ad-verse Conditions) or force majeure clauses. This could prompt counter-parties to attempt to terminate contracts which are no longer eco-nomically favorable. Here, too, adjust-ments must be made to both material existing contracts and the termina-tion clauses of new contracts.

3. Transfer riskTransfer risk exists when a contracting party in an exit country is unable to meet its contractually stipulated finan-cial obligations with foreign countries as a result of potential capital and currency controls designed to prevent the flight of capital. Since a currency conversion cannot realistically be kept confidential, there is a danger that the country’s euro deposits might swiftly leave the country ahead of any devaluation of the new cur-rency to be introduced. It can thus real-istically be expected that either direct or indirect capital and currency controls will be put in place, at least in the short term.

These, in turn, can lead to delays in the flow of goods or payments and compa-nies should take this into consideration in their liquidity plans and liquidity re-serves.

4. Customer/supplier riskCustomer and supplier risk has been on the rise for some time now in the coun-tries affected by the crisis, i.e. Greece, Spain and Portugal, and companies have already made some adjustments to their payment terms and risk strategies. Due to the generally limited risk exposure, this risk is relatively minor in the event of Greece’s departure from the euro-zone. Spain’s exit, however, would be of a different magnitude and preparations would be wise. Risks related to ac-counts receivable as well as supply chain risks on the part of suppliers repre-sent the main risk positions. Counter-measures include stricter payment terms and debt collection procedures as well as expanding a company’s supplier base to suppliers outside the countries in crisis.

5. Operational riskOperational risk interferes with a com-pany’s processes and the systems in use. In the event of the departure of a eurozone member state, some of the master data will need to be adjusted – and that will make it necessary to be able to set up and activate a new curren-cy. Some of the critical systems involved could include: In-house banking and payment trans-

action systems Billing systems Inventory management systems Treasury systems Planning systems, etc.

In addition, new regulatory or tax-related requirements could be introduced which would impact the company and need to be mapped accordingly. As a result, companies are well advised to assess the extent of the changes that have to be made and begin taking corrective ac-tion.

Quite often, defensive steps can be tak-en right away which would then simplify any changes that might become neces-sary in the future while also ensuring that such changes can be made in a well-coordinated manner.

6. sales and strategic risk Not only the direct consequences of the potential political and economic environ-ment need to be taken into considera-tion but the indirect consequences, as well. Depending on the scenarios as-sumed, slumps in sales should be ex-pected at either a local, regional or glob-al level. Here companies need to draw up plans that reflect the various stress scenarios and draft courses of action to cope with the crisis. Their task is to weatherproof the ship and get the or-ganization ready. In times of crisis, what counts is having a coordinated course of action and for everybody on deck to know what part they play and what their responsibilities are.

Apart from these short-term issues, there are strategic risks and opportuni-ties, as well. Crises bring about changes in the structures of both the market and the competitive environment. That could mean that competitors lose business, thus opening up new opportunities to gain new market shares or make acqui-sitions.

In general, companies should subject their business plans to a scenario analy-sis in order to prepare for a variety of dif-ferent scenarios and stress levels. Con-tingency plans need to be drawn up that could also extend beyond the confines of their own business.

“Of course we help our clients prepare for capi-tal control measures.”

18

Crisis modeNormal mode

Euro crisis strategy and framework

Organization

Euro crisis

analysis

Contingency measures Event

screening

Defensive measures

Interpretation & assessment

From normal to emergency mode

From emergency to normal mode

Scenarios and stress levels

Crisis plan

Impact and scope of crisis: opportunities and risks

Suppliers

Financial partners

Capital markets

Customers

Distribution channels

CompetitionInbound logistics Operations Outbound

logistics Marketing & sales

Firm infrastructure Human resource management Technological development Procurement

Service

Mar

gin

Margin

Treasurer/ controller

Emergency organization

BoD/management

Euro crisis officer

In order to effectively deal with the euro crisis and a potential collapse, compa-nies are well advised to define a strate-gy and a framework that shape the way people think and act within the compa-ny.

The following components are needed:1. Analytic process – The scope and the

repercussions of the direct and indi-rect (caused by business partners) risk exposure on the company must be defined and an impact analysis performed.

2. Transition process – A process that takes the organization from “normal mode” to “crisis mode.” This process begins with the monitoring of devel-opments in the euro crisis and classi-fying events in accordance with pre-defined stress levels. Organizational process – The organi-zational component which foresees at least one officer to manage the cri-sis process and summon an emer-gency organization in case of crisis. The task of monitoring this process generally falls to the treasurer or the controller.

3. Action process – Includes implemen-tation of precise action plans that were drawn up in advance to respond to a variety of scenarios and which will be put into effect once the transi-tion process has been triggered.

Approach for the analysis– Component 1How can companies take a structured approach toward mitigating the identi-fied risks? In our experience, a 3-phase approach has proven effective: The first step is to perform an impact

analysis (risk analysis) and define the presumed scenarios and stress lev-els. The latter is important to ensure that the entire company is working in

accordance with the same assump-tions and that a common language is established.

During phase two, a detailed analysis can be built up on the basis of the ini-tial rough impact analysis. One impor-tant aspect of this phase is the crea-tion of a Euro Crisis Task Force which compiles the results of the analysis and facilitates the identification of de-pendencies.

Which components must be present in a company’s crisis response plan?

Figure 2: Euro crisis strategy and framework

Assure / Foreword / 19

The key risk exposures must be identi-fied in a structured manner by:a. Legal unit (in the country of crisis and

with regard to internal and external interdependencies)

b. Function (treasury, procurement, supply chain, controlling, corporate planning, executive management)

c. Risk class (financial risk, legal/con-tractual risk, operational risk, etc.)

d. From a group perspective

Later, these risk exposures must be tied to the various scenarios so that the re-percussions can be anticipated. A sub-sequent analysis then serves as a basis for defining which measures need to be taken and carrying these out:The measures and preferred results of those measures must be defined in ad-dition to performing the risk analysis. The first step of this process is to define defensive measures, and a second step involves defining a crisis plan detailing which contingency measures are planned. The first of these measures should focus on reducing or eliminating any risk exposures promptly. Measures that fall into this category were already

mentioned above such as amending contract clauses, replacing financial management counterparties or shifting business activities and diversifying sup-pliers. Planned contingency measures, on the other hand, are set down in the crisis plans and only potentially carried out by an emergency organization if a country exits the eurozone. It is impor-tant to bear in mind that these meas-ures do not necessarily have to be tak-en, they are possible courses of action which can be taken depending on the precise details of the situation that aris-es.

The last phase is to implement defen-sive measures promptly and to develop crisis plans and a corresponding emer-gency organization. This is the responsi-bility of the Board of Directors which is also in charge of performing the neces-sary controls. Overall authority lies with the executive management.

Frank Wendt Director, Management Consulting

Results

PhaseImpact analysis

and scopingImplementation

of measuresDetailed

risk analysis1 2 3

“How can we effectively and efficiently implement

those measures?”

“What constitutes our risks, what are our preferences and what

measures will we take?”

“Which scenarios are we expecting and where do

our biggest risks lie?”

Identification of euro crisis scenarios and rough risk

analysis

Risk impact analysis and list of measures

Implementation of the defined measures and

establishment of a standard process

Core questions

Step 1Defensive measures

Step 2Planned contingency measures

Take measures and implement contingency and emergency plans in the event of a euro collapse or the departure of a euro country

Specify the defensive measures to be taken immediately to mitigate the impact of a euro collapse or the departure of a euro country

Figure 3: Approach for drafting a crisis plan

20

What are the biggest challenges facing hospitals in switzerland?Currently their biggest challenge is the introduction of the new hospital financ-ing system with Swiss DRG which went into effect on 1 January 2012. That is the new tariff system for acute somatic in-patient hospital services which, accord-ing to the most recent revision of the Swiss Health Insurance Act, uniformly governs inpatient hospital treatment throughout Switzerland according to case-based lump sums.

