The Sarbanes-Oxley Act of 2002 missed something. The Public Company Accounting Reform and Investor Protection Act of 2002 did not include, as it relates to “Investor Protection,” the elimination of the CEO’s ability to become both the CEO and Chairman of the Board of Directors. Want to protect shareholders from White Collar Crime? Separate the two roles. Why separate the two roles? One accounting principle has a lot to say about it, separation of duties. To better understand why these roles should be separated, an understanding of corporate governance is appropriate.
Executive Board vs. Supervisory Board
All publicly held companies in the U.S. have two distinct boards: The Executive Board and The Supervisory Board.
The Executive Board is comprised of Officers such as the Chief Executive Officer (CEO), the Chief Financial Officer (CFO), the Chief Information Officer (CIO), and the Chief Operations Officer (COO), to name a few, to handle the day-to-day operations of a company.
The Supervisory Board is comprised of the Board of Directors, which is a body of elected or appointed persons who oversee the activities of a company. When the CEO is also the Chairman of the Board, the individual is now given the two most powerful and influential roles of a company. This creates little to no accountability that is internal to the company, only external i.e. Government Regulations. Although the individual is accountable to the shareholders, what can the shareholders do after the fact? By then, the CEO/Chairman has already moved on to the next company.
CEO Compensation Is Decided By The Board
Just think, if you are the CEO of a company, who determines your compensation? Well, if you guessed the Board of Directors, you are correct. See the problem yet? When the CEO is also the Chairman of the Board, the CEO has great power and influence when it comes to determining their salary, stock options, and overall compensation. If the Chairman is deciding the total compensation of the CEO, the hands of the shareholders’ are tied.
A Closer Look At A CEOs Total Compensation
Former CEO of AIG William McGuire is an example of a CEO that was not the Chairman of the Board. In 2005, McGuire received for one year, $128,400,000 in total compensation.
That’s:
$10,400,000 per month (12 months per year), or
$2,418,605 per week (4.3 weeks per month) or
$60,465 an hour (40 hour work week)
The number that astounds most is that the CEO made over 60k an hour. At over 60k an hour, that’s more than the average American’s annual household income. Can you imagine what this CEO’s total compensation might have been had he been both the CEO and Chairman of the Board? If the roles are split and the Board of Directors believes the total compensation is excessive, at that point they have the authority to change the CEO’s compensation instead of having their hands tied by the Chairman if the individual is also the CEO. Boards do vote on issues but one thing is undeniable, the Chairman has a substantial amount of influence.
Companies Where CEO Is Also Chairman
What do the following companies have in common? AIG, GM, and Chrysler…they’re all in financial trouble. What else do they have in common? They have CEOs who are also the Chairman of the Board. The list goes on as far as companies that do not split the roles of the CEO and the Chairman of the Board.
Stats: Europe
Let’s take a closer look at Europe. In Britain, 95% of companies have the roles split. A survey completed by Christian & Timbers showed that 97% of European executives believed that the CEO should not be the Chairman of the Board. To note, shareholder returns were reduced by 5% in companies that split the roles. In America, only about 20% of companies have the roles split and some 85% of executives believed the roles should be split. Although the Company’s returns may be lower, the one thing shareholders should be thinking is:
At least the Company is not going bankrupt as a result of Corporate Governance Breakdown.
Solution: to create more accountability and establish an atmosphere of Corporate Governance, separate the role of the CEO and the Chairman of the Board.
About the Author:
Paul Gillett is an auditing consultant and author. If you would like more information on auditing solutions, go to: http://auditsolutions.blogspot.com or email: phgillett@hotmail.com. You may reprint this article electronically or as a hard copy as long as the author's resource box remains intact, with the active links included.
