Category Archives: Reviews

These are my reviews and opinions on other people’s content. Could be on any topic.

Continuous Auditing – is it really “auditing”?

Thomson Reuters’ magazine “Internal Auditing” has an article in their current January/February edition called “The Value-Added Significance of Continuous Auditing”. This is my rant because I continue to chafe at the concept of continuous auditing.

Let me preface this by saying that I am not an expert on continuous auditing. Quite the opposite. I’ve been reading about it for years but have never found its basic premise to be sufficiently compelling to encourage me to develop any expertise.

Now, on its face, there is clear logic for reviewing controls more frequently than less frequently. But every time I imagine which controls I could actually review by continuous auditing, I stumble. I first image detailed reviews of “exception conditions” that might be highlighted through automation. But in my book, that’s the role of management, not internal audit. Maybe it’s just semantics, but I can’t really conceive of anything that I would audit on a continuous basis. I go back to the assertion that continuous monitoring of a process is management’s role, not audit’s.

Audit’s role, in my view, is to stand apart from the process. To second-guess. To avoid getting caught up in execution of individual transactions and focus on the big picture – asking questions like “What is this function trying to accomplish? What are the risks? How is management monitoring and mitigating those risks? Is management’s monitoring process sufficient, efficient and effective?

The article that I mentioned at the top of this post asserts a difference between continuous monitoring and continuous auditing. I can accept their assertion that management is responsible for continuous monitoring. But their further implication is that continuous auditing is similar to a quality control function by assuring that management’s continuous monitoring is taking place. I don’t think that this definition of continuous auditing is a universal concept. I don’t feel that my profession and my experience is in any way aligned with quality control monitoring. It seems that this view simply doesn’t align with the words “continuous auditing”.

So I’m back to my starting point. Continuous auditing is so fuzzy that it is, to me, unusable – yet it keeps getting discussed in the literature as a critical leap forward for internal audit.

What am I missing?

Defining risk appetite – a major stumbling block

Others are recognizing, to various levels, what I’ve been writing about for a while. Risk management as a stand-alone activity has much less value compared to what it can provide when it’s properly integrated into an organization’s performance management activities.

I just read a paper from Professor Regine Slagmulder and Maria Boicova from the Vlerick Leuven Gent Management School. Its title is Integrating Risk Into Performance (1) with copyright by the Chartered Institute of Management Accountants.

This paper addresses their research into risk reporting to the board at a number of European companies. Many of their findings and observations are common sense; what you might expect if you’re at all  involved in risk management or working with a managing board.

There are, however, a few findings that I thought were interesting and want to address. These findings are, I believe, absolutely right but they go against the flow a bit.

The establishment of formal Risk Appetite 

Risk appetite is a formal concept within risk management. The idea behind it is that the level of risk in any endeavor is neither too high nor too low by a purely objective assessment. It is only too high or too low when compared to the level of risk that management believes is appropriate. This appropriate level of risk is often referred to as “risk appetite.”

This study found that most companies are “at the lower end of the spectrum” when it comes to formally defining risk appetite. In other words, they found that companies do not necessarily make a big effort to formally define an all-encompassing level of risk that is appropriate for the organization. Certainly my experience indicates that this is true. The issue, though, is the reason behind this. Often, this situation is bemoaned as a failing of organizations to step up and address risk management correctly. I’ve always disagreed on the grounds that risk appetite, while it may be a foundational concept, is far from the starting point when an organization actually implements risk management. In fact, early in a project, it often is an unnecessary stumbling block.

This study indicated that in “those companies that favoured a more integrated view on risk, the attitude towards formalisation of risk appetite remained fairly reserved.” The key, here, is the reference to an integrated view of risk. The report goes on to say “One potential reason could be that companies might prefer to stay flexible and adjust their risk appetite based on the particular project and/or strategic initiative at hand …”.

