12/11/2014 11:18

The Advantage of Management Controls

Have you ever noticed how when anything happens that seems to be significantly outside of expectations even the introverts want to tell everyone they know just how shocked they are? Shocked!

Some people are shocked that way ALL the time, often just by the expressed opinions of people associated with a different political party. ("Can you IMAGINE?! They want to tax RICH people!") Others are only affected in this way when, for example, someone transfers the balance of a cash account to complete strangers. ("And can you BELIEVE it?! These are people who live in FLORIDA!! FLORIDA!!!")

While all this was going on I was also reading an article about a construction contractor who paid the federal government over 3 million dollars in compensation for a fraud perpetrated against all of us by a couple of "rogue" managers. The company considers itself to be a victim of these horrible individuals, which is true enough. "One of the managers ... is serving a 14-year prison term" for bid-rigging and fraud. [ENR, Dec 1/8 2014, page 16.]

Other than paying off the government, the company responded with "new and upgraded ethics rules and training for employees ... with quarterly company-wide review meetings". My question would be this: Where are the systemic controls which would have made this fraud apparent? A company is always at risk from rogues and incompetents, neither of which is a category much affected by ethics rules and quarterly meetings. If I had an ownership stake in that company I'd be considering selling now.

In contrast to quarterly meetings, day to day procedures actually bring both roguery and incompetence to light, as well as the stupid mistakes that anyone can make. For example, I now know for sure that automatically confirming every journal transfer can help to uncover errors in account numbers -- it comes a little late in the process but it has proven its value in my account just this week.

Did I tell you that I've rebuilt my entire computer system due to the fact that my system administrator, who is me, disregarded all the protocols for system upgrades set by the data center manager, who is also me, and installed a new software release which broke a number of important functions needed by our user community, which is me again?

As I just said, every organization is always at risk from roguery, stupidity, and inadequate internal controls.

Fluffy Kitty has suggested that this risk might best be addressed by holding quarterly cat-strokings. I think she means every quarter hour. Who knows? That could at least slow down the rate of change and give the players of the actual reality game time to think before they, or I, act.