Friday, November 14, 2008
Tuesday, November 4, 2008
The Best CEO Insurance Plan
Credentials Don’t Solve Business Problems, Problem-Solvers Do
Some of the smartest people you meet may have credentials, and some may not have credentials. How many times have you met someone who has a degree/credential in one area, but is working in the complete opposite field? A hundred years ago, higher levels of education were available to the rich, predominantly. In today’s corporate arena, it is almost unheard of to hire someone that has no college degree. This shift has caused individuals to seek out degrees instead of learning how to solve real-life problems in the business world.
Some of the smartest “business decision-makers” have little or no credentials. Many of these are small business owners that are solving real business problems on a daily basis without the ‘latest and greatest’ credentials offered by the professional world. Just how important are the small business owners? The statistics give a more accurate depiction of this point. Consider the Small Business Administration’s statistic on private firms; small businesses provide jobs for over half of the nation’s private workforce, and small businesses are job creators accounting for over 99% of all firms (www.sba.gov).
Just think in your own mind, how many of those small business owners have great and recognized degrees/credentials. Most of the successful small business owners I know have no credentials and are well off. When hiring someone, it is not always best to hire someone that has the credentials, rather, hire someone that can solve real business problems and offers solutions.
Hire problem-solvers!
Mistake: Not Hiring Out Of The Box Thinkers
This point holds especially true when a business needs to grow. Don’t get me wrong though, all growing companies will need in-the-box thinkers to handle the monotonous tasks that need to be completed in everyday business activities. However, most often overlooked by hiring managers are the out-of-the-box thinkers that cannot only perform the job required, but a step further as well. A step further says that when business is transacted, all business activity is subject to improving upon. In our global economy, growing businesses cannot afford to ignore improving upon the company’s pre-existing business model. For example: an out-of-the-box thinker, in the course of their work would say, “wait a minute, there is a better way to handle this situation when it arises again…” instead of saying, “well, that’s not my job and I’m not paid to think about how to improve this business, it’s not my responsibility.” Most people that think like this feel like they have no duty to improve the business because improving the business will do them no good. On the contrary, I have worked in a company where good ideas are recognized and rewarded with compensation in the form of a bonus.
HR may assist in the administration of hiring, but only you know what and who is the best fit to obtain the position, and my guess, it’s the person that sees beyond their own box.
Management By Walking Around
Managers/Owners of a business can greatly benefit by this style: managing by walking around. Do a lot of professionals know about this style? Yes. Is it practiced as much as it should? Probably not. The most likely reason is because managers may think, ‘since the business world has gone mostly to electronic communication, walking around and giving “face-time” is inefficient and time consuming so why not send out a mass email to those that work under me?” Thinking this way will not only make your clients feel neglected and as if your time is more valuable than theirs, it will also create an environment of less accountability because you’re never seen by your employees.
In the long run, ignoring employees will yield unhappy employees.
Unhappy employees will yield no passion for their work.
No passion for their work will yield poor work product.
Poor work product will eventually lead to the downfall of the company.
No company means, no job and no paycheck. Trying to please everyone is impossible, but managing by walking around sure does help.
Solution: come out from behind the keyboard and at a minimum, be “seen” by employees and customers. For greatness to be achieved, management must provide an environment of greatness.
Some of the smartest people you meet may have credentials, and some may not have credentials. How many times have you met someone who has a degree/credential in one area, but is working in the complete opposite field? A hundred years ago, higher levels of education were available to the rich, predominantly. In today’s corporate arena, it is almost unheard of to hire someone that has no college degree. This shift has caused individuals to seek out degrees instead of learning how to solve real-life problems in the business world.
Some of the smartest “business decision-makers” have little or no credentials. Many of these are small business owners that are solving real business problems on a daily basis without the ‘latest and greatest’ credentials offered by the professional world. Just how important are the small business owners? The statistics give a more accurate depiction of this point. Consider the Small Business Administration’s statistic on private firms; small businesses provide jobs for over half of the nation’s private workforce, and small businesses are job creators accounting for over 99% of all firms (www.sba.gov).
