A Perfect Time to Scrap Everything?
Dan Clayton, CPA
Director of Knowledge Management
CHAN Healthcare Auditors
The recent Committee of Sponsoring Organizations of the Treadway Commission (COSO) revision of its Internal Control–Integrated Framework has me thinking it is a perfect time to scrap everything. About 10 years ago a friend was pretty excited about his home renovation project. However, during a visit near completion he confessed he had spent nearly double what it would have cost to scrap the home and start new. He also noted a number of sacrifices they had to make given the frame of the house. If his objective had been historical restoration it could have justified the cost. Is that our COSO revision objective — historical preservation? As I consider the needs of governance and management, I see significant opportunity for our profession that does not currently fit under the COSO roof. Why are we developing standards for the future based on a historical foundation rather than a current need? We can tear down a few walls, modernize a few amenities, but why are we choosing to inherently limit the professional foundation?
Helping to creating accountable and transparent organizations should be our future. It is the unstated desire of every organizational stakeholder, even if no one wants it applied to them. Continued corporate failure, difficult economic times, an increasingly anti-corporate public, and increasing regulatory scrutiny will combine to give accountable, transparent organizations a competitive advantage. We are coming out of an era where legal mitigation, financial accuracy, and threat management were the way to protect a corporate reputation while management went about its own way to create value. However, more is being asked today. What management does and does not do to create and protect value is prime public conversation. Why then are we aligning our value contribution to our old concepts of operational efficiency, reporting accuracy and compliance? Management’s need is greater!
Should we not choose a new foundation that first meets — or tries to address — the need for clear accountability and transparency, and then decide how to apply our traditional concepts? If we see management’s need, can we not simply align our internal audit efforts to run parallel with it? Management has one objective, which is to add value to customers. Can we not align our framework with this value pipeline internal to the organization?
Simple value pipeline:
- Strategic Development — What value does the organization want to create?
- Objective Development — What operations need to be created to get there?
- Objective Dissemination — Who is responsible for each part?
- Objective Oversight — What is put in place for each objective to monitor progress?
- Operations Alignment — What people, process and technology are used and are they aligned efficiently for the current expectations?
The better an organization does these things — with good management — the better its chance of reaching its value. Do we have an opportunity to help identify leading practices along this value creation/protection chain? Can we then measure (by maturity) to identify where value (opportunity or risk) is lost and “controls” or greater formality/transparency are needed? Could not standards along this value chain lead to greater internal reporting on internal vulnerabilities and threats? Sharing the maturity of internal efforts could be a great way to gain public reputation for transparency, anticipating a more corporate critical public over the next decade.
If internal audit truly seeks a strategic vision, is it time to scrap our vision of the value we deliver for a bigger one? Should internal audit build its own framework and exit COSO?
I say yes!
Posted on Jan 11, 2012 by Tim
Share This Article: