Yesterday, I mentioned Goldman Sachs 2009 shareholder letter.

Today, my favorite expert on shareholder letters, Laura Rittenhouse (imagine a cross between a college English professor and an IR wizard – plus, she’s a former SVP of corporate finance), posted her analysis of the letter.

Her conclusion? The letter fails three candor tests … and also gives short shrift to some positive achievements. ###

The big governance news this morning relates to Goldman Sachs.

The Journal and others are buzzing about the eight-page shareholder letter Goldman CEO Lloyd Blankfein and President Gary Cohn wrote within the annual report.

Here’s a link to the letter.

Goldman and its CEO have been very interesting, and very tricky, for me as a GRC researcher.

The company’s risk management capabilities appear worthy of emulation, yet major questions about other business practices (What was the firm’s role in the financial crisis and its aftermath? What was the firm’s role in Greece’s current financial struggles) make me wary of holding their risk management capabilities up as an example of leading practice. Wall Streeters tend to laud Blankfein, while Main Streeters tend to vilify him.

What initially strikes me how many times the word “rare” was used in news reports describing the frequency that Goldman communicates in this way to shareholders.

What strikes you? Please let me know.

In the meantime, I’m reaching out to my governance and IR experts to glean their impressions of what this news may mean from a “G” (governance) and “R” (risk) perspective.

Update: Well, so much for the candor I mentioned in the headline. One of my trusted shareholder letter/IR experts had this quick-hit response after her first read of Goldman’s letter: “The first pages have 100 times more fog than the JP Morgan letter.” ###

I just got off the phone with Approva Vice President Michael Evans.

As we were comparing notes on the state of risk management and compliance, Evans shared some insights he gleaned while attending The Institute of Internal Auditors 2010 General Audit Management Conference.

Actually, Evans has already shared many of the same insights in an “Audit Trail” blog entry, including a rundown of the event’s major themes:

• Theme #1: You Can’t Audit a Business You Don’t Understand

• Theme #2: To Get a Seat at the Table With Executive Management ,You Need to Add Value

• Theme #3: Internal Audit Needs to Shift Focus From What Has Happened to What Will Happen

• Theme #4: Risk Is Top of Mind But Enterprise Risk Management Remains Challenging

• Theme #5: To Reinvent Itself, Internal Audit Must Redeploy Its Resources

Each of those themes has cropped up in my recent conversations with internal auditors as well as IA vendors and consultants.

Of the issues that Evans identifies, I hear the most discussions concerning the need to look ahead (vs. looking back). This marks a challenge that everyone in corporate finance functions also can — or should — relate to. ###

While I still don’t quite understand the intense focus on defining GRC among GRC consultants, analysts, and vendors, this column by Lumigent Technologies President and CEO John Capobianco helped me understand that the motivation behind this focus extends beyond competitive positioning.

Here’s a snippet, one of several passages that contain valuable food for (GRC) thought:

The CGO [chief governance officer] is likely to be more valuable than the CCO simply due to the relationship between compliance and governance. … The CCO’s responsibilities, then, are really the chief financial officer’s job. Once compliance and compliance reporting are under control, the company is in a position to better evaluate, understand, and mitigate risks over time. And those capabilities blend with corporate wellness or corporate governance, which is really focused on making the most out of a business, making it more valuable after taking into account all of the risks, strategies, and reporting. more

Many thanks to OpenPages Vice President of Marketing Gordon Burnes, who carved out time in recent weeks to chat about risk management with me via e-mail.

Our conversation took time to get rolling, with Burnes seeing to business in Brazil and my own Big Bend National Park interruption (Viva Terlingua!). Now that I’ve dried off from a dip in the Rio and survived the attention of a curious javelina, I’m ready to share the first portion of our exchange.

This part of our discussion touches upon risk management’s role as a strategic differentiator, Toyota’s blind spot, and the greening of risk maps… more