How to avoid surprises by keeping a close eye on operations at all times

James P. Martin, Managing Director, Cendrowski Corporate Advisors LLC

James P. Martin, Managing Director, Cendrowski Corporate Advisors LLC

One of the primary functions of management is to understand what is actually going on in an organization, as opposed to what is supposed to be happening. However, for monitoring to be truly effective, there must first be good communication, a culture that promotes ethical behavior and a solid understanding of the particular organization’s risk factors.

“Organizational monitoring is not just about protecting a company from fraud,” says James P. Martin, CMA, CIA, CFE, managing director at Cendrowski Corporate Advisors LLC. “Monitoring systems can help ensure quality, that customer needs are being met and that the company is doing everything else that is necessary to achieve its goals.”

Smart Business spoke with Martin about how management can understand what is truly going on within the business.

What are the steps to an effective organizational monitoring plan?

First, the company must clearly define its goals. What is it trying to accomplish and how will it accomplish those goals? Second, what risks does it face? What can get in the way of the company accomplishing those goals? Third, what type of early warning system does the company need? How will it know if and when a risk has occurred or if someone has not performed as expected?

What impacts are electronic monitoring systems having?

Electronic monitoring systems have been around awhile but are drawing increased attention now with more severe penalties and potential outcomes for violations under Sarbanes-Oxley. Electronic monitoring systems are similar to a car’s dashboard. When trigger points, predefined events or hurdles are detected, ‘warning lights’ appear on the manager’s desktop.

While electronic monitoring is useful, it cannot — and should not — replace human involvement. The most important thing managers can do is be involved with operations on a day-to-day basis by walking around and talking with employees, holding regular meetings, receiving regular reports and phone calls, etc.

How are trigger points identified?

An organizational assessment of risk will help management identify areas that have more robust monitoring needs. Examples might include finance, everything related to potential issues arising with cash, or vendor management, such as notification every time a vendor’s address changes. Triggers also can monitor quality metrics, supply chain issues, personnel issues, etc. The system should be proactive so that management can address issues before they get out of control, preventing a crisis management situation.
It’s important to note that a monitoring system is more holistic than the definition of trigger points. The single biggest factor is people — what they will do in a given situation. The overall culture needs good communication systems and a clear understanding of management expectations.

Monitoring techniques need to continuously adapt to consider potential changes in behavior. There are a lot of examples of companies that had defined monitoring procedures, but creative people were able to identify and exploit areas that were not considered in those procedures.

How do private equity firms monitor the activities of the companies they invest in?

Private equity firms have to monitor the operations of the portfolio companies, not to the extent of detail that internal management does, but they do need to define risk. These companies have expectations, and if they identify certain events on the horizon, they can be prepared to take certain actions. Like the companies they monitor, private equity firms also must define their own particular trigger points.

Any tips for improving a system?

Make sure you’re monitoring the right areas. There may be areas you’ve historically monitored that have now changed, which is where the internal audit function comes in. The board’s audit committee must understand what is critical for the upcoming year. In examining the ‘audit universe’ — the model that defines every auditable event within the organization — areas of risk are identified, and then prioritized for audit. It’s management’s responsibility to determine how many resources to invest in each given area of risk.

James P. Martin, CMA, CIA, CFE is managing director at Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or [email protected]

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

Leave a Reply

Your email address will not be published. Required fields are marked *