Upload
stephen-morton
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Mark B. Mitchell, MBA, CIA, Mark B. Mitchell, MBA, CIA, CGFMCGFM
Director of Internal AuditDirector of Internal AuditNYSERDANYSERDA
November 12, 2008
Understanding Understanding the Importance of Soft the Importance of Soft Controls in Improving Controls in Improving
OperationsOperations
AGA Audio Conference
2
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008ContentsContents
Understanding The Importance of Soft Understanding The Importance of Soft ControlsControls
What Are Soft Controls?What Are Soft Controls? Why Do Soft Controls Matter?Why Do Soft Controls Matter? Evaluating Soft Controls: Key Elements of Evaluating Soft Controls: Key Elements of
Improving OperationsImproving Operations What Makes Soft Controls So Difficult?What Makes Soft Controls So Difficult? Soft Controls: A New ViewSoft Controls: A New View GAO’s Model of Strategic Human Capital GAO’s Model of Strategic Human Capital
ManagementManagement
3
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
What are Soft Controls?What are Soft Controls?
4
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
What Are Soft Controls?What Are Soft Controls?
Integrity & Integrity & Ethical ValuesEthical Values
Commitment to Commitment to CompetenceCompetence
Board or A/C Board or A/C OversightOversight
Management’s Management’s Philosophy & Philosophy & Operating StyleOperating Style
Organizational Organizational StructureStructure
Assignment of Assignment of Authority and Authority and ResponsibilityResponsibility
HR Policies HR Policies and Practicesand Practices
COSO Model: The Organizational Culture
5
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Understanding Soft Understanding Soft ControlsControls
Internal Control – Integrated Internal Control – Integrated Framework, Framework, by COSOby COSO
Enterprise Risk Management – Enterprise Risk Management – Integrated Framework, Integrated Framework, by COSOby COSO
Internal Control over Financial Internal Control over Financial Reporting – Guidance for Smaller Public Reporting – Guidance for Smaller Public Companies, Companies, by COSOby COSO
Foundation Guidelines “Red Book,” Foundation Guidelines “Red Book,” by by OCEGOCEG
Where Are Soft Controls Written About?
6
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Why Do Soft Controls Why Do Soft Controls Matter?Matter?
7
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
““Selling” Soft ControlsSelling” Soft Controls
Why Do Soft Controls Matter?Why Do Soft Controls Matter?11
1.1. They can help manager understand why They can help manager understand why people behave as they do;people behave as they do;
2.2. They can increase managers’ effectiveness They can increase managers’ effectiveness in predicting future behavior; andin predicting future behavior; and
3.3. They enable managers to understand how They enable managers to understand how they can direct, change and control they can direct, change and control behavior.behavior.1 Paul Hersey and Kenneth H. Blanchard, Management of Organizational Behavior: Utilizing Human Resources, Third Edition (Englewood Cliffs: Prentice-Hall, Inc., 1977) p. xiv
8
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
How can I “Sell” Soft Controls to Management?How can I “Sell” Soft Controls to Management?Management: Working with and through individuals and Management: Working with and through individuals and
groups to accomplish organizational goals.groups to accomplish organizational goals.22
““Selling” Soft ControlsSelling” Soft Controls
2 Ibid. p. 5
Employee Potential
Per
cen
tag
e o
f A
bil
ity
80 to 90 percent
20 to 30 percent
Area Affected by Motivation
Potential Influence of Motivation on Performance
9
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Soft Controls: Evaluating Soft Controls: Key Elements of Key Elements of
Antifraud ControlsAntifraud Controls
10
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Soft ControlsEvaluating Soft Controls
Evaluation TechniquesEvaluation Techniques:: Whistleblower HotlinesWhistleblower Hotlines Staff Focus GroupsStaff Focus Groups Employee SurveysEmployee Surveys ““Customer” SurveysCustomer” Surveys Internal Control Internal Control
EvaluationsEvaluations Audits (Internal, External)Audits (Internal, External) StudiesStudies
11
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Soft ControlsEvaluating Soft Controls
Integrity & Integrity & Ethical ValuesEthical Values
Commitment to Commitment to CompetenceCompetence
Board or A/C Board or A/C OversightOversight
Management’s Management’s Philosophy & Philosophy & Operating StyleOperating Style
Organizational Organizational StructureStructure
Assignment of Assignment of Authority and Authority and ResponsibilityResponsibility
HR Policies HR Policies and Practicesand Practices
COSO Model: The Organizational Culture
12
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Integrity & Evaluating Integrity & Ethical ValuesEthical Values
1.1. Has a Code of Conduct/Ethics been Has a Code of Conduct/Ethics been adopted that promotes:adopted that promotes:
Honest/ethical conduct, including internal Honest/ethical conduct, including internal and external dealings, and the handling of and external dealings, and the handling of conflicts of interest?conflicts of interest?