Since flexibility is extremely valuable when starting up any new and unfamiliar endeavor, it follows that formal establishment of a risk appetite at the early stages of risk management implementation may be detrimental to success.  It simply adds too much rigidity to the project at a point when not only are the unknown variables too great, but the process itself is often poorly understood.

To be clear, risk appetite is not irrelevant. But the term, itself, implies rigidity. I like ISO’s phrase “risk attitude” better. I believe that it more correctly references the real need – to align human action with certain ideals.

There are some other good points in this study that I’ll address in my next post.

(1) http://www.cgma.org/Resources/Reports/Pages/integrating-risk-into-performance.aspx

Good to Great – “Disciplined Action”

This is the fifth and final post from my recap of Jim Collins’ 2001 book, Good to Great. The focus is on Disciplined Action. It is the last of the three major concepts, joining Disciplined People and Disciplined Thought.

The major image that the book uses for Disciplined Action is the flywheel. For those who aren’t familiar with the concept, it’s a rotating wheel, typically very heavy. Once it has started rotating, its great mass keeps it rotating smoothly. Old-fashioned grinding wheels are an application of the flywheel.

Picture a giant stone wheel, perhaps a dozen feet in diameter. The author creates the idea of people working together putting effort into starting this massive wheel rotating. It can take considerable effort to rotate it a few inches. But, the next bit of effort may rotate it a dozen inches. Then a quarter-turn. Once it is spinning, relatively little effort is required to keep it moving or even speeding up. Most of the effort comes at the beginning.

The obvious analogy is that it takes discipline to keep up the effort at the beginning of a business strategy, knowing that the wheel is barely moving. However, the effort is rewarded if you keep it up. If you are falsely discouraged and give up, the wheel stops and you have to start over again. Organizations that jump from strategy to strategy spend all of their effort starting that flywheel moving, time after time.

The other realization that they drew from their interviews is that the great companies could never point to their “breakthrough” where they became great companies. They always indicated that they just got to work and eventually the success was there. As with the flywheel, there was never a point where the flywheel suddenly started moving on its own. The first inch of movement after a lot of effort doesn’t seem like a breakthrough. Nor does the next 6 inches. Eventually, you simply realize that it’s moving on its own.

The last major idea in the book relates to technology. The book points out that technology is an accelerator to a hedgehog concept … but it can never be the hedgehog concept (see my earlier post describing the hedgehog concept). If technology were the central concept it could be easily leap-frogged by others. Technology should continually reinforce an unchanging hedgehog concept. This means that technology can always be viewed as simply another supporting tool that can be easily swapped out as better tools become available to support the hedgehog concept. The technology is not, itself, the focus.

Thanks for reading these 5 posts recapping Good to Great. I hope you have found them useful. You can benefit from this very easy-to-read book and the simplicity of their ideas.Others have criticized it for its perceived over-simplicity and the fact that a few of its “great” companies have fallen on hard times. Such criticism misses the point entirely. This book delivers ideas to help you become a great company. It’s up to you, once greatness is achieved, to keep these lessons fresh and remain a great company.

Good to Great – “Hedgehog Concept”

This post continues my recap of Jim Collins’s 2001 book Good to Great. In my prior post I introduced the idea of the “hedgehog concept” within the overall idea of Disciplined Thought.

A hedgehog concept is the simplified image of your organization. You and your team develop it. It unifies your team and provides organizational identity and discipline. While others chase new fads and technologies, your hedgehog concept will provide the focus to assure that these new ideas enhance, not detract from, your identity.

One of the prerequisites to developing your hedgehog concept is the need to face the brutal facts impacting your company and industry. However, realize that these brutal facts should help you identify not only where all of the challenges lie, but also help identify your organizational strengths.

To develop a hedgehog concept for your organization, Collins points to three areas that you must understand and be able to articulate:

  1. What is your organization deeply passionate about?
  2. What can your organization be the best in the world at?
  3. What drives your economic engine?

Passion drives commitment. In an earlier post I mentioned that motivation should be an irrelevant concept. If you have motivation problems you haven’t found people who feel passion toward the organization’s goals. So, work to find out what your organization, as a whole, can feel passionate about. This will make it very clear, going forward, who should be part of the team and who shouldn’t.