In terms of the Swiss DRG case-based lump sum system, every hospital stay will be allocated to a case group using specific criteria (primary diagnosis, sec-ondary diagnosis and other factors) and compensated with a lump sum amount. This means that any shortfalls which arise will no longer be borne by the pub-lic purse. This also entails accompanying legal and organizational restructuring measures. Many hospitals are adapting their legal form to the new conditions. The nonprofit corporation (gemein-nützige Aktiengesellschaft) represents the most commonly chosen organiza-tional form for managing a hospital. On an organizational level, case-based lump sum accounting is also leading to a new way of thinking about internal process-es. Cross-departmental cooperation and

thus networking of the specialties with-in the individual departments of the hos-pital are positive side effects of this change in the financing and cost man-agement of hospital operations. Even today this is still too administration oriented in many hospitals.

What additional financial challenges are facing the hospitals?Since the fixed assets costs for using a hospital’s facilities now form part of the payments, many hospitals have as-sumed direct responsibility for their real estate. This leads to the hospital having to directly plan and implement future renovations and new buildings. Conse-quently, a hospital organization has to compile its operational figures more transparently and accurately to be able to negotiate with banks and other lend-ers.

The Swiss hospital landscape is very heterogeneous and primarily displays strong regional differences. The new ar-rangement is increasingly causing diffi-culties for hospitals from peripheral re-gions because they have too few cases per service group to be able to treat them cost-effectively. There is a conflict between broad re-gional hospital service coverage and

Challenges and opportunities in the healthcare sectorThe entire healthcare sector faces sweeping changes since the new hospital financing system went into effect on 1 January 2012: answers to the most important questions.

Michael Herzog

André Zemp

Assure / Challenges and opportunities in the healthcare sector / 21

economically sensible use of the expen-sive infrastructure as well as the contin-uation of 24-hour operation. In the past, however, progressive and economically motivated advances made by politicians in certain cantons had little chance of being implemented.

How has the political framework in switzerland changed?Upon its reform of the Swiss Health In-surance Act (HIA), the Parliament intro-duced fundamental changes in 2009. This reform is regarded as the end of the “hospital administration” era. The amended HIA increases competitive forces in the marketplace with regard to price and quality, aims to split tasks up clearly between canton and hospital and gives patients freedom of choice be-yond cantonal boundaries concerning the hospital they use. The revised HIA promotes the equal treatment of public and private hospitals. Private hospitals with a performance mandate will be fi-nanced in the same way as public hospi-tals.

The aim of increased competition is to slow down the explosive rise in health-care costs. A clear commitment to the new system and its potential for savings is, however, required from politicians and hospital management in order to ac-tually achieve a cost-cutting effect for all parties involved. Unfortunately, the indi-vidual interests both of politicians and hospitals can be seen limiting the poten-tial benefits arising from the political framework.

Which business model promises to be successful for hospitals in the future?The market is experiencing some repo-sitioning: Hospitals which are willing to take on this challenge want to create greater transparency. They are develop-ing new corporate strategies, analyzing their existing range of services and look-ing into cooperative arrangements. The extensive changes are forcing the can-tons to review their hospital strategy. Al-liances and cooperation agreements in the field of service provision ultimately

yield cost benefits thanks to increased case numbers. Outsourcing or insourc-ing of services and general supply chain management optimization are being dis-cussed.

Relevant figures are required, though, in order to gain an overview of the strengths and weaknesses, risks and opportunities. This is where finance and accounting is needed. You’re in a better position to manage and make decisions if your financial system is under control. You also have the necessary information for discussing cooperative arrange-ments and optimizing the range of ser-vices.

“The objective is to achieve a high level of cost and service transparency.”

What are the differences in the development of private versus public hospitals?Private hospitals in Switzerland, but also private hospital groups from abroad, are showing great interest in the Swiss mar-ket. In the medium term, with a clear strategy and efficient organization, it will be possible for these institutions to take over inefficiently run public hospitals which don’t have a focused strategy.

In terms of corporate governance, we are already seeing public hospital mod-els being adapted increasingly to the op-erational models used by commercially run enterprises, one example of which is appointing a CEO who is senior to all the specialists and departmental managers.

On the other hand, nowadays private clinics are increasingly caring for pa-tients with general insurance because the purely privately insured patient mar-ket in Switzerland is too small to persist in the long term.

How will the hospital market develop in the future? The management bodies of hospitals will have to increasingly manage their organizations based on key figures. Nu-merous hospitals clearly need to catch up where finance and accounting is con-cerned. Innovative, forward-looking hos-pitals know how important it is for stra-tegic decisions to be successful. This is associated with a change in culture which cannot be implemented over-night. Staff management is a decisive factor in this development. Hospital op-erations depend on staff from all levels of expertise and specialty. It’s also a question of supporting staff on the new path and equipping them with the nec-essary business expertise. Even doctors and nurses will have to learn to influ-ence costs and set economic targets. That, however, requires motivation and a transfer of level-appropriate business know-how.

Michael Herzog Partner, Sector Head Healthcare

André Zemp Partner, Head Healthcare Advisory

22

Added value through Tax risk ManagementFrom risk identification to a Tax-erP-system – practical tips on how to implement a Tax risk Management process

Assure / Added value through Tax Risk Management / 23

1. IntroductionEfforts to tap new markets and shift pro-duction facilities to low-wage countries have led to an international focus among groups with a global presence. Not only has this geographical expansion in-creased the complexity of their busi-ness processes, but these groups are now subject to the fiscal legislation of multiple countries, as well. Many differ-ent countries have posted deficits dur-ing the past few years, in particular, and their level of debt has been on the rise. In response, some have not only re-duced government spending but also boosted their tax revenues. Taxpayers feel this fiscal pressure in part through more rigorous enforcement of tax laws.

In this context and as a result of growing regulatory requirements (also see Inter-national Accounting Standard IAS 12 and the Accounting Standards Codification, ASC, 740-10 [formerly FIN 48] of the Fi-nancial Accounting Standards Board, FASB, as well as the provisions of the Sarbanes-Oxley Act), the active manage-ment of tax risks is becoming increas-ingly important.

2. Consequences of tax risks Tax risks can lead to financial and/or criminal consequences for a company as well as a loss of reputation. This should not be underestimated in the light of increased interest from the me-dia and non-governmental organizations, especially given their improving knowl-edge of tax-related issues.

3. Tax strategy: a key driverTax-planning measures are a delicate balancing act between an optimized ef-fective tax rate (risk burden) and the risk taken (risk appetite). A group’s risk appe-tite (risk tolerant vs. risk averse) is deter-mined through the corporate or tax strategy. The tax strategy of most groups consists of posting the lowest effective tax rate possible. Tax-efficient principal structures or structures involv-ing special-purpose companies (financ-ing, IP, etc.) are frequently developed to achieve this goal. Due to their complexi-ty, however, they generally also entail considerable tax risks.