Accurate accounting records and Accurate accounting records and reporting?reporting?
Compliance with applicable laws, rules, Compliance with applicable laws, rules, and regulations?and regulations?
Prompt reporting of violations of the code?Prompt reporting of violations of the code?
13
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Integrity & Evaluating Integrity & Ethical ValuesEthical Values
2.2. Is the Code of Conduct Operating Is the Code of Conduct Operating Effectively?Effectively?
Communicated effectively (know to Communicated effectively (know to staffs)?staffs)?
Annual certification by everyone covered?Annual certification by everyone covered? New hire and periodic reinforcement New hire and periodic reinforcement
training?training? Management involvement and oversight?Management involvement and oversight?
14
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Commitment to Evaluating Commitment to CompetenceCompetence
1.1. Are employees properly trained to Are employees properly trained to carry out their work?carry out their work?
Evaluation Techniques:Evaluation Techniques: Employee SurveysEmployee Surveys Internal Control EvaluationsInternal Control Evaluations AuditsAudits Staff Focus GroupsStaff Focus Groups
15
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Commitment to Evaluating Commitment to CompetenceCompetence
2.2. Is employee morale good?Is employee morale good? Employee SurveysEmployee Surveys Staff Focus GroupsStaff Focus Groups Studies (e.g., sick leave patterns, Studies (e.g., sick leave patterns,
turnover)turnover) AuditsAudits InvestigationsInvestigations
16
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Management Evaluating Management OversightOversight33
1.1. Are there established procedures for an Are there established procedures for an Ethics Hotline/Whistleblower Program?Ethics Hotline/Whistleblower Program?
Evaluation Techniques:Evaluation Techniques: Is there a procedure for receiving and Is there a procedure for receiving and
retaining information?retaining information? Do procedures provide whistleblower Do procedures provide whistleblower
protection and provide for anonymous tips?protection and provide for anonymous tips? Are any calls coming in?Are any calls coming in?
3 Adapted from COSO, the Sarbanes-Oxley Act of 2002 and PricewaterhouseCoopers white papers.
17
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Management Evaluating Management OversightOversight
2.2. Is Top Management providing Is Top Management providing oversight?oversight?
Evaluation Techniques:Evaluation Techniques: Are they periodically evaluating internal Are they periodically evaluating internal
controls and antifraud programs?controls and antifraud programs? Assessing whether control activities over Assessing whether control activities over
fraud risks are adequate and effective?fraud risks are adequate and effective? Are fraud audits and are investigations Are fraud audits and are investigations
conducted fairly and objectively? conducted fairly and objectively?
18
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Management’s Evaluating Management’s Philosophy and Operating Philosophy and Operating StyleStyle
1.1. Does management evaluate and test Does management evaluate and test the design and operating effectiveness the design and operating effectiveness of antifraud controls on an annual of antifraud controls on an annual basis?basis?
The potential for fraud should be The potential for fraud should be considered as part of the agency-wide risk considered as part of the agency-wide risk assessment.assessment.
Antifraud programs and controls should be Antifraud programs and controls should be in place that are appropriate to the in place that are appropriate to the likelihood and impact of potential fraudlikelihood and impact of potential fraud
19
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Management Evaluating Management Philosophy and Operating Philosophy and Operating StyleStyle
2.2. What is the way in which management What is the way in which management responds to any significant deficiencies and responds to any significant deficiencies and material weaknesses that are identified by material weaknesses that are identified by the agency, internal audit or OIGs?the agency, internal audit or OIGs?
1.1. Are matters thoroughly investigated? Disclosed?Are matters thoroughly investigated? Disclosed?
2.2. Are internal controls assessed and improved?Are internal controls assessed and improved?
3.3. Is there communication and training to reinforce Is there communication and training to reinforce values, policies, etc.values, policies, etc.
