How an assessment can help your organization face its risks head on Featured

8:01pm EDT September 30, 2011
How an assessment can help your organization face its risks head on

Successful organizations achieve a diverse set of objectives. The pursuit of these objectives is especially challenging in today’s highly competitive environment.

Operational assessments assist organizations in achieving their objectives by ensuring that their strategic goals are appropriately translated into operational objectives and that the risks associated with the achievement of these operational objectives are mitigated.

“Operational assessments help firms evaluate how they are performing with respect to their goals and the chance they will continue to achieve these goals in the future,” says James P. Martin, CMA, CIA, CFE, managing director of Cendrowski Corporate Advisors. “Irrespective of the economic environment, operational assessments can provide significant benefits to firms.”

In last month’s issue, Smart Business spoke with Martin about the basics of operational assessments. This month’s issue provides further context regarding the purpose and execution of these assessments.

What is the purpose of an operational assessment?

All businesses, regardless of size, face risks in pursuing strategic objectives. Operational assessments focus on the mitigation of risks in the design and execution of processes created to achieve strategic goals.

The distinction between process design and execution is central to operational assessments, and different procedures must be followed depending on the type of assessment that is being performed within an organization.

What are the key components of a process design assessment?

The first step in a process design assessment is an evaluation of the organization’s process design objectives. More specifically, this evaluation will examine how process design objectives reinforce the organization’s strategic goals; if feedback from prior risk assessments was considered in the design process and whether or not process owners understand their role in achieving the organization’s strategic objectives.

After process design objectives have been evaluated, process design risks must be tabulated and assessed. The likelihood and impact of risks that may prevent the achievement of the organization’s objectives should be assessed by numerous individuals, and the results of these assessments should be shared with all participants. Special attention should be paid to outlying likelihood and impact assessments, as the individuals who provided an outlying estimate may have specialized knowledge of specific risks facing the organization.

Next, the design of process controls must be evaluated, along with the ability of these controls to bring risks in line with the organization’s risk tolerance. Those processes in which inefficiencies and inadequate controls exist must be redesigned in accordance with the organization’s risk tolerance.

Special attention should be paid to high likelihood/high impact risks, as these present the greatest level of exposure to the organization. Low likelihood/high impact risks should also receive attention, as the organization may rarely face these events and be unaccustomed to dealing with them should they occur.

What are the key components of a process execution assessment?

A process execution assessment begins with the disaggregation of designed processes into executable tasks. Process operators should be interviewed to determine their perception of a process’s tasks, and they should also be observed to make certain that any process tasks were not forgotten in the initial interview.

Once executable tasks have been identified, an assessor must determine the existing level of process controls that mitigate each task. This includes the tabulation of preventive controls, as well as detective and corrective controls designed to minimize the likelihood and impact of risks, respectively.

Subsequent to the evaluation of process controls, key controls are tested to ensure they are functioning as intended. Testing should focus on those risks identified by process operators as having a low likelihood of occurrence or low impact. An assessor should also consider altering a company’s internal audit plan and rotation schedule to make control testing a periodic activity.

Lastly, a plan must be developed to correct processes requiring improvement, especially high likelihood/high impact processes. The root cause behind a high likelihood or high impact score must be well understood prior to developing a process improvement plan.

What resources exist for organizations looking to perform operational assessments?

Interested parties should view Cendrowski Corporate Advisors’ Operational Assessment Guide included in this month’s issue of Smart Business, as well as last month’s introductory article. Both provide an excellent starting point for any organization looking to perform an operational assessment.

JAMES P. MARTIN, CMA, CIA, CFE, is managing director for Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or jpm@cendsel.com.