Holistic assessment Featured

8:00pm EDT March 26, 2007

An operational review is a powerful tool that offers insights into the way your organization really works on a current basis. More importantly, it shows you how well it is prepared to meet future challenges.

“The holistic approach — looking at the function of the system as a whole as a way of determining its impact on the efficiency of the parts — provides the basis for a blueprint to raise your organization’s performance to the next level,” says Harry Cendrowski, CPA/ABV, CFE, CVA, CFD, the president of Cendrowski Corporate Advisors LLC.

“Operational reviews give you a comprehensive assessment of governance — defining expectations, granting power within the organization and giving feedback as to whether the job is being done the right or wrong way,” adds Cendrowski.

Smart Business spoke with Cendrowski about what companies should expect from an operational review.

Of what benefit is an operational review?

The objective of an operational review is to help organizations learn to act, instead of just reacting to the challenges of growth and change.

Because the information provided is practical from both a financial and operational perspective, it leads to very practical recommendations to help a company achieve its goals. The review identifies the extent to which your internal controls actually work and enables you to identify and understand your strengths, weaknesses, opportunities and threats.

How does the process work?

Experienced teams interview and observe. Actually watching how employees carry out their responsibilities is a key part of the process. It also is important that the team gain the employees’ trust and confidence. In this regard, they must be assured that whatever they say will be kept confidential. Therefore, management must guarantee anonymity to anyone who offers critical information. Otherwise, employees will filter their responses and the data will be much less useful.

What are some of the areas of assessment?

Governance and ethical guidelines — Responsibilities, authority and the scope in which an employee has the freedom to act must be clearly defined and documented. Employees must actually have the authority to carry out the general responsibilities and specific tasks they have been assigned.

Strategic planning and tactics — Without clear strategic direction, there likely will be different expectations between ownership and management. The corporate structure must be designed to best leverage business and tax opportunities. Customer service standards must be clearly defined and understood by the employees, who must actually agree with them. You might be surprised to discover how often this is a problem.

Communication and reporting standards — If there is confusion in these areas, there could be lapses in internal controls, putting the company and/or its assets at risk. Reports must be useful, and the flow of information and how it is processed must keep pace with the company’s growth.

Contingency planning, testing and recovery — Contingency plans must not become outmoded. An organization must be really prepared to react to disruptions. This includes establishing a formal process to review transactions processing during both disruption and recovery.

Information technology (IT) and security controls — Every organization must have safeguards to ensure system transactions and information are restricted only to authorized users. Proper IT security policies must be in place, state-of-the-art protection techniques employed, and everything be documented, periodically updated and continually monitored. Management’s objectives for the protection and integrity of the data must be met.

What sort of report is presented?

It defines objectives, describes the current conditions in which those objectives must be met and recommends whatever changes are necessary. The plan has three levels of recommendations: one for executives, another for management and a third for staff.

The executive summary concentrates on strengths, weaknesses, opportunities and threats to the organization as a whole. It contains recommendations for any needed changes in policy or governance.

The management plan is based on employee feedback coupled with our expertise and includes areas of immediate improvement as well as suggestions of potential problem areas.

The staff report deals with nuts and bolts, like charting the hierarchy of the organization, and spelling out specific control objectives that are critical to the mission and to which personnel must pay close attention to if they wish to engender both organizational and personal success.

HARRY CENDROWSKI, CPA/ABV, CFE, CVA, CFD, is president of Cendrowski Corporate Advisors LLC, Bloomfield Hills. Reach him at (248) 540-5760 or hc@cendsel.com or go to the company’s Web site at www.frauddeterrence.com.