Just think in your own mind, how many of those small business owners have great and recognized degrees/credentials. Most of the successful small business owners I know have no credentials and are well off. When hiring someone, it is not always best to hire someone that has the credentials, rather, hire someone that can solve real business problems and offers solutions.
Hire problem-solvers!
Mistake: Not Hiring Out Of The Box Thinkers
This point holds especially true when a business needs to grow. Don’t get me wrong though, all growing companies will need in-the-box thinkers to handle the monotonous tasks that need to be completed in everyday business activities. However, most often overlooked by hiring managers are the out-of-the-box thinkers that cannot only perform the job required, but a step further as well. A step further says that when business is transacted, all business activity is subject to improving upon. In our global economy, growing businesses cannot afford to ignore improving upon the company’s pre-existing business model. For example: an out-of-the-box thinker, in the course of their work would say, “wait a minute, there is a better way to handle this situation when it arises again…” instead of saying, “well, that’s not my job and I’m not paid to think about how to improve this business, it’s not my responsibility.” Most people that think like this feel like they have no duty to improve the business because improving the business will do them no good. On the contrary, I have worked in a company where good ideas are recognized and rewarded with compensation in the form of a bonus.
HR may assist in the administration of hiring, but only you know what and who is the best fit to obtain the position, and my guess, it’s the person that sees beyond their own box.
Management By Walking Around
Managers/Owners of a business can greatly benefit by this style: managing by walking around. Do a lot of professionals know about this style? Yes. Is it practiced as much as it should? Probably not. The most likely reason is because managers may think, ‘since the business world has gone mostly to electronic communication, walking around and giving “face-time” is inefficient and time consuming so why not send out a mass email to those that work under me?” Thinking this way will not only make your clients feel neglected and as if your time is more valuable than theirs, it will also create an environment of less accountability because you’re never seen by your employees.
In the long run, ignoring employees will yield unhappy employees.
Unhappy employees will yield no passion for their work.
No passion for their work will yield poor work product.
Poor work product will eventually lead to the downfall of the company.
No company means, no job and no paycheck. Trying to please everyone is impossible, but managing by walking around sure does help.
Solution: come out from behind the keyboard and at a minimum, be “seen” by employees and customers. For greatness to be achieved, management must provide an environment of greatness.
Friday, October 17, 2008
Top 10 Good Things About Fraud
(Fraud refers to Financial Fraud)
Exposing Fraud, Deters Fraud
One mistake management can make is to not let the fraud out into the light. When a fraud is swept under the rug, no one learns: not management, not the employees, and surely not the general public. Though some frauds are best kept with a tight lid, most need to be exposed so that every level of management is on the same page and can then keep key decision makers aware of how to deter the same fraud from occurring again. History will definitely repeat itself if individuals know what and how to overcome weakness in a Company’s internal controls.
Exposing a fraud is smart (see the statistic below on employees), as long as the Company changes how they conduct their business to help overcome future fraud from happening in that specific area.
An Experienced Auditor Can Detect & Expose
In a 1998 KPMG Fraud Survey of 5,000 U.S. companies (note: multiple responses given), 43% of the time the fraud was discovered by an Internal Auditor. As a result of a boom in fraudulent activity around the time of Enron and WorldCom, Auditors Internal and External to a Company have spent a great deal of time acquiring education and training so that they are aware of what to look for. The result, a reduction in securities fraud and white collar ‘cooking the books.’
Fraud Audits…Gives Assurance To Senior Management
Senior Management should have a better nights rest when they know that they have professionals continually searching for fraudulent activity. Enough said, Fraud Audits are highly recommended.
Forces Management To Take Action To Prevent The Big One
Management, do not waste time, Take Action, Take Action, Take action…Now! If you are willing to be at the helm when the big one occurs, you may find yourself extremely disappointed and even more serious, indicted. SOX is not an overlooked piece of legislation. Just research the fate of Bernard Ebbers of Worldcom who became their CEO before they went public in 1989 and remained until the Company fell apart years later.
