Optimum Process Improvement

A pharmaceutical company was engaged in a process improvement program but unfortunately the processes have not been identified following the principles of execution based organizational structure and value chain analysis, moreover they have been identified without a performance context. This means they were not connected to the business systems or business results.

The pharmaceutical company mapped processes based on its functional view of the organization and the process improvement efforts (mostly Six Sigma) were conducted within its few functions over the past two years. These projects had been initiated because there was a willing functional VP sponsor who was a Six Sigma believer. And, the outputs of the processes in question were relatively easy to measure. Also, there had been customer complaints emanating from some of these processes. Some of the improvement projects were defined by the Company personnel seeking certification.

At the same time when these process improvement projects were initiated, a strategy review by the executive management team concluded that the very survival of the company rested on new product development and a redirected and reenergized sales organization.

Looking from the horizontal or value chain view of the Company on top of the functional view of the Company, one could see that the process improvement efforts executed over the past two years were buried in the 'Delivered' segment of the value chain, while, at the same time, there were lost strategic opportunities for process improvement in areas of new product launching and new sales organization.

Identifying processes within a major functional silo can give the illusion of being linked to business results, but the potential for sub-optimization still looms large. Given this fundamental flaw of processes not being linked to business results via the value chain and organization structure as primary processing system, the following are some of the predictable problems with subsequent process improvement efforts:

First, the criterion for selecting processes for improvement is based on staff's particular interest which might be conflicting with specific business priorities. This will cause three unfortunate results: The first result will be that every improvement effort will have the potential to sub-optimize the business. The second result will be missed opportunity. The third result is the waste of time and money resulting from the projects that were being initiated primarily because there was a willing sponsor or just to demonstrate the power of new management concept by experimenting on a safe, but insignificant operation or someone can get his or her Black Belt accreditation due to such projects. The accumulation of a few projects initiated for reasons such as those mentioned above will soon begin to undermine the process improvement efforts.

In the absence of a connection to business results, the process improvement effort gravitates toward irrelevant process improvement goals. The improvement projects tend to get identified, defined, and shaped so as to best apply and demonstrate a particular methodology. It becomes a methodology in search of a project rather than a Critical Business Issue in search of a solution.

Vice president in the pharmaceutical company believed that the procedural level workflow documentation required by various certification efforts, such as ISO and SOX, is what process is all about. Whereas some in the organization thought that process documentations is similar to IT requirements documentation. Although software made it easier to manage documentation required for SOX and other certification, but this led to the delegation of process documentation to techies and clerks. TQM focused on processes as a tool, taking application of the process notion to the sub-process level within the functions and many staff resources were made process owners in silos increasing organizational conflicts and sub-optimisation. The Six Sigma movement proved to be a rigorous, precise, but costly analysis just to address some unimportant problems buried deep in the organization.

In contrast to the issues identified above, if the processes in a process improvement project to be linked to business requirements, process improvement should work as follows:

A process improvement team identifies an emerging or potential process performance problem. This problem is shared upward with the appropriate level of executive management team or perhaps directly with the value chain management team. The executive management team at the appropriate level assesses the significance of the problem identified by the process improvement team, does a preliminary analysis to determine likely causes and the scope of the problem, and, if merited, initiates an improvement project with a higher ROI. The executive management team uses the cross-functional value chain map to track the location and progress of all such performance improvement initiatives, ever vigilant for possible sub-optimization.

Changed Management Assurance

A telecom company adapted not only its product offerings but also its organization structure due to rapid technological changes and change in customer demands. Due to increased pressure of these market enablers, it decided to change its organization structure which eliminated several levels of management and introduced business segment and market region wise management teams. More empowerment and greater decentralization of decision making have been introduced.

Along with its reorganization, it also changed its accounting system. It eliminated its use of annual budgets, replacing them with a system of rolling financial plans and forecasts. The focus was now on activities and how cost-centers consumed financial resources on various activities. Along with rolling forecast, it started to report profit & sales per business segment on a quarterly basis. Local authority levels were increased for financial transactions and spending.