4.4. Are violators treated in a consistent and Are violators treated in a consistent and appropriate manner?appropriate manner?
20
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating Assignment of Evaluating Assignment of Authority and ResponsibilityAuthority and Responsibility
1.1. Are unit and individual performance Are unit and individual performance linked to organizational goals?linked to organizational goals?
Evaluation Techniques:Evaluation Techniques: At the most senior level are executive At the most senior level are executive
performance agreements used?performance agreements used? Are executives held accountable for results?Are executives held accountable for results?
Are expectations set so that staff Are expectations set so that staff understand how their daily activities understand how their daily activities contribute to results-oriented programmatic contribute to results-oriented programmatic goals?goals?
21
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Evaluating HR Policies and Evaluating HR Policies and PracticesPractices
1.1. Are targeted investments in Are targeted investments in professional development being made?professional development being made?
2.2. Is a results-orientated culture Is a results-orientated culture encouraged?encouraged?
3.3. For sensitive positions, are background For sensitive positions, are background checks being performed?checks being performed?
22
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
What Makes Soft What Makes Soft Controls So Difficult?Controls So Difficult?
23
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Understanding Soft Understanding Soft ControlsControls
What Makes Soft Controls So Difficult?What Makes Soft Controls So Difficult? 44
With hard controls both theory and practice With hard controls both theory and practice are provided (technical skills)are provided (technical skills)
Early contributions to behavioral sciences Early contributions to behavioral sciences seemed to provide knowledge without seemed to provide knowledge without effecting changes in behavior. (Elton Mayo)effecting changes in behavior. (Elton Mayo)
The challenge is to identify social skills that The challenge is to identify social skills that are usable in ordinary human situations.are usable in ordinary human situations.
4 Paul Hersey and Kenneth H. Blanchard, Management of Organizational Behavior: Utilizing Human Resources, Third Edition (Englewood Cliffs: Prentice-Hall, Inc., 1977) p. 1
24
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
What Makes Soft Controls So Difficult?What Makes Soft Controls So Difficult? 55
The Nature of Change:The Nature of Change:
Understanding Soft Understanding Soft ControlsControls
Time and Difficulty involved in Making Various Changes
Knowledge
Attitudes
Group Behavior
Low
High
Dif
ficu
lty
Invo
lved
Short
Individual Behavior
LongTime Involved
5 Ibid. p. 3
25
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Understanding Soft Understanding Soft ControlsControls
A Behavioral Approach to ManagementA Behavioral Approach to Management 66
““Our greatest failure as human beingsOur greatest failure as human beings
has been the inability to has been the inability to
secure cooperation and understand with secure cooperation and understand with others.”others.”
6Ibid. p.1
26
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Soft Controls: Soft Controls: A New A New ViewView
27
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
How can I better understand employee motivation?How can I better understand employee motivation?
Understanding Soft Understanding Soft ControlsControls
Are the things that make people satisfied and motivated on the job
either the same as or different from the kind of things that make them
dissatisfied?
Answer: They’re different
28
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
How can I better understand employee motivation?How can I better understand employee motivation?
Understanding Soft Understanding Soft ControlsControls
7 Frederick Herzberg, “One More Time: How Do You Motivate Employees?”, Harvard Business Review 81, no. 1 (January 2003), p. 91
“The . . . factors involved in producing job satisfaction (and motivation) are separate and distinct from the factors that lead to
job dissatisfaction.” 7
29
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
How can I better understand employee motivation? How can I better understand employee motivation? 88
Understanding Soft Understanding Soft ControlsControls
8 Ibid. pp. 87 – 96.
Job Satisfaction (Motivation)
AchievementRecognitionWork itselfResponsibilityAdvancementGrowth
Job Dissatisfaction (Environment)
Company Policy and Admin.SupervisionInterpersonal RelationshipsWorking ConditionsSalaryStatus, and Security
30
AG
A A
ud
io
Con
fere
nce
Novem
ber
12,
2008
Contact Information:Contact Information:Mark B. MitchellMark B. Mitchell
Director of Internal AuditDirector of Internal Audit
NYSERDANYSERDA
(518) 862-1090(518) 862-1090
[email protected]@nyserda.org