Kirsten s. Pratter

Olivier eichenberger

Figure 1: Tax risk – tax burden vs. risk appetite

Tax

bu

rden

Desiredtax burden

Risk appetite

Max. possibletax burden

Max. expectedtax burden

Deviation risk(blind spot)

Decision risk

Tax-efficient financing and IP structure

Tax-efficient legal structure

Tax-efficient supply chain

Local tax planning

Tax risk

24

4. Objectives of a tax risk Management systemThe objective of every Tax Risk Manage-ment system should be to take ade-quate steps to limit the “blind spot” or, in other words, minimize the difference between the maximum possible tax burden and the maximum expected tax burden. Another objective is to actively address issues with regard to their po-tential for loss of reputation or criminal consequences.

These efforts focus mainly on establish-ing transparency, i.e. knowledge about the risks present (internally), yet also in-clude both internal and external commu-nication to whichever extent is deemed desirable/necessary (e.g. provisions in the annual financial statements) with the aim of avoiding surprises wherever possible. It is also important to be able to take whatever action is needed in a timely manner.

5. Tax strategy development The way a group operates its Tax Risk Management system is determined to a large degree by the tax strategy derived from its corporate strategy. Ideally, the tax strategy is specified in cooperation with the tax departement and the man-agement. The tax strategy is then imple-mented in a targeted way based on tax guidelines which incorporate both value-oriented aspects (e.g. Tax Risk Manage-ment, tax planning, etc.) as well as staff-related and organizational aspects (role and responsibility of the tax department, etc.) and subjected to regular reviews.

Using a process-oriented structure for the Tax Risk Management system that is based on the tax strategy helps groups gain an understanding of and manage their tax risks.

6. Tax risk Management process The Tax Risk Management process rep-resents a self-contained cycle with a fixed sequence (see Figure 2) which is repeated both at specific and regular in-tervals. New risks enter the cycle upon identification and undergo the entire process in turn. The insights gained then flow into the risk identification phase as well as the subsequent phases. Com-pleted risks no longer enter the risk identification phase and are eliminated from the process (e.g. definitive tax as-sessment, statutory limitation, etc.).

6.1. risk identification (phase 1) One of the most important and most fundamental steps in the entire Tax Risk Management process is to identify tax-related risks. If individual risks remain unidentified they cannot be controlled and, as a result, the company cannot achieve its goal of gathering “knowl-edge about the risks present.” In prac-tice, however, ensuring a complete in-ventory of all risks is difficult since not

Figure 2: Risk methodology

Tax Risk Management

Process

1

New risks

Completed risks

1

2

34

5 2

3

4

5

Tax strategy

Tax

stra

tegy

Tax strategy

Assessment

Contr

olMonitoring

Identification

Do

cum

entatio

n an

dco

mm

un

ication

Risk identification Detailed inventory of potential group-relevant tax risks

Risk assessment and classification Monetary assessment of the tax risk by means of determining the probability of occurrence and magnitude of the impact

Risk control Managing tax risks based on their classification (avoid, reduce, share, accept)

Risk monitoring Ongoing monitoring of identified risks and the tax risk management process

Documentation and communication Documentation of steps taken and decisions made. Communication through the disclosure of a provision or a statement to this effect in the notes


every single potential risk can be identi-fied in full.

This makes it all the more important to ensure that a full array of tax risk identifi-cation tools is implemented in a variety of areas in order to minimize the number of unidentified risks.

Tax risks should be identified by means of questionnaires (checklists) or discus-sions with employees at every level. Here a systematic approach should be developed, e.g. by subdividing potential risks into categories (compliance, re-structuring, internal and third party transactions, tax type, tax-planning measures, etc.), to ensure that risks are identified as comprehensively as possi-ble.

A general rule stating how often tax risks should be (newly) identified de-pends on the complexity of the compa-ny involved. In practice, cycles have been seen to range from a quarterly to an annual basis.

Identified risks are then documented in a tax risk inventory. The risk inventory serves to describe the tax risks in more detail. The tax risk information obtained should then be entered into a database for ongoing monitoring and manage-ment.

6.2. risk assessment and classification (phase 2)Risk assessment is undoubtedly a com-plex matter. When estimating risks, two factors come into play: the probability of occurrence and their monetary impact. Together these provide some indication of which tax risks are acceptable for a company and which are not. This as-sessment should reflect, as well as pos-sible, both the criminal consequences and the consequences for the compa-ny’s reputation in terms of their mone-tary impact.

Choosing a systematic, pragmatic yet problem-oriented approach is vital when performing the risk assessment.

The result of the tax risk identification process should be systematically docu-mented in a risk map using a two-di-mensional coordinate system whereby the x-axis (abscissa) shows the mone-tary impact and the y-axis (ordinate) indi-cates the probability of occurrence. The risk map is divided into different zones and a risk acceptance line is drawn be-tween the normal and the borderline re-gions. Tax risks that fall below this toler-ance limit are those normally accepted by a company. On the other hand, any tax risks positioned above this accept-ance line must be deemed inacceptable and action must be taken to reduce these risks to such an extent that they fall within the acceptable range (see 6.3 below).

The next step is then to systematically assess the identified tax risks to gain an understanding of which risks are rele-vant for the annual financial statements and which do not meet the criteria for being included in provisions. For a purely financial analysis (e.g. when calculating the amount of a provision), multiply the probability of occurrence of the identi-fied tax risk in percent with the estimat-ed monetary impact of that risk, then add the results of this calculation for all tax risks identified.

6.3. risk control (phase 3)The general strategy to be adopted to counteract the various tax risks can be defined based on how tax risks are clas-sified in the risk map: avoid, reduce, share or accept risk.1 Generally speak-ing, tax risks located below the defined tolerance limit must be accepted or shared. Documentation risks (process risk) can be shared by outsourcing tax administration to a provider of such ser-vices, for instance, who must then en-sure that declarations are submitted on

time. Tax risks located above this limit, however, must be controlled actively by the group with the help of measures taken to avoid, reduce and possibly share these risks.

The strategy a group applies for a specif-ic tax risk is heavily influenced by its tax strategy. If a group has a tendency to-ward being risk averse (at least with re-gard to taxes), it will try to take steps to avoid or greatly reduce the risk. On the other hand, if a group is risk tolerant when it comes to reducing its effective tax rate, it will pursue a more aggressive tax strategy and be more likely to accept the associated risks or only take low-lev-el action to reduce them. Depending on the risk strategy chosen by the group (as part of its tax strategy), the risk accept-ance line is positioned differently within the risk map. That, in turn, has an impact on which risk control measures are de-fined.

If the risk assessment and classification reveals, for instance, that the risk asso-ciated with the planned introduction of a principal structure is too high for the group and must therefore be deemed unacceptable, consideration should be given to whether the risk in question should either be avoided entirely (ab-stain from introducing the principal structure) or whether appropriate meas-ures can be taken to reduce the risk to an acceptable level.

These measures could include seeking tax rulings, working together with the authorities involved to set binding inner-group transfer prices that conform to third-party prices or advance pricing agreements (APA), obtaining expert opinions as well as providing sufficiently substantiated transfer pricing documen-tation. Should these measures fail to re-duce the tax risk to an acceptable level (to be verified by means of an additional risk assessment), thought must be giv-en to whether it might be best – from a

1 Lehmann (2009). Internes Kontrollsystem (IKS) in der Umsetzung (Implementation of an Internal Control System [ICS]). Schulthess Zürich, pg. 98

26

strategic standpoint – to avoid the risk altogether (abstain from introducing the principal structure).

Yet when controlling risks, “avoid,” “re-duce,” “share” and “accept” are not the only options available. Risks can also be actively increased if the tax strategy pro-vides for a more aggressive tax plan than the one currently in place and the resultant risks are still positioned below the company’s individually defined risk acceptance line.

