Running Down the Numbers

Business information provider Dun & Bradstreet's (D&B) marketing tagline -- "Decide with Confidence" -- could serve as the motto of its ongoing enterprise risk management (ERM) journey.

The program, which began more than two years ago, now enables the company to:

• Fund risk-mitigation efforts that are better aligned with corporate strategy;
• Refocus internal audit on operational audits (and away from Sarbanes-Oxley trenchwork);
• Deploy risk-management efforts to help lay the groundwork for global expansion;
• Stimulate knowledge and the sharing of governance, risk management, and compliance (GRC) practices throughout the organization; and
• Increase risk management awareness and monitoring from the ground level up to the board of directors.

As with other effective governance, risk management, and compliance initiatives, the source of D&B's ERM success resides in the people who execute the program, the processes they use to do so, and the technology deployed to support these processes.

Restatement as Career Development

"Companies really gain advantages from enterprise risk management when they're able to interface the four risk areas rather than keep them silo-ed," asserts Charles Pavlonis, Dun & Bradstreet's chief risk officer (CRO). "And it really helps to have one leader overseeing each area to ensure the linkages among them."

At D&B, these four risk areas match the areas defined in the COSO ERM framework: strategic risk, operational risk, reporting (financial statement) risk, and compliance risk. Pavlonis notes that his company uses the COSO framework "to get grounded," but also points out that other companies might choose fewer or additional risk areas, depending on their unique needs.

In addition to establishing risk-management processes based on the four buckets of risk COSO identifies, Dun & Bradstreet also designed its organizational structure accordingly -- which is where Pavlonis entered the picture in early 2006.

Prior to joining D&B CRO in September 2006, Pavlonis worked in finance and accounting management positions at advertising holding company Interpublic Group (IPG) and, before that, Mercer (where he was CFO of a global business unit). He came up through public accounting at KPMG. At IPG, Pavlonis worked under Chief Accounting Officer Nick Cyprus, a former Business Finance Influencer honoree and one of the country's leading finance executives.

Cyprus initially hired Pavlonis to head up the company's Sarbanes-Oxley compliance efforts -- a major challenge given that IPG is a conglomerate of 800-plus advertising agencies/fiefdoms around the world. Five months into that effort, however, most of IPG's finance and accounting team dropped what they were doing because errors under previous finance management teams necessitated the restatement of five years of financials.

The challenge sounds massive: The restatement required Pavlonis, who co-led the effort, and his team to reassess the revenue recognition approaches used in more than 20,000 contracts. "There was a lot of high-pressure work that needed to be accomplished in a short amount of time," Pavlonis recalls. "There were many late nights and weekends involved."

Pavlonis and his team finished the restatement in about nine months. Despite the pressure and massive amount of work, he credits the experience with imparting skills that have come in valuable in his current role as CRO.

"It helped me learn how to drive change through a large, disparate organization," he notes. "The industry and the organizational structure created a very difficult environment to work in as a finance executive. No one likes to feel that they have accountability to corporate, and it takes a lot of skill and work to penetrate that mind-set."