Forces Management To Re-assess Internal Controls
Internal Controls are never perfect when they are initially put into place. Even if they were perfect, if your business or Company grows, the Company’s infrastructure will be constantly changing, therefore, warranting you to re-assess internal controls. Not re-assessing internal controls is like never changing your ATM card’s PIN. Eventually someone will figure out a loophole, one thing leads to the next and now your identity is stolen. Not re-assessing in a changing world…not the best move.
When The General Public Is Informed…A Company’s Greatest Weapon Is Informed
In the KPMG survey mentioned above, notification by employees accounted for 58% of all frauds discovered. When a fraud takes place, employees that are not involved have nothing to fear, they have only to gain if they are the ones that uncover or expose the fraud. In the Worldcom fraud, the Vice President of Internal Audit, Cynthia Cooper, was the whistleblower that went to the Audit Committee about the Company’s phony bookkeeping. Most may not know this but Eugene Morse was the Internal Auditor that uncovered the fraud. To note, Ms. Cooper receives in upwards of $25,000 per speaking event. I personally heard her speak at a college and thought of how amazing it was to see how much pressure there is on a person when the fraud was in the neighborhood of $3.8 billion. She explained that a few different times, people wondered if she should be held accountable to a degree because she was in the upper echelons of Company management.
Fraud Damage Is Difficult To Measure, Internal Controls Are Not
I once performed a fraud audit where I knew the perpetrator stole much more than I could prove, but also knew, ‘it’s not what I think, but what I can prove.’ Who really knows how much was stolen in that two-year period, the individual did, but as mentioned, it could not be proven or measured.
In contrast, internal controls can be measured because they are written down and documented thoroughly with plenty of time to prepare, test, measure, and re-measure.
Early Warning Sign For Stockholders
This point is self-explanatory. Stockholders generally have much to lose and less to gain from fraudulent activity in a Company but at least if they are well informed, they will be better equipped to make the decision to sell or continue to hold.
Makes You More Proactive, Not Reactive
Once a fraud takes place, who wants to see it’s ugly face again? I know of a Company that would literally wait until something bad would happen or the government forced them to make a change, before a change in policy occurred. Their reasoning? They didn’t want the upfront costs. Not being proactive, later cost the Company a high dollar figure and holds a record for the largest recorded fraud in a specific type of business. Though I will know mention the Company’s name, I can say it definitely taught me that history will repeat in the absence of proactive behavior.
“Catch Me If You Can” And Frank Abagnale
If you haven’t watched this movie, you may find it interesting and entertaining. The movie is based on a true story of a man named Frank Abagnale who committed various financial frauds. Mr. Abagnale is a living example of how fraud can be a good thing. Yes he was involved in illegal activity but he now has hundreds of references and clients (former and present) that have made him financially successful, as well as taught millions of people how you can turn fraud into a teaching and learning exercise.
Just do a search online of Mr. Abagnale and you will see how he has turned a fraud into a “Good Thing.”
About the Author:
Paul Gillett is an auditing consultant and author. If you would like more information on auditing solutions, click this link: audit solutions and post a comment or email:phgillett@hotmail.com. You may reprint this article electronically or as a hard copy as long as the author's resource box remains intact, with the active links included.
Exposing Fraud, Deters Fraud
One mistake management can make is to not let the fraud out into the light. When a fraud is swept under the rug, no one learns: not management, not the employees, and surely not the general public. Though some frauds are best kept with a tight lid, most need to be exposed so that every level of management is on the same page and can then keep key decision makers aware of how to deter the same fraud from occurring again. History will definitely repeat itself if individuals know what and how to overcome weakness in a Company’s internal controls.
Exposing a fraud is smart (see the statistic below on employees), as long as the Company changes how they conduct their business to help overcome future fraud from happening in that specific area.