6.4. risk monitoring (phase 4)Once risks have been identified, as-sessed and classified and consensus has been reached with regard to how to control these, the Tax Risk Management process is not yet considered complete. These risks must be monitored continu-ously since potential risks – both with regard to their probability of occurrence as well as their impact – can change reg-ulary. Risk monitoring not only aims to review and track the measures taken and their implementation but also to monitor the Tax Risk Management pro-cess for weaknesses and shortcomings. If a group determines that the method-ology applied has proven ineffective, im-mediate steps must be taken to rectify the situation. Similarly, a decision must also be reached as to which employees in the company have which responsibili-ties, competencies and authorizations

within the scope of the Tax Risk Man-agement process. Generally and also in the interest of focus, local managers (lo-cal responsibility) should not be able to view or edit all of the information that can be viewed and edited at group head-quarters (group-wide responsibility).

6.5 Documentation and communication (phase 5)The last step of the Tax Risk Manage-ment process is to ensure adequate documentation and appropriate commu-nication. This simplifies matters when repeating the process and is particularly helpful whenever staff fluctuations mean that new employees need to ex-amine long-standing tax risks in detail. To ensure that documentation can be provided efficiently, it might be worth-while to contemplate the implementa-tion of a computer-based tax reporting portal.

“There is a growing trend among groups to optimize Risk Management through the introduction of a Tax-ERP-System.”

The results of the Tax Risk Management process then need to be communicated appropriately to the stakeholder groups. This could come in the form of a (quanti-tative) disclosure of a provision in the annual financial statements (whereby the sum total of the risk assessment can be referenced) or a (qualitative) statement in the notes.

7. Trend toward Tax-erP-systemsRisks at the level of the individual group companies (country level) can be docu-mented and assessed using a spread-sheet system such as Excel. Excel should not be used at the consolidated level, since it is a rather time consuming process to report the different countries’ risks in this way. Similarly, the group needs to ask itself whether it can meet the information requirements of its stakeholder groups and also handle the monetary parameters of the risks solely on the basis of Excel tables.

The constantly changing economic envi-ronment is causing a steady rise in the complexity of tax-related issues and that, in turn, makes it necessary to structure processes more efficiently. These changes could prompt a group to look for alternative solutions (as op-posed to a traditional spreadsheet ap-proach). There is a growing trend among groups to introduce a simplified Tax-ERP-System with fewer functions (e.g. a Tax


Risk Management system) in order to optimize their Risk Management.

When the Tax Risk Management system is in place, country managers are asked to promptly enter the identified risks so that they can be appropriately managed at group level. Web-based solutions of-fer users the advantage of being able to gain access to the system from any-where and at any time, not only making it easier to enter new information but also to monitor and control risks within the group.

8. Incorporating Tax risk Manage-ment in the groupsSince special knowledge and skills are required, both with regard to operational Risk Management as well as taxation is-sues, in particular, Tax Risk Management processes in a group are frequently per-formed or monitored by a tax manager. With functional responsibility for dealing with and making decisions regarding tax risks lying with the CFO and the CEO, a direct channel of communication should be established between Tax Risk Man-agement and the executive manage-ment level. That being the case, the Tax Risk Management process should be in-corporated into the group’s centralized Risk Management process.

ConclusionFor a Tax Risk Management process to function well within a group, the most senior level of management must be involved in the process. Only then can there be any assurance that the tax department has all of the in-formation it needs to analyze the data with regard to tax implications and in-corporate this information into the Tax Risk Management process. In order to structure the process effi-ciently and accommodate its com-

plexity, there is a trend toward the in-troduction of Tax-ERP-Systems.Even such a system, however, cannot prevent tax risks from materializing or being incompletely identified. Active, Tax Risk Management supported by a Tax-ERP-System as well as the ac-tivities of a Tax Risk Management Committee can, however, ensure that the identified risks are kept in check, monitored actively and con-trolled.

2 Spengel/Matenaer (2011). Tax Risk Management – Strategische, prozessuale und organisationale Einflussfaktoren (Tax Risk Management – Strategic, process-oriented and organizational factors). Die Unternehmensbesteuerung 10/11, pg. 805

Another option is to form a Tax Risk Management Committee consisting of representatives from Treasury, Account-ing, Controlling, Legal and Internal Audit under the leadership of the tax manager in order to discuss any tax risks that arise, assess and control these accord-ingly and as to further refine the Tax Risk Management process.2

Kirsten s. Pratter Director, Tax Corporate

Olivier eichenberger Manager, Tax Corporate

28

1. IntroductionOn 17 June 2011 the Swiss Parliament decided to revise several aspects of the Swiss Federal Unfair Competition Act (UCA). The purpose of these legislative changes was to establish more effective means of combating various unfair busi-ness practices.1 The changes concerning the use of unfair terms and conditions entered into effect on 1 July 2012. 2. revised Art. 8 uCAPursuant to revised Art. 8 UCA, a person/business shall be deemed to be acting unfairly if, contrary to the requirement of good faith, general terms and conditions are used which create a significant and unjustified imbalance between the par-ties’ contractual rights and obligations to the detriment of the consumer.2

The revision also brought Art. 8 UCA in line with the European Council Directive governing unfair terms in consumer con-tracts.3

3. Content review and legal consequencesRevised Art. 8 UCA grants the compe-tent courts authority to review the con-tent of GTC provisions. That means in addition to checking GTC clauses for va-lidity and consensus as in the past, they are now able to review the content of the provisions to ensure their appropri-ateness as defined by Art. 8 UCA.4 Be-cause the deception of a contracting party is no longer a requirement, the content of GTC can be reviewed even in the absence of a concrete contractual relationship.5

revised Art. 8 uCA – use of unfair general terms and conditions (GTC)

reto schumacher

Daniel Hänni

1 The amendment was specifically aimed at curbing the spread of the following unfair business practices: address book fraud, snowball systems, untenable promises of wins and unsolicited telephone calls. The corresponding legislative changes were already implemented by the Federal Council on 1 April 2012.

2 Amendment of 17 June 2011, BBl 2011, pg. 4925 ff.3 See Art. 3.1 of Council Directive 93/13/EEC dated 5 April 1993 on unfair terms in consumer

contracts (“Directive”) which states that contractual terms that were not individually negotiated shall be regarded as unfair if, contrary to the requirement of good faith, they cause a significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the consumer.

4 On the topic of validity and consensus reviews see THOMAS KOLLER, Einmal mehr: das Bundesgericht und seine verdeckte AGB-Inhaltskontrolle (Once more: The Federal Supreme Court and its covert GTC content review), AJP/PJA 8, 2008, FN 7 and additional references. The “unusual clauses rule” is part of the validity and the consensus reviews.

5 Message from the Federal Council on the amendment of the Swiss Federal Unfair Competition Act (UCA) dated 2 September 2009, BBl 2009, pg. 6162.

Assure / Use of unfair general terms and conditions (GTC) / 29

The consequences of a violation of Art. 8 UCA will likely be that, in addition to the imposition of court costs, the unfair GTC provision becomes null and void. Moreover, it should be noted that the users of GTC would be denied the right to claim that they would not have con-cluded the contract if they had known about the invalidity of the clause in question.6 Consequently, the contract essentially remains legally intact with-out the unfair provision.7

4. uncertainty regarding the legal application of Art. 8 uCAIt can be assumed that no precedents exist at this time for revised Art. 8 UCA. Consequently, the question arises of what judicial practice will develop con-cerning the application of Art. 8 UCA. Specifically, the terms “contrary to the requirement of good faith” and “signifi-cant and unjustified imbalance” must be defined more precisely.

