Can You Save By Pausing Your Car Insurance?

This post was originally published on this site

With many companies extending work-from-home policies through to next summer, you might no longer need your car for the commute. As the average household has nearly two cars, could you keep one in storage, and save money by cancelling the car insurance until you need it again?

Read more…

Nab Free Food With These Fast-Food Apps

This post was originally published on this site

If you’re looking for free fast food, loyalty apps often have the best deals. Digital coupons usage has finally exceeded paper coupons (according to Inmar Intelligence) during the pandemic, but a big part of that trend is the growth of mobile rewards programs. With brands investing heavily in apps, expect them to be…

Read more…

It’s Time to Audit Your Autopay Subscriptions

This post was originally published on this site

How many subscription services do you pay for? A study by the tech consulting firm West Monroe found that the average American spends $237 a month on autopay subscriptions, or $2,844 for the year, and most of them underestimate what they think they owe. If you’re not sure what you’re spending, it’s time to audit your…

Read more…

The Lost Year 2020: Focusing on the fundamentals for solutions DURING and POST-COVID-19.

How do you plan for a smooth re-opening and manage increased uncertainty?  

First, as the world continues to struggle and cope with the effects of COVID-19, we hope you and your team are doing well. With the increased possibility of a second wave, precautions to help protect the health and wellbeing of your staff, clients/customers, stakeholders, and your local communities remains a