Becoming the best is far harder than simply being good. To become great you have to excel. What can your organization excel at? Considering your people, your infrastructure, your customer base, your passion – what can you become best in the world at? You don’t have to be best at the moment; you just need to have a realistic chance (facing the brutal facts …) to become the best. Because, let’s face it, if you can’t become the best at something you can still be a good company but you’ll never be great.

Measuring financial performance is critical to any business. This can take some creativity because you don’t have to accept standard industry concepts. You may choose profit per customer visit (retail), total fees per relationship hour (service), or anything else that you can reasonably and simply express as $ per ?. The point is that there is a significant difference between maximizing profit / ($ of retail sales) and profit / (customer visit). This difference can result in a dramatically different hedgehog concept.

If you can articulate these concepts while facing the brutal facts you will develop your focus, your hedgehog concept. Remember that it’s simply a way to focus and articulate the essence of your organization. Then, as new technology and business opportunities come along you can plug them into your organization in a way that’s always consistent with your hedgehog concept. It’s this consistency and discipline that drives long term greatness.

Good to Great – “Disciplined Thought”

This post is part 3 in my recap of Jim Collins’ 2001 book, Good to Great. My prior post was about Disciplined People. This one is about Disciplined Thought. Once again, I took two major concepts from this section.

First, to become a great organization you must confront the brutal facts. Even though your organization may be doing well today, by whatever standards you choose, there are always brutal facts that you need to recognize and embrace. Face the challenges of your existing markets, your customers’ opinions of your products and services, your profit margins, your ability to innovate, your financial situation, your infrastructure, your management team – everything. There is no value in ignoring any challenges. It’s critical to evaluate your situation exactly as it exists. Recognize the difficulties.  Avoid hoping and wishing. Identify your options. Be clear on what you truly can and cannot accomplish.

My observation – If your organization’s ‘brutal facts’ aren’t obvious to you, you need to find them because they are there.

But, even though this implies that you have to face the occasional situation where the challenges are daunting, you need an underlying belief that you will prevail in the end.  They coined this ‘the Stockdale Paradox’ relating to the late Vice Admiral James Stockdale. While a prisoner of war in Vietnam, subject to frequent torture, he accepted the brutal facts of his situation. However, he never wavered from his belief that he would eventually prevail. While he made it out of the prison camps, many others didn’t. He believed it was because they were optimists and failed to accept the brutal facts. These others hoped that they would be released by Christmas, then Easter, then Summer, then … These dashed hopes eventually broke their will. Stockdale said “This is a very important lesson. You must never confuse faith that you will prevail in the end—which you can never afford to lose—with the discipline to confront the most brutal facts of your current reality, whatever they might be.”

My observation – You need as many views and opinions as possible from those who are intimately or even tangentially related to your business or industry. You need as broad an understanding of your situation as possible. Optimism and hope has no place as you survey your landscape as it actually exists.

Second, you must develop a hedgehog concept. This refers to a simple understanding of how your organization can survive and thrive. The parable from the book related to the clever fox who was always devising schemes to triumph over the hedgehog. In contrast to the fox’s constantly shifting strategies and perceived cleverness, the hedgehog fully understood his own strategy. Regardless of what the fox tried, the hedgehog could always roll up into a ball and become unassailable. The hedgehog had a way of disregarding the irrelevant and remaining disciplined on what he knew would work for him.

The book then presents their key principles to developing a hedgehog concept.  I will recap these in my next post.

Good to Great – “Disciplined People”

In the first part of Jim Collins’s 2001 book Good to Great he presents the concept of  “Disciplined People”.

One piece of this is Level 5 Leadership. Those companies that outperformed the market for at least 15 years had it. This meant leadership at the very top that is intensely focused on the success of the organization. These individual leaders are not household names and they aren’t written about in major business journals; in fact, typically no one outside the organization has heard of them. They are humble, balanced, hard-working individuals with high individual and corporate standards.