An Experienced Auditor Can Detect & Expose
In a 1998 KPMG Fraud Survey of 5,000 U.S. companies (note: multiple responses given), 43% of the time the fraud was discovered by an Internal Auditor. As a result of a boom in fraudulent activity around the time of Enron and WorldCom, Auditors Internal and External to a Company have spent a great deal of time acquiring education and training so that they are aware of what to look for. The result, a reduction in securities fraud and white collar ‘cooking the books.’
Fraud Audits…Gives Assurance To Senior Management
Senior Management should have a better nights rest when they know that they have professionals continually searching for fraudulent activity. Enough said, Fraud Audits are highly recommended.
Forces Management To Take Action To Prevent The Big One
Management, do not waste time, Take Action, Take Action, Take action…Now! If you are willing to be at the helm when the big one occurs, you may find yourself extremely disappointed and even more serious, indicted. SOX is not an overlooked piece of legislation. Just research the fate of Bernard Ebbers of Worldcom who became their CEO before they went public in 1989 and remained until the Company fell apart years later.
Forces Management To Re-assess Internal Controls
Internal Controls are never perfect when they are initially put into place. Even if they were perfect, if your business or Company grows, the Company’s infrastructure will be constantly changing, therefore, warranting you to re-assess internal controls. Not re-assessing internal controls is like never changing your ATM card’s PIN. Eventually someone will figure out a loophole, one thing leads to the next and now your identity is stolen. Not re-assessing in a changing world…not the best move.
When The General Public Is Informed…A Company’s Greatest Weapon Is Informed
In the KPMG survey mentioned above, notification by employees accounted for 58% of all frauds discovered. When a fraud takes place, employees that are not involved have nothing to fear, they have only to gain if they are the ones that uncover or expose the fraud. In the Worldcom fraud, the Vice President of Internal Audit, Cynthia Cooper, was the whistleblower that went to the Audit Committee about the Company’s phony bookkeeping. Most may not know this but Eugene Morse was the Internal Auditor that uncovered the fraud. To note, Ms. Cooper receives in upwards of $25,000 per speaking event. I personally heard her speak at a college and thought of how amazing it was to see how much pressure there is on a person when the fraud was in the neighborhood of $3.8 billion. She explained that a few different times, people wondered if she should be held accountable to a degree because she was in the upper echelons of Company management.
Fraud Damage Is Difficult To Measure, Internal Controls Are Not
I once performed a fraud audit where I knew the perpetrator stole much more than I could prove, but also knew, ‘it’s not what I think, but what I can prove.’ Who really knows how much was stolen in that two-year period, the individual did, but as mentioned, it could not be proven or measured.
In contrast, internal controls can be measured because they are written down and documented thoroughly with plenty of time to prepare, test, measure, and re-measure.
Early Warning Sign For Stockholders
This point is self-explanatory. Stockholders generally have much to lose and less to gain from fraudulent activity in a Company but at least if they are well informed, they will be better equipped to make the decision to sell or continue to hold.
Makes You More Proactive, Not Reactive
Once a fraud takes place, who wants to see it’s ugly face again? I know of a Company that would literally wait until something bad would happen or the government forced them to make a change, before a change in policy occurred. Their reasoning? They didn’t want the upfront costs. Not being proactive, later cost the Company a high dollar figure and holds a record for the largest recorded fraud in a specific type of business. Though I will know mention the Company’s name, I can say it definitely taught me that history will repeat in the absence of proactive behavior.
“Catch Me If You Can” And Frank Abagnale
If you haven’t watched this movie, you may find it interesting and entertaining. The movie is based on a true story of a man named Frank Abagnale who committed various financial frauds. Mr. Abagnale is a living example of how fraud can be a good thing. Yes he was involved in illegal activity but he now has hundreds of references and clients (former and present) that have made him financially successful, as well as taught millions of people how you can turn fraud into a teaching and learning exercise.