The basic message found in materials regarding legislation for revised Art. 8 UCA is that the breach of good faith will be evaluated by the judge in accordance with what is right and fair as well as cur-rent business practices.8 When deter-mining the appropriateness of the rule in question, a comparison between the GTC clause to be reviewed and non-mandatory provisions of statutory law could be of pivotal importance.In reference to the parliamentary con-sultation, especially GTC provisions with

the following content could be subject to judicial review for unfair practices if a lawsuit is filed by a legitimized person or organization: Collection of interest on the total

amount, even if a partial amount has already been paid

Automatic extension of subscription agreements with a fixed duration

The right of the author of the GTC to unilaterally alter the GTC at any time

The automatic and tacit extension of a guarantee subject to charge9

5. Based on the european rulingSince, to a great extent, the revision of Art. 8 UCA brought it into line with the provisions of the European Council Di-rective on unfair terms in consumer con-tracts,10 it can be expected that judicial practices concerning Art. 8 UCA will also develop in line with European decrees and verdicts. In this respect, the Annex of the EEC Directive containing exam-ples of unfair clauses is likely to gain a certain amount of importance. Accord-ing to this directive, the following GTC clauses in particular are unfair: Ban on offsetting Contracts with a binding nature that

is one-sided One-sided contract clauses (e.g.

retaining prepaid sums if a contract is not concluded)

Right of termination without reason-able notice and without serious grounds for doing so

Exclusive, one-sided right to interpret any term of the contract

One-sided right to amend the contract

6. Action required by businesses Since consumer rights organizations also have the right to request a judicial review of the content of GTC provisions in accordance with Art. 10.2 lit. UCA, businesses are advised to check their GTC for conformity with the UCA. A re-view is also advisable to ensure that the provisions of the GTC can be effectively enforced if needed as well as to invali-date any plea of unfairness.11

reto schumacher Senior Manager, Legal

Daniel Hänni Manager, Legal

6 INGEBORG SCHWENZER, Schweizerisches Obligationenrecht (Swiss Code of Obligations), General Section, 5th edition, Berne 2009, pg. 338; GAUCH PETER / SCHLUEP WALTER R. / SCHMID JÖRG / EMMENEGGER SUSAN, Schweizerisches Obligationenrecht (Swiss Code of Obligations), General Section, 9th edition. vol. I, Zurich 2008, pg. 257.

7 The corresponding specifications in Art. 6.1 of the Directive are similar: “[...] the contract will continue to bind the parties upon those terms if it is capable of continuing in existence without the unfair provisions.”

8 According to the speech by member of the Council of States BRUNO FRICK at the Council of States session on 29 September 2010 (AB S 2010 934).9 According to the speech by Federal Councillor JOHANN SCHNEIDER-AMMANN on 8 March 2011 (AB N 2011 228 f.).10 According to the speech by Federal Councillor JOHANN SCHNEIDER-AMMANN on 8 March 2011 (AB N 2011 228 f.).11 With additional notes: FATZER PETER / HASENBÖHLER FRANZ, Chancen und Risiken rechtlicher Neuerungen 2011 / 2012 (Opportunities and risks of

legal changes 2011/2012), published by Daniel Lengauer and Giordano Rezzonico, Zurich/Basel/Geneva 2012, pg. 188 ff.

30

A regulatory framework movement: an important recent swiss court decisionIn November 2011, Alstom was given a punishment order in terms of Art. 352 of the Swiss Code of Criminal Procedure. The company was fined for an amount of CHF 2.5 million, with a compensatory claim of CHF 36.4 million.

What is interesting is that the Alstom Swiss Company was charged, which is part of the Alstom Group which has global presence and is headquartered in Paris, France. The offense which the Swiss com-pany was charged for was for not taking all necessary and reasonable organiza-tional precautions to prevent bribery of foreign public officials in the course of its business operations abroad, for instance, an insufficient Compliance department in terms of quantity (for a worldwide organi-zation of 75,000 people) and quality (for example: inadequate training provided). The main issue arose due to the topic of consultancy agreements which this com-pany, like many others in the industry,

makes use of to secure projects or pro-vide support during implementation and completion of projects. The company in Switzerland had in fact been created to deal with the centraliszation of the Com-pliance work specifically relating to inter-nal processes around consultancy agree-ments.

A Swiss-based company can therefore be punished for not having put in place enough controls related to its operations abroad. Is every trading company aware of this? Have all companies implemented adequate organization and prevention measures to mitigate these risks?

FCPA and uK Bribery Act: national legislations with global reachTrading companies have to keep the cur-rently applicable bribery and corruption legislation in mind: US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. These recent pieces of legislation largely apply to operations outside these two countries and extend the require-ments for the concerned companies.

Corruption and trading: Are they hand in glove? An increase in corruption cases in the trading industry has been noted through investigations linked to corruption and related to the media. This increases the pressure on the whole trading sector. In addition, the regulatory framework is changing, with new rules and practices in Switzerland and abroad on corruption issues. Besides, some recent cases illustrate that some trading companies have been dealing with corruption issues.

All these facts make one ask the question: How closely are corruption and trading linked?

Philippe Fleury

Cindy Loots

Assure / Corruption and trading: Are they hand in glove? / 31

The main differences between the two acts are summarized in Figure 1. Having adequate procedures in place to prevent bribery is therefore a MUST in today’s world and trading organizations should ensure that areas such as top-level commitment, risk assessment, due diligence, communication (including training), monitoring and review are be-ing taken care of in proportion to the bribery risks that it faces and to the na-ture, scale and complexity of the com-mercial organization’s activities.

The risks of corruption: some recent “war stories” Recent cases in which KPMG was in-volved as investigator, however, show that the road to Compliance in regard to corruption is difficult. The risks are diverse and numerous. Here are some actual cas-

es studies in the trading sector, with some potential lessons to be learned.

1. IT systems used group wide are cru-cial in a corruption investigation An investigation was conducted at an In-ternational Commodities Trading Com-pany which consisted of collecting and consolidating large amounts of electron-ic data: 8 servers + 36 personal comput-ers representing 17 TB, within 3 different territories (CH, Middle East, Africa).

The at the time, newly appointed CFO, based in the Geneva headquarter of this trading company, had performed an analysis and determined that financial losses were being suffered by the com-pany due to potential industrial espio-nage, suspected misappropriation of company assets and stocks and/or po-tential internal employee wrongdoings

(possible non-compliance with IT policy, non-compliance with other internal com-pany policies, corruption).

Through the analysis of the consolidated data of 17 TB, after being sorted and in-dexed for easier search capabilities, the below issues were identified: Illegitimate access to staff e-mails by

staff members Insurance contracts stipulating retro-

cession to the policy holder Illegitimate access of staff members

to confidential data Illegal detention and use of cracked

software Unsecure sensitive corporate data

storage: data loss, operational and financial risks

uK Bribery Act FCPA

Primary offences Bribing foreign officialsANDPrivate-sector bribery

Bribing foreign officials

Governance offences Failure to prevent bribery Books and records

Bribe location Worldwide Worldwide (bribe recipient must be foreign official, so does not include officials that are US citizens/entities)

Covered persons Individuals, corporations, agents, subsidiaries

Defenses 1. Adequate procedures in respect of “failure to prevent”

2. Where foreign official: Payment was lawful under the written laws of the foreign official’s country

1. Payment was lawful under the written laws of the foreign official’s country

2. Payment was reasonable and bona fide expenditure for the promotion of products or execution of the contracts

Penalties Individuals 10 years imprisonment and/or unlimited fine

Corporations Unlimited fine Disqualification from tendering for government

contracts

Individuals Bribery offence: 5 years imprisonment and/or

USD 250,000 criminal fine and USD 10,000 civil fine Books and records offence: 20 years imprisonment

and/or a USD 5,000,000 criminal fine and a USD 100,000 civil fine

Corporations Bribery offence: USD 2,000,000 criminal fine and

USD 10,000 civil fine Books and records offence: USD 25,000,000 fine

and USD 500,000 civil fine Disqualification from tendering for government

contracts Disgorgement of profits Independent Compliance monitor

Figure 1: A summary of the most important differences between the two laws

32

IT is used everywhere in today’s busi-ness world. It is imperative that a trading company’s worldwide IT systems are maintained in a manner which enables data to be available, reliable and accessi-ble to the right persons. The electronic data also has to be available in case an investigation needs to be performed. In addition, trading companies should en-sure that their fraud risk framework deals effectively with data protection and confidentiality matters.