It has broadened its reporting to include a series of Key Performance Indicators (KPIs) that provided non financial measure on customer, finance, employees, internal efficiency, and innovation. The forecasts and KPIs were to form basis of performance evaluation of the business units to be compared with the pre-specified targets as agreed.

The company wanted its risk management efforts to align with above re-organization and adaptations and to answer the following questions: Whether execution is aligned to its new strategy and the changing environment? Whether its management accounting system is functioning and evolving with the change and what risk and trade-off exist within its new reporting & MIS environment. Also, how best it can monitor and track its KPIs.

Risk Management System must support firm's new decision-making and control system instead of adding negative value by thinking in an orthodox way. Internal Audit (IA) function should ensure that the new system is providing quick and accurate information for decentralized decision making. IA should now emphasize on controls related to activities, business segments and KPIs.

Internal Auditor should understand that short term budgets are both planning and control tools. Long term budgets which were used earlier reduce managers' focus on short term performance and primarily used for planning purpose. Line item budget restricts the responsibility of a manager by forcing the manager to make purchases in prescribed amounts. The budget lapsing has benefit of greater control on short term spending. Manager who can control the size of operations should be evaluated based on static budgets; manager who does not control size of operations should be evaluated based on flexible budgets. These understanding will reduce any possible dispute with auditees.

Auditor should understand process of determining values of reporting KPIs and should have knowledge as to who is processing this information, possible conflicts of interests, and inter-dependence & trade-off possibility between various KPIs. It is also a good idea to develop Key Success Factors (KSFs).

Internal Auditor should ensure that the management accounting is facilitating regular follow-up on non-performing activities and management team is diagnosing the root causes and taking appropriate actions on a timely basis.

In other words, Internal Audit function has to think differently in this era of rapid change.

Why Case Studies?

The internal audit has poorly performed as far as communications of findings are concerned. It is not just about creating a fancy presentation or writing executive summaries with punch lines to the reporting authorities. The innovative communication should change the image of internal auditor and internal audit should be looked as an objective consulting group instead of an independent assurance group.

Ponder hard at currently used methods of presenting audit findings and determine whether or not the process unnecessarily focuses on higher management instead of issues at the auditee level. Although one should never minimize findings or neglect ones obligation to report accurately, too many audit shops needlessly drive a wedge between themselves and auditees by presenting findings in a way that belittles the auditee instead of emphasizing the identification of problems, treatment of findings, analysis and presentation as an opportunity to facilitate improvement. In essence, the action plan should anticipate management's response to findings and help turn findings presentation into a constructive process rather than a barrage of criticism.

Internal Auditor should focus on two words: NO SURPRISES. This reduces pressure on the internal audit team. There should be some kind of interim presentation to the auditees about the factual findings to trigger discussions and understanding various options for correction or improvement. It is important to keep auditees informed of the progress of internal audit findings and work along the way. Letting auditee know what we are finding allows them to take action and fix problems while the audit is still in progress.

By resisting the temptation to hoard audit findings until big end-of-audit presentation, the internal audit can make auditees more enthusiastic about the results and the job becomes easier. Innovative communication reduces monitoring and internal audit cost to a great extent.

Case Studies is an effective and innovative way to communicate to the top management and audit committees about the results of internal audit or consulting project in place of executive summary. Consequently, it is recommended that a few issues or risk management projects be developed in a case study format. A typical case study describes the situation, provides appropriate background information including events that led to the intervention, presents the technique and strategies used to develop the study, and highlights the key issues in the intervention. Case Studies tell an interesting story of how the evaluation or test was developed and the problems and concerns identified along the way.

Case studies can be used in group discussions, where interested individuals can react to the material, offer different perspective, draw conclusions about the approaches and techniques. Also, it can serve as self teaching guides for individual who are trying to understand how risk evaluations were developed and utilise in the organization. Finally, case studies provide appropriate recognition to those involved in the actual cases. More importantly, they recognize the participants who achieved the results as well as managers who allowed the participants to be involved in the project. The case study format is one the most effective tool for learning about the internal controls and risk management.

Selective case studies may then be printed as success stories in the broachers or newsletters of the organization to spread and share the knowledge.

