As Seen in CFO Studio Magazine Q2 2017 Issue
-BY JULIE BARKER-
KENNETH A. JOHNSON, THE CFO OF THE SEC, WILL NEVER OUTGROW HIS CONCERNS ABOUT AUDIT REPORTS
Looking back, 2010 was a watershed year inside the U.S. Securities and Exchange Commission, when multiple shifts occurred that etched a fault line and established a new era. In the aftermath of the financial crisis where some $9 trillion was lost by U.S. homeowners alone, the SEC was on the hot seat to make sure nothing of the sort happened again. To aid in its role of protecting investors from fraud, the agency reorganized its inspection unit. In addition, the SEC geared up to implement and enforce the many provisions of a bill enacted that July, the Dodd-Frank Wall Street Reform and Consumer Protection Act. And its Office of Financial Management named a new chief financial officer: Kenneth A. Johnson.
With a weighty mandate — to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation — and a rapidly evolving financial world of split-second trades and complex investment vehicles to oversee, the SEC needed strong internal controls so its probity would be unquestionable and distractions from its mission minimal. The CFO’s office constructs those controls and monitors their effectiveness. The effort Johnson, 43, puts into this area is similar to the pains a private sector CFO takes to manage risk and ensure the company’s continued impact and integrity. However, Johnson cannot ever lose sight of the fact that the SEC operates for the good of the public and it is entirely the public’s money that is being risked. So while every company and federal agency needs to follow relevant laws and regulations, “It’s perfectly appropriate for the public to expect that we would have strong internal controls, given our role,” says Johnson.
In 2010, the SEC was performing less than spectacularly in this regard. The Government Accounting Office (GAO), which conducts annual audits of the SEC’s financial statements, had found six “significant deficiencies that collectively represent a material weakness” in its 2008-2009 audit. Small wonder that on taking office, Johnson focused on the need to beef up internal controls.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. — Public Company Accounting Oversight Board
“We’re not looking to hide things, not looking to hope they’ll go away, but really trying to deal with things forthrightly,” says Johnson in an interview with CFO Studio magazine from his office in Washington, D.C.
In 2011, there were no material weaknesses discovered. Johnson remembers his elation. “We were working hard to try to remediate [two material weaknesses from the year before],” he says.
One of those GAO-cited faults regarded the agency’s financial reporting and accounting processes, reflecting the need for tightened controls in areas such as fees collected and enforcement penalties. The other material weakness related to the design and operation of the SEC’s information security and other system controls.
“I remember the day when we heard from our auditors that we had no material weaknesses. That was more than we dared hope for in 2011, and to have reached it was a big milestone,” says Johnson. However, four “significant deficiencies” were detailed in that FY2011 report — including information security, which the SEC tackled with stronger staffing and a series of key investments.
Johnson and his team focused on continually improving controls. The SEC has been investing in its financial systems, and sometimes adjusting a policy or procedure, or introducing a less onerous series of steps to reach the same objective. A branch inside the SEC’s Office of Financial Management was created and tasked with assessing whether the internal controls operate as designed, and whether they operate effectively.
The work has paid off: In FY2015, the GAO found no significant issues at all.
That said, Johnson notes that a couple of big fixes are still needed. Money is in the FY2017 budget request for technology to digitize the process when the agency collects fees from the registration of new securities — such as in conjunction with an IPO—and must track them. An even more time-consuming process ensues when the Enforcement division wins a judgment and the SEC collects payments. “We have to track that [penalty] money as a receivable. Maybe that money’s going to Treasury, maybe it’s going to investors, but we have to make sure we’re recording that receivable on a timely basis, … apply payments to the right receivable, and help manage the distributions,” says Johnson. “There’s a very involved process and we’ve started developing a new system to manage that more efficiently.”