2. Agents working on behalf of your company increase corruption and reputation risksAn FCPA-related investigation conducted for a global trading company in agricul-tural products consisted of reviewing ex-pense transactions submitted by their agent from Egypt to the European head-quarters of the company in Geneva, to determine the nature of the transac-tions.

The agent had won a bid to supply grain to a government body in Egypt and was claiming various travel expenses, in-curred by Egyptian officials comprising delegations that inspected the grain be-fore loading, without providing adequate supporting documentation.

The company became suspicious of pos-sible FCPA violations when the agent in Egypt requested payment for amounts, amongst others of “under-the-table pay-ments for government officials.” A dupli-cate payment in respect of an invoice re-ceived from the agent at this time was made by the company, supposedly in er-ror, the opposite of which could not be proved. Review of the agent’s books and records in Egypt revealed that “pocket expenses” for the Egyptian officials del-egation had been included in the amount claimed from the company, without be-ing supported by documentation. It ap-peared that the agent gave more money than the amounts provided in the official bid to the Egyptian officials during their inspection travels; the supporting evi-dence of these payments did not exist.

Trading companies normally use agents worldwide to assist in growing and mak-ing their business. Agents are entrusted with the company’s business through a formal contract making it crucial to en-sure all bribery and corruption risks are covered from the start of such business relationships, especially in countries ranking a low score on the Transparency International Corruption Perception In-dex. The recent Alstom case puts these practices in a particular light.

3. Collusion results in the theft of trading stock During an internal investigation, it was found that rice being shipped to Angola by an International Commodities Trading Company was missing, despite the fact that the local subsidiary of the control and inspection company certified that the complete rice had been unloaded.

A thorough investigation conducted re-sulted in the discovery that collusion be-tween the trading company’s local ware-house manager and the local head of the inspection company was the mecha-nism for the theft of the commodity hap-pening: The two individuals completed the paper documentation in such a way that the whole rice was shown as availa-ble, in order not to attract any suspicion. They then diverted a part of the load and sold it for their own benefit.

Trading companies should be aware of the relationships between their staff and third parties, especially when cash or commodities are involved. Relationships and conflicts of interest can be moni-tored by the trading company by imple-menting preventative mechanisms such as a robust fraud Risk Management framework or data analysis on, for ex-ample, employee and third-party master data of addresses, telephone numbers and bank account details to detect when any matches are discovered. Regular In-ternal Audits are useful as well to uncov-er possible collusions.

4. Margin of trading stock written off as scrap is not accurateDuring an arbitration case in Switzerland entered into by two commodity trading companies, it was determined that a margin of 4% was consistently being al-lowed, as defined by the contract, for scrap per load. Freight papers of differ-ent shipments showed that the scrap was effectively 4% during a certain peri-od. However, one of the companies had a suspicion that the scrap percentage was effectively lower than 4% in differ-ent shipments, namely 3%, according to some local employees. After perform-ing a deep investigation into this matter, it was found that the 1% difference be-tween the allowed amount and the real scrap per load was taken for resale through the mechanism of collusion be-tween the employee of the company ar-ranging the loading of the commodity and the transport company. The freight papers were altered in order to hide this fraud.

Internal controls, reviews and monitor-ing activities should not be neglected as even a small percentage such as 1% per load, adds up to a large amount of trad-ing commodities being taken corruptly from the company for personal gain over time. Monitoring of scrap margins is therefore an important step in an anti-fraud prevention and fraud detection plan.

Trading and corruption: close friends? These recent cases show that corrup-tion can take several forms and hit sev-eral business aspects in the trading sec-tor. These events often happen abroad, where the controls are more difficult and the local habits less familiar with Eu-ropean standards toward corruption. However, the Alstom case and the en-hanced efforts of the US and the UK au-thorities to implement the legislation on corruption show that the risks of being accused of corrupt practices has dra-matically increased in the recent past.

This should lead trading companies to ask themselves some important ques-tions: Do I have a robust prevention framework against corruption? Is my business model capable of mitigating corruption risks? How well do I know my agents? Do I regularly conduct corrup-tion preventive investigations?

Philippe Fleury Partner, Head of Forensic Western Switzerland

Cindy LootsSenior Manager, Forensic

34

Global Business Services (GBS), the adopted term for consolidating opera-tions across an organization for support functions like Finance & Accounting, Hu-man Resources, IT and other business processes (often into nearshore or off-shore locations) has the potential to go beyond just bringing sustainable cost savings to deliver truly transformational added value to the business.

Most large and indeed many mid-sized companies have already adopted Global Business Services models over the past decade by implementing captive shared services and outsourcing arrangements and most of these adopters are looking to expand on this approach further. While this leveraged service delivery model has become common, most or-ganizations employing it have ap-proached it with a narrow, cost reduc-tion mind-set. Few have taken on the challenge and succeeded in using Global Business Services to fundamentally ad-vance their business model, and fewer still have truly innovated to improve competitive positioning.

Global Business services modelsWe live in challenging economic times, necessitating companies to continually redesign their business models with a particular emphasis on cost reduction,

and often on cutting labor costs as one of the biggest operating costs. These actions allow warding off trouble in the short term (“Fortune” Magazine report-ed in 2010 that Fortune 500 companies raised earnings by 335% despite reve-nue declines of 8.7% in 2009). But, the real question is whether these savings are transitory or will be truly sustainable. At the same time, top of the agenda for executives is being managing growth in emerging markets, managing effectively risks and Compliance globally and better leveraging investments made in technol-ogy and global production and service platforms.

As the global economy strengthens, will companies lose focus on cost competi-tiveness, relaxing cost control policies and hiring back staff into old models? Or will they instead fundamentally shift their business models to drive competi-tive advantage? And what are the impli-cations and opportunities for core sup-port services like IT, Finance & Accounting and Human Resources? The means through which organizations deliver and manage their core support services have changed significantly over the past 25 years. Leading organizations today employ a broad range of service delivery models, including shared ser-

sustain competitive advantage by rethinking your Global Business services modelAntonio M. russo

Assure / Sustain competitive advantage by rethinking your Global Business Services model / 35

vices centers (SSCs), offshore captive operations, and IT and business process outsourcing (ITO/BPO).

Organizations are changing their ap-proach to optimizing their internal opera-tions, and are evolving their delivery of internal support functions using a com-bination of external providers and inter-nal resources. Fierce global competition and difficult economic times require rad-ical improvements with new constraints that do not allow significant investments and elongated time frames (e.g. mas-sive enterprise resource planning soft-ware implementation or > 10-year out-sourcing deals). There is a renewed focus on optimizing services and driving process improvement across the entire organization using domestic and off-shore captive SSCs augmented, extend-ed, and often improved by external ser-vice providers. It is no longer an either/or approach. The value proposition and success metrics for shared services op-erations are evolving. Leading organiza-tions today receive measureable busi-ness value from shared services – above and beyond driving costs down via con-

solidation, automation, and labor arbi-trage. These organizations are assuming a more commercial orientation to the business. This involves driving and im-proving overall business performance as well as competing for internal business on level ground with external service providers.