Rendezvous with your ERP

A retail chain was facing a lot of problems with its new ERP system. The management was experiencing missed deadlines, unmet requirements, dissatisfied customers, excessive costs, and underused systems. Although there was no significant system or control failure as per internal audit reports but everything was waiting for a failure to happen and the retail chain was exposed to high risks.

New ERP system had all kinds of bugs and yet was not described as a failure. New ERP system was delivered late, at inflated cost, with inaccurate functionality, and most functions were largely unused. The management could command the resources and had power to sustain it and thus the new system was not considered a failure. The leadership announced successful implementation of ERP as it was serving some of the organizational purposes. System was functional although not perfect.

An interesting distinction needs to be drawn between failure and flaws. Most internal auditors would agree that every information system is flawed in some way or other and that flaws are characteristic of the systems themselves and of the innovation process. However, flaws may be corrected at a cost or accepted at a cost after considering its significance and potentiality to become a root cause for a failure.

Internal Auditors often view the process improvement along with ERP implementation as a mechanical, predictable activity that should, with good project management, lead inevitably to the planned results. However, developing processes along with new ERP have two important dimensions i.e. innovation and support management. Building and maintaining an ERP system is not a routine process, even with the best methods and tools available. It is an innovative process and, therefore, necessarily involves uncertainty.

Politics and human frailties loom large and have an inevitable impact on the outcome of new ERP implementation too. When systems failures or disasters occur, blame is often placed on the users for not acting in accordance with procedures or for not diagnosing a problem quickly enough. In investigations following a major failure or disaster, a common approach is to focus simply on the operational activities as the most likely cause.

ERP implementation should synergies with management accounting needs of the business as decision making is not supported by mere seamless integration of business functions like financials, HR, production, CRM but dynamic management accounting principals. If you can't see the entire picture, you have disconnects between strategy and people processes.

Current Enterprise wide resource planning and management puts reality behind the numbers. ERP should specify how the various moving parts of the business will be synchronized to achieve the targets, deal with trade-offs that need to be made, and looks at contingencies for the things that can go wrong or offer unexpected opportunities. Do your business managers refer to ERP at the time of making a decision? If not then what is the use and yield? The business managers should be able to see preview of his/ her proposed decisions.

Innovation and lateral thinking is missing in the entire process. ERP needs to rendezvous with knowledge of business, with management accounting.

Risk Score Model

I was reading an interesting case study recently which seems straight out from the real world wherein CEO and Chairman of Audit Committee were arguing with each other as to how internal auditors should perform their work. CEO was stressing on lack of understanding of internal auditor about responsibilities and authority aspects of controls. He was vary furious about fault finding nature of their reports and he felt need for discussing the report with him before presenting it to the committee. Mr. Chairman at first was more interested in bridging the control gaps found in the report but later on some what convinced with what CEO was saying started instructing the Internal Auditor to pursue more transparency with the auditees henceforth. Not everyone in the meeting was of the view that the internal audit function is adding value to the firm.

Internal control is no longer the exclusive domain of highly trained accountants on the internal auditing staff. Corporate Boards, Committees, CEOs, CFOs and employees at virtually every level are now seen as responsible for designing, implementing and monitoring these controls; few, however, have the training and background needed to fulfill this complex responsibility along with understanding other's point of view of controls within the organization.

Every employee in an organization has a stake in the control process. So there is quite a possibility of conflict situations due to difference in the risk perceptions within the Organisation. Everyone who is made responsible needs to know the control framework in its entirety and how they work together.

Using a collaborative approach for building a culture of effective risk management through extensive employee involvement in identifying and controlling risk factors is essential. And thus, Control Self Assessment is being recognized as a powerful tool by businesses to help auditors, management, and others examine and assess business processes and control effectiveness within their organizations. However, harmonization in understanding the controls from various perspectives is also very essential. Conflict of interests due to varying use of management accounting information by different business managers should not hamper the risk management processes.

I have attached a risk score tool which will prove useful to score risk perspective of various participants and to foster innovative discussion between them to resolve conflicts and improve risk management processes.

Participative and playful discussion on differences of opinion makes the participants learn more about the controls and their own responsibility regarding risk management. They tend to become involved in designing and executing the controls that contribute to meeting the organization's goals and objectives.

Download Risk Model