Mr. Johnson Goes to Washington
In October 2016, the Office of the Inspector General reported to SEC Chair Mary Jo White that financial management was no longer one of the agency’s key challenge areas. The office’s CFO, however, can’t stop fixating on internal controls; nor can most CFOs. But Johnson is not an accountant by training and “never envisioned” that he was “aiming to be a chief financial officer.”
Ken Johnson grew up in Houston, did his undergrad work in American Studies at Stanford University, and then, in 1995, went to work for the mayor of San Jose, CA, in the budget office. “That was a great education in the importance of budgets: There’s very little that a government does that doesn’t cost money. So, if you understand the money, you can understand how a government works or how an organization works. It’s also a good lesson in [how] you have to make a budget work. Numbers are not forgiving. You have to make some difficult and practical decisions.”
In 1998, Johnson left the West Coast to get his public policy degree at Harvard University’s John F. Kennedy School of Government. Hired by the Congressional Budget Office (CBO) in Washington, D.C., he analyzed the impact that a given bill would have on the federal budget, producing pages of dissection to support the advice CBO delivers to Congress. From there he moved to the SEC and worked on its budget. He became a Chief Management Analyst for the SEC in 2006, and helped develop the agency’s long-range strategic plan. In that role he also spent time on HR and Information Technology. “A theme through that [career trajectory] was a real interest in budgeting and following the money,” he says. “But I don’t think I actually ever once thought about the idea of landing a CFO position. I was really just hopping from one lily pad to the next, looking for the next opportunity that interested me.”
Furthering the SEC’s Effectiveness
Under Johnson, investment in technology has grown. In FY2011, the SEC’s budget requested $57 million for IT enhancements. For FY2017, the agency has requested $106 million. He says technology, and particularly data analytics, is a “force multiplier for us.” He ticks off three main uses: to uncover fraud, to inform policy making, and to “make sure we know what’s going on in the industry.” The industry includes the 28,000 or so key participants in the securities world.
Data analytics boosts the SEC’s investigative capabilities, helping in an insider trading case “to figure out who called whom when, and to follow the chain of who might have tipped whomever off. That used to take weeks and it was a manual staff effort,” says Johnson.
Like many agencies — and indeed many companies — the SEC tried to engineer case-by-case technology solutions to meet its needs over the years. Today, big-picture thinking is more the norm. The agency has been putting in place common platforms for many of the two dozen divisions and offices. “Those systems can talk to each other much more easily, so it makes us much less stovepiped,” he says.
What Johnson calls his biggest challenge, however, is not tamable: the fact that the agency goes “two, three, four months into the year before we know how much money is available to support our operations. That is a very difficult thing to manage around,” he says.
He enjoys working with Congress and answering legislators’ questions on budget priorities. Part of what he likes about his job is that it exercises both “the liberal arts and the numbers side” of his brain. “You need to understand numbers deeply, but you also need to be able to make cogent arguments… You need to be able to lead in poetry and in prose, work collaboratively with people across a lot of different topic areas. I really like that variety,” he says. And when he finds a problem and can do something about it, “I feel like I can make a difference, and that’s pretty cool,” Johnson says.
Two current initiatives include improving the systems for the enforcement and examination programs and redesigning the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system for automatic forms submission. Another item the SEC has tackled involves rulemaking to implement financial and securities-related legislation. The agency’s goal is to think more holistically about how a given rule might affect the various participants in the markets. More so than in the past, “we have our economists at the ground floor of a rulemaking,” he says, “at the stage when we’re just thinking through the ideas of how to proceed.” With this change, the likelier result is “policies that make economic sense as well as meeting whatever other objectives we have in mind.”
He adds, “Certainly investing in data, and in better tools to analyze that data, help [with that goal], but that story is much more than just a technology story.”
And Johnson is surely smiling. Writing economically sound rules helps maintain fair markets and thus enhances the SEC’s position as a servant of the people. Getting the resources to focus on these areas became possible because the SEC had demonstrated it had the necessary controls in place to successfully manage its resources.