The outsourcing market has also materi-ally evolved and matured. A growing number of service providers are demon-strating advanced capabilities enabling them to move up the value chain in terms of services offered. They under-stand industry-specific processes better and are increasingly able to integrate into existing business operations to pro-vide more high-value and strategic ser-vices. As a result, outsourcing today is moving beyond just an alternative ser-vice delivery strategy to become an en-abling lever of an overall transformation agenda, and one that is closely aligned with internal shared services delivery capabilities. Commonly, this transforma-tion agenda is targeted at improving global competitiveness by better lever-aging global resources, talent, and mar-

kets via a global business services model.

Most large and mid-sized companies have adopted GBS models in the past decade with the main aim of reducing costs. This is now changing and compa-nies are leveraging their investment in business services by moving up the val-ue chain and increasing their relevance to the business.

During the early advent of shared servic-es, outsourcing, and offshoring, compa-nies were naturally putting more trans-actional processes and discrete projects such as accounts payable, IT desktop, applications development and payroll into these alternative delivery models. No longer companies now are also scru-tinizing their mid- and selective front-of-fice processes to see if they can benefit from leverage and successful offshore models in their transactional service portfolio. More knowledge-intensive processes such as strategic sourcing, engineering, marketing, research, and legal are in fact the fastest-growing mar-ket for outsourcing and offshoring. Over

Figure 1: As the C-Suite agenda focuses on efficiency, Compliance, and growth, Global Business Services models must evolve

IT HR F&A Procurement

Labor Arbitrage

Capacity Management

Quality Improvement

Offshore Leverage

Product Innovation

Business Intelligence

Business Agility

New Market Entry

Driving competitive advantage

Align the operating model

for efficiency and effectiveness

Optimize the global operations

footprint

Drive growth in emerging

markets

Manage global risk

and Compliance

Leverage investment

in technologies

Sourcing and Shared Service Goals are moving beyond just cost savings

Leading sourcing and shared service organizations are advancing their capabilities, evolving to models engineered to be positive influencers of change

Success in this new model depends on the ability to dynamically assemble a variety of capabilities – regardless of where those capabilities reside – into a seamless end-to-end process that’s focused on a specific business outcome

Process Efficiency Process Transformation

36

the past seven years the knowledge process outsourcing (KPO) industry has experienced a cumulative annual growth rate of 46%; almost double that of busi-ness process outsourcing (BPO).

evolving your Global Business services maturityAssessing the maturity and perfor-mance levels of an organization’s busi-ness services capabilities has never been easy. This task has become more complicated as organizations diversify their service delivery models, increas-ingly relying on shared services and out-sourcing to complement, extend or re-place traditional models. Organizations need to understand the maturity of their service delivery capabilities so they can measure progress in improving them over time, and understand how far and fast to push these improvement efforts. To attain this understanding, organiza-tions need a structured approach to measuring the performance of global service delivery processes, systems, operating and governance models.

It is important to balance the benefits of pursuing greater maturity against the cost and complexity of doing so. The pursuit of “academic” maturity without a strong business case is ill advised and unlikely to gain executive support in the current market environment. Similarly, the desired maturity level must map to the organization’s overall operating mod-el. For example, a large multinational might value high maturity in one or two regions, but find less or little value in higher levels of maturity across all geog-raphies. In this respect, a model such as this can add value both as a means to assess current performance levels as well as to define a future road map for improvement efforts.

In October and November 2011, KPMG conducted a series of in-depth inter-views with global business services ex-ecutives across a mix of Fortune and Global 500 corporations in the USA and Europe. These executives were asked detailed questions on global business services maturity, using the KPMG GBS

maturity model as a guide to evaluate each company. As part of the interview, respondents were asked to rate the ma-turity of their organization on a 4-point scale per 22 questions focused on gov-ernance, commercial orientation, stan-dardization, organizational excellence, global process ownership and global scope.

Overarching research findings show that many organizations are rapidly gaining GBS maturity but at different levels across functions and geographies, and based on different overall organizational operating models. Three factors stood out in helping some organizations achieve greater GBS maturity – a strong linkage of GBS strategy to the enter-prise strategy, a rapidly maturing govern-ance framework, and a strong push to-ward commercial orientation in running and operating their GBS organizations. Key findings include: Moving up the maturity curve is hard.

Companies often get “stuck” below their desired level for a variety of rea-

Figure 2: Sourcing models evolution from cost to value

1990s 2000s 2010s

Tran

sact

iona

l C

ompl

ex

Pro

cess

es a

nd a

ctiv

ities

Time

Centers of Excellence

Service hubs’ Operational Excellence

Knowledge process outsourcing

BPO & operational ITO

Cost Focus Value Focus

Labor Arbitrage

Imp. Customer Experience

Access to Talent

Access to Innovation

Capital Avoidance Risk Mitigation

Cost Reduction

Simplicity and Agility

Traditional Drivers

Emerging Drivers +

+

Technology Upgrade

Cloud Enablement

So

urc

ing

is m

ovi

ng

up

th

e va

lue

chai

n


sons. Of the firms with which KPMG spoke, about a third placed in the higher maturity Strategic or Differen-tiated levels of the maturity model, and the other two-thirds placed at the Rationalized or Optimized levels.

Mature GBS organizations use multi-ple elements in their service delivery toolkits. These include multiple ser-vice delivery models including out-sourcing, offshoring and shared ser-vices (and, increasingly, cloud), multiple value levers including cost savings, innovation, business in-sights, etc., and more sophisticated organizational models including stronger governance and end-to-end process ownership.

Breaking through maturity levels re-quires strong governance and a com-mercial orientation. The strongest correlation to higher GBS maturity was observed through the GBS or-ganizations’ maturity on Governance and their degree of Commercial Ori-entation. Strong governance is al-ways required when weaving togeth-

er complex initiatives, but the need for a commercial mind-set is a bit less obvious.

A longer-term vision is critical. One of the biggest areas of difference be-tween the most mature organizations and the rest was in Process Improve-ment Sequencing. The more mature organizations deploy multiple im-provement strategies, and have well-defined, long-term sequencing for improvements. The less mature or-ganizations are more opportunistic in their improvement efforts. The great-est hurdles to maturity are cross-functional and global integration. Most organizations in KPMG’s re-search set, even the more mature ones, do not have consistent maturity when it comes to the functional and geographic slices of their GBS organi-zations – the finance and IT functions tend to be more mature, as do their North American and European GBS organizations. Cultural and organiza-tional factors, e.g. level of ERP adop-tion and standardization, are the other

limitations to the levels of maturity to which an organization strives and how quickly it moves along the matu-rity curve.

Show me the money! Cost savings are still the number one reason for companies to advance their GBS ma-turity. They seek additional value driv-ers not only to support but also to ad-vance the business, and constantly evaluate these value drivers against costs/benefits and returns on invest-ment. The more mature organizations are looking beyond simple cost sav-ings. They seek strategic benefits such as ability to support the growth agenda, e.g. integrating acquisitions, accelerating technology and policy deployment, and enabling innovation into services and business process-es. These strategic benefits are weighed against the cost-benefit analysis specific to the organization.