Just do a search online of Mr. Abagnale and you will see how he has turned a fraud into a “Good Thing.”
About the Author:
Paul Gillett is an auditing consultant and author. If you would like more information on auditing solutions, click this link: audit solutions and post a comment or email:phgillett@hotmail.com. You may reprint this article electronically or as a hard copy as long as the author's resource box remains intact, with the active links included.
Saturday, September 20, 2008
Ready, Fire, Aim
Expedite the Internal Audit
When you are assigned a new audit, what are some of the first things that come to mind? Most likely the word Planning comes to mind, and most Audit Departments love spending time with the traditional planning approach…
Ready (preliminary preparation and planning)
Aim (more brainstorming and planning)
Fire (performing the activity)
You say, “what does the title of this article mean?” In this article, you will find information about the Ready, Fire, Aim approach that can be used with new audits.
When you have the right tools, Just Go
Imagine being lost in a forest and you are only handed a compass and only know that you are supposed to head north, you must be out of the forest in 24 hours, and you cannot see beyond 50 feet. Since you cannot see more than 50 feet in front of you, the best thing to do would be to start walking north and deal with obstacles as they come. If you just stand there and wonder where the obstacles are, you run the risk that you spend too much time planning, and not enough time walking (otherwise stated, spending too much time and resources getting ready and aiming). Obstacles such as ravines, cliffs, and rapidly flowing rivers, cannot be known until you start walking north. Then, when the obstacle is reached, you will need to make the proper adjustments (to scope) depending on what you ‘find.’
The reason for the Ready, Fire, Aim approach is that many times a “new” audit shows up on the Audit Schedule, the individual performing the audit, no matter the experience or credentials achieved, cannot know precisely what the problem areas are until some work is complete. Just like in the forest, you must first begin walking before you identify the problem areas/obstacles. This is not to say that no planning should go into an audit, rather, once some basic plans are mapped out, start heading in that direction.
In order to be successful using the Ready, Fire, Aim approach, you will need to think of the Audit Program as a “continuous” Audit Program. What I mean by this is, start out in a known higher-risk area of the auditable entity (interview management in this area) and then, more times than not, you will start to have a better idea of what is most important to the audit vs. just writing the Audit Program and beginning your sampling. By using the “continuous” Audit Program approach, the scope will reveal itself rather than spending value time and resources determining what the scope should be. In addition, if all your time is spent planning, what time will you have when you need to develop audit findings? Probably none. If you have no time to develop audit findings, you will have no time to make sound and profitable audit recommendations.
I have had some of the best scope changes take place as a result of interviewing management first. If management is cooperative with Internal Audit, many times you will extract “problem areas” and find that your initial risk assessment may have been off. And what Auditor wants to admit they missed a particular area with significant audit findings. No Audit Program should be set in stone. In a “continuous” Audit Program is where the most significant audit findings exist, as you will be more capable to adjust the scope and adapt as the audit progresses. What is “value-added” about a program that is set in stone? Although you are giving assurance based on what was tested, it’s what is not tested because the Audit Program is set in stone that should make you wonder.
If you have been assigned an audit of an area that has never been audited and your supervisor asks you how the audit is going, which answer would you rather have?
1) “I’ve been planning the audit for several days but I’m almost done with the planning phase and will begin interviewing management and testing really soon.”
or
2) “I’ve started the audit by outlining a few key areas to focus in on, and after interviewing two different managers, I was able to obtain valuable information from them that has helped me determine areas of higher risk that I previously did not consider. In addition, I do see the likelihood of audit findings with recommendations as a result.”
If YOU cannot perform an audit efficiently and expeditiously, how are YOU (and the Internal Audit Department) going to have a leg to stand on when you’re recommending another Department/Division perform their work more efficiently and expeditiously? This simply will not work because the Internal Audit Department will be viewed by Senior Management as a “hypocrite” Department. Essentially, the Internal Audit Department will have shot itself in the foot because they are not practicing what they preach.