They contrast this with other, very successful organizations, where the top leader is seemingly more focused on the success of the top leader, rather than the organization overall. These leaders, through their own talents, may very readily elevate the performance of an organization to very high levels, but a “great” organization needs to sustain this performance for at least 15 years. What the researchers found is that these charismatic leaders typically failed to build a strong management organization around them. Once these leaders moved on or retired, the organization was not able to sustain its level of performance.

My observation #1 – the concept of Level 5 Leadership relates to “good well-established” companies hoping to become great. If an organization is striving to simply become a “good well-established” company then a Level 5 Leader may not be their best choice. They may need a more charismatic individual with strong vision and forcefulness.

The second, related, part is First who, then What. This relates to the importance of building a solid team. As they describe it, you get the right people on the bus, the wrong people off the bus, and the right people in the right seats. They advocate being disciplined in moving people around to get the best possible management team. If you are convinced that a certain person will not be the right one long term, you do them no favors by delaying management decisions.

Also, notice that the phrase is ‘First who, then What’. They suggest that strategies evolve more naturally once the right people are involved. The variety of disciplines and expertise from a solid management team will help drive better strategy and greater commitment to the strategy. For an established company it is far less effective to develop a new strategy and then move people around to staff it.

My observation #2 – Practical experience bears out a related point. As they say, when people are committed to the organization and the strategy, you never need to worry about “motivation”. If motivation is a problem in your organization, you don’t have the right people. Think back on your own experience – have you ever needed to be “motivated” to do something you truly believed in?

These two ideas – “talented, focused, humble leadership” and “the management team is the first thing you need to get right” – are not profound. Often, the benefit comes from distilling and effectively articulating the intuitively obvious.

Good to Great

Lately I’ve been on a search to read more about business, success, strategy and performance. I just read Good to Great, by Jim Collins, which came out in 2001.

Although I had certainly heard of it (it was a huge publishing success) I didn’t read it at the time. When I ran across it a few weeks ago I grabbed it at the library. He and his team did significant research to identify those public companies that had been good performers and became great performers for at least 15 consecutive years. The team then tried to identify common factors that lead to this success.

The 11 companies they identified as manifesting Good to Great were:

  • Abbott Labs
  • Circuit City
  • Fannie Mae
  • Gillette Company
  • Kimberly Clark
  • Kroger
  • Nucor
  • Philip Morris
  • Pitney Bowes
  • Walgreens
  • Wells Fargo

This book starts on a solid data-driven foundation. It found those companies that met a (very rational) definition of great performance. Once those companies were identified, the team looked for commonalities in performance considering people, strategies, technology, finances, and everything else they could imagine. They came up with some very basic factors that correlated across these 11 during the time period of their greatness. They also compared these factors to other similar, but less successful, companies and determined that these factors did not correlate with those organizations.

A few of the 11 companies listed above  are obviously known to us as having gone through some problems since the book was published. This can lead a reader to question whether the basic findings are at all relevant since not all of the companies were able to sustain their success. Some have questioned the nature of this type of research — looking at past performance as a basic premise for identifying good performers.

Here’s my opinion. Of course they are backward looking. I think that’s our only real option for gathering data. The challenge  is to find correlations between actions and success. I think that this book does it admirably. Did some of these companies fall on hard times? Sure. But no matter how healthy you eat and how much you exercise, you can still get sick. Perhaps more to the point, if you stop your healthy activities and start new, unhealthy activities you can decline quickly. The trick is to recognize which activities are healthy ones, and which are unhealthy ones. It’s up to you to do the right things and avoid the wrong things. Mr. Collins points out the need for this discipline throughout the book. If the reader somehow missed this very clear point, that’s not the fault of the author.

In my next few posts I’ll write more about the individual factors. Let me just say that they strongly resonate as being solid common sense that we all too often forget when we’re trying to create the next ‘killer’ strategy.

For me: Good to Great is still an A+ read.