Maturity matters. Organizations with mature GBS models create greater shareholder value. While likely not wholly attributable to the service de-

Figure 3: Global Business Services Maturity model

Ser

vice

Del

iver

y M

anag

emen

t M

atu

rity

Differentiated

Strategic

Optimized

Rationalized

Suboptimized

Val

ue

Cap

ture

an

d P

erfo

rman

ce S

ust

ain

abili

ty

The Journey . . . Development Stages . . . Time

Risk of Stagnation and Regression • Attrition fueled by

uninteresting work • Lack of process integration

and end-to-end improvement due to limited scope

• Atrophy due to underinvestment and sporadic management support

Attributes of a Mature Model

Cohesive vision for leveraging and integrating “horizontal” processes across enterprise

Global process management and service delivery platform

Balance of internal and external service delivery

Integrated delivery centers and COEs, with a focus on customer experience and innovation

Strong emphasis on governance, performance, and talent management Flexible to dynamic business needs and priorities Ongoing competition within service supply chain Outcome focused

Globally integrated services portfolio with rational balance of outsourcing relationships and standardized and integrated delivery centers and CoEs

Optimized balance of internal and external delivery capabilities, best-of-breed global sourcing

Traditional outsourcing relationships with global delivery; non-integrated internal shared services capabilities

Single-function shared services with tactical onshore or offshore provider relationships

Decentralized and duplicative functions; little central control over business support services

38

livery model, organizations with ma-ture GBS models have an average re-turn on equity (ROE) of 20.7% versus an average of 16.7% for the less ma-ture organizations. The ability of an or-ganization to plan, implement and im-prove its support infrastructure is a core competency that can provide a competitive advantage while deliver-ing greater financial performance.

Getting into actionWhile the benefits of a mature GBS model seem clear, there are some hur-dles to pursuing this course that execu-tives should realize early on. First, it re-quires some maturity in service delivery, meaning that an organization should do the transactional work well before mov-ing into more complex services. Sec-ond, a model that integrates functions requires a hard change management discussion, and some companies simply don’t have the culture to support it. In this model, the focus shifts from manag-ing individual functions to managing a portfolio of service offerings – all in a col-laborative, centralized environment.

This paradigm of end-to-end processes completely disrupts the traditional struc-ture of functional fiefdoms and instead empowers the process owners. Instead of seeing the big picture, functional leaders will likely initially view this as ceding control of their agenda. There-fore, a people and change management plan should be in place before embark-ing on this change. To determine how to proceed and identify opportunity in their organization, financial executives should consider the following: Sourcing relationships: Where are the

companies outsourcing relation-ships? Are they tactical relationships, or are they managed at the strategic level? Likewise, are the company’s shared services relationships con-trolled at the functional level or the enterprise level?

Services strategy: Does the organiza-tion have an enterprise strategy for delivering business services? How is it aligned with the corporate strate-gy? Is it designed to improve the cus-tomer experience? Reduce costs to a certain level? Support acquisitions?

Technology: Does the technology support an integrated process? Do re-dundancies exist? Does the platform allow the business to access data and intelligence?

Culture: Does the organization’s cul-ture lend itself to cooperation, includ-ing internal functions and service pro-viders? Will an end-to-end process model be perceived as a threat to functional control? Will the organiza-tion support a structure of governance that provides comprehensive, consist-ent oversight of services and execu-tion of performance metrics? Consid-er that if the company has an effective but suboptimized services structure, managers may be reluctant to move to a centralized and collaborative mod-el. After all, managers in functional si-los may have significantly reduced costs through the original move to outsourcing or shared services – and now they’re being asked to revisit is-sues they thought were resolved.

Geography: Are all of the company’s markets being served? Has the com-pany taken a holistic look at the global delivery model to optimize services by region?

Figure 4: Key factors for success

Selecting the Right Model

Creating and Managing the Right

Road Map to Transformation

Gaining Adoption and Buy-in to Future State

Definition

Program Challenges Keys to Success

Change Management and Communications

Key Stakeholder Support Early in the Program Continuous and Visible C-Level Sponsorship

Comprehensive Communications Program Program Objectives and Success Well Understood

Design for Value

Existence of a Strategic Vision Design is Cross-Functional

Design is Understood and Linked to Value Systems Requirements Reflect Design and Value

Program Management Discipline

Institute an Effective Program Management Office (PMO) Utilize a Tried-and-True Methodology

Execute Quick Wins and Communicate These to the Field Staff Appropriately; both Quality and Quantity


Overall maturity: How mature is the services organization in terms of de-mand to delivery? How efficient is the model? How well is the company managing the transactional services? Is there an effective balance of shared, outsourced and retained ac-tivities?

Transforming your Global Business Ser-vices model requires mitigating poten-tial risks and addressing critical challeng-es that will arise. Companies need to ensure that they put in place all ingredi-ents that are needed to maximize suc-cess from upfront strategic alignment to onboarding the organization in new ways of working. Execution requires dis-cipline and the utilization of proven and tested approaches.

Antonio M. russo Director, Management Consulting

ConclusionMost global companies have adopted Global Business Services models for non-strategic back office corporate services over the past decade. While this leveraged model has become the norm, most have approached it from a cost reduction angle. Few have tak-en on the opportunity of using shared services and outsourcing to funda-mentally advance their business model and drive sustainable competi-tive advantage.

Most industries are facing difficult and challenging times with pressures on margin, increasing regulatory re-quirements, new global competition,

pressure from the capital markets and the need to shift bloated legacy operating models to more efficient ones that shake core industry operat-ing principles.

Major changes to existing operating models will accelerate. Improved ways of doing both the strategic and operational specific work are re-quired. Outsourcing efforts to date have been largely successful at re-ducing costs and shifting focus away from lower value-added activities. These trends will not only continue but will accelerate and broaden in scope.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2012 KPMG AG/SA, a Swiss corporation, is a subsidiary of KPMG Holding AG/SA, which is a subsidiary of KPMG Europe LLP and a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity. All rights reserved. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

ContactKPMG AGBadenerstrasse 172P.O. Box CH-8026 Zurich

roger NeiningerCEOT: +41 44 249 21 25e: [email protected]

Olivier eichenbergerManager, Tax CorporateT: +41 44 249 27 62e: [email protected]

Daniel HänniManager, LegalT: +41 58 249 21 03e: [email protected]

Philippe FleuryPartner, ForensicT: +41 22 704 17 18e: [email protected]

Michael HerzogPartner, AuditT: +41 44 249 31 53e: [email protected]

Peter KalbererDirector, Management ConsultingT: +41 44 249 33 71e: [email protected]

Cindy LootsSenior Manager, ForensicT: +41 22 704 16 46e: [email protected]

Hans-ulrich PfyfferPartner, AuditT: +41 44 249 27 77 e: [email protected]

Kirsten s. PratterDirector, Tax CorporateT: +41 44 249 46 68e: [email protected]

Antonio M. russoDirector, Management ConsultingT: +41 44 249 31 09e: [email protected]

reto schumacherSenior Manager, LegalT: +41 44 249 21 14e: [email protected]

Hanspeter stockerPartner, AuditT: +41 44 249 33 34e: [email protected]

Frank WendtDirector, Management ConsultingT: +41 44 249 27 41e: [email protected] Fabian WinterbergSenior Manager, Internal Audit, Risk & Compliance ServicesT: +41 44 249 33 10e: [email protected]

André ZempPartner, Management ConsultingT: +41 44 249 31 21e: [email protected] Luka ZupanDirector, Head Internal Audit,Risk & Compliance ServicesT: +41 44 249 45 32e: [email protected]

editorCarmen BorgesSenior ManagerMarketing & CommunicationsT: +41 44 249 20 51e: [email protected]

kpmg.ch

Documents

Assure Magazine - October 2012