One of the first mistakes I made as a new auditor was over-plan. Over-planning, I’ve found, is the enemy of progress. If, before the game or during the game a basketball player plans all of his shots that he wants to take, but takes none of them, the results on the ESPN highlights board will be an obvious, Zero Points! for that basketball player.
In-depth planning is for the Annual Risk-Assessment process that involves, audit staff, senior-level Internal Audit Management and Senior Management (and of course the approval of the Audit Committee). Over-planning is the enemy of progress.5
A majority of employees of a company fall into two categories:
In-the-box thinker:
In-the-box thinkers are the death of sound audit recommendations and profitable business solutions because they don’t see beyond the micro-view of what they are doing. When this type of thinker is performing work, they cannot see outside of their own box, therefore, they are not visionary minded. Instead, they are the employees that are paid to do precisely one job and that job only. No significant business recommendations come out of this group of thinkers.
Out-of-the-box thinkers that just Go:
Internal Auditors should be out-of-the-box thinkers. What do companies like Google, Home Depot, Meijer, and Walmart have in common? All of their founders were visionaries. Google, the largest and most popular search engine in the U.S. Home Depot, the #1 in their industry and #2 of all retailers in size. Meijer, who pioneered the supercenter concept, and last but not least, Walmart, the #1 retailer in the world. None of these companies have non-visionaries at the helm.
Recommendations by nature are out-of-the-box suggestions and opinions that promote profitable change and keep the business a “going concern.” However, the above information is not based on opinion, rather, first-hand experience, as I have tested this approach out many times on brand new audits. IT DOES WORK!
My Solution to be an Expeditious Internal Auditor: Ready, Fire, Aim! … in that order.
Try this approach and you will not only get the most important business issues identified quicker, but the positive results of taking these actions will be felt sooner.
About the Author:
Paul Gillett is an auditing consultant and author. If you would like more information on auditing solutions, click this link: audit solutions and post a comment or email:phgillett@hotmail.com. You may reprint this article electronically or as a hard copy as long as the author's resource box remains intact, with the active links included.
When you are assigned a new audit, what are some of the first things that come to mind? Most likely the word Planning comes to mind, and most Audit Departments love spending time with the traditional planning approach…
Ready (preliminary preparation and planning)
Aim (more brainstorming and planning)
Fire (performing the activity)
You say, “what does the title of this article mean?” In this article, you will find information about the Ready, Fire, Aim approach that can be used with new audits.
When you have the right tools, Just Go
Imagine being lost in a forest and you are only handed a compass and only know that you are supposed to head north, you must be out of the forest in 24 hours, and you cannot see beyond 50 feet. Since you cannot see more than 50 feet in front of you, the best thing to do would be to start walking north and deal with obstacles as they come. If you just stand there and wonder where the obstacles are, you run the risk that you spend too much time planning, and not enough time walking (otherwise stated, spending too much time and resources getting ready and aiming). Obstacles such as ravines, cliffs, and rapidly flowing rivers, cannot be known until you start walking north. Then, when the obstacle is reached, you will need to make the proper adjustments (to scope) depending on what you ‘find.’
The reason for the Ready, Fire, Aim approach is that many times a “new” audit shows up on the Audit Schedule, the individual performing the audit, no matter the experience or credentials achieved, cannot know precisely what the problem areas are until some work is complete. Just like in the forest, you must first begin walking before you identify the problem areas/obstacles. This is not to say that no planning should go into an audit, rather, once some basic plans are mapped out, start heading in that direction.
In order to be successful using the Ready, Fire, Aim approach, you will need to think of the Audit Program as a “continuous” Audit Program. What I mean by this is, start out in a known higher-risk area of the auditable entity (interview management in this area) and then, more times than not, you will start to have a better idea of what is most important to the audit vs. just writing the Audit Program and beginning your sampling. By using the “continuous” Audit Program approach, the scope will reveal itself rather than spending value time and resources determining what the scope should be. In addition, if all your time is spent planning, what time will you have when you need to develop audit findings? Probably none. If you have no time to develop audit findings, you will have no time to make sound and profitable audit recommendations.
I have had some of the best scope changes take place as a result of interviewing management first. If management is cooperative with Internal Audit, many times you will extract “problem areas” and find that your initial risk assessment may have been off. And what Auditor wants to admit they missed a particular area with significant audit findings. No Audit Program should be set in stone. In a “continuous” Audit Program is where the most significant audit findings exist, as you will be more capable to adjust the scope and adapt as the audit progresses. What is “value-added” about a program that is set in stone? Although you are giving assurance based on what was tested, it’s what is not tested because the Audit Program is set in stone that should make you wonder.
If you have been assigned an audit of an area that has never been audited and your supervisor asks you how the audit is going, which answer would you rather have?
1) “I’ve been planning the audit for several days but I’m almost done with the planning phase and will begin interviewing management and testing really soon.”
or
2) “I’ve started the audit by outlining a few key areas to focus in on, and after interviewing two different managers, I was able to obtain valuable information from them that has helped me determine areas of higher risk that I previously did not consider. In addition, I do see the likelihood of audit findings with recommendations as a result.”
If YOU cannot perform an audit efficiently and expeditiously, how are YOU (and the Internal Audit Department) going to have a leg to stand on when you’re recommending another Department/Division perform their work more efficiently and expeditiously? This simply will not work because the Internal Audit Department will be viewed by Senior Management as a “hypocrite” Department. Essentially, the Internal Audit Department will have shot itself in the foot because they are not practicing what they preach.
One of the first mistakes I made as a new auditor was over-plan. Over-planning, I’ve found, is the enemy of progress. If, before the game or during the game a basketball player plans all of his shots that he wants to take, but takes none of them, the results on the ESPN highlights board will be an obvious, Zero Points! for that basketball player.
In-depth planning is for the Annual Risk-Assessment process that involves, audit staff, senior-level Internal Audit Management and Senior Management (and of course the approval of the Audit Committee). Over-planning is the enemy of progress.5
A majority of employees of a company fall into two categories:
In-the-box thinker:
In-the-box thinkers are the death of sound audit recommendations and profitable business solutions because they don’t see beyond the micro-view of what they are doing. When this type of thinker is performing work, they cannot see outside of their own box, therefore, they are not visionary minded. Instead, they are the employees that are paid to do precisely one job and that job only. No significant business recommendations come out of this group of thinkers.
Out-of-the-box thinkers that just Go:
Internal Auditors should be out-of-the-box thinkers. What do companies like Google, Home Depot, Meijer, and Walmart have in common? All of their founders were visionaries. Google, the largest and most popular search engine in the U.S. Home Depot, the #1 in their industry and #2 of all retailers in size. Meijer, who pioneered the supercenter concept, and last but not least, Walmart, the #1 retailer in the world. None of these companies have non-visionaries at the helm.
Recommendations by nature are out-of-the-box suggestions and opinions that promote profitable change and keep the business a “going concern.” However, the above information is not based on opinion, rather, first-hand experience, as I have tested this approach out many times on brand new audits. IT DOES WORK!
My Solution to be an Expeditious Internal Auditor: Ready, Fire, Aim! … in that order.
Try this approach and you will not only get the most important business issues identified quicker, but the positive results of taking these actions will be felt sooner.
About the Author:
Paul Gillett is an auditing consultant and author. If you would like more information on auditing solutions, click this link: audit solutions and post a comment or email:phgillett@hotmail.com. You may reprint this article electronically or as a hard copy as long as the author's resource box remains intact, with the active links included.
Subscribe to:
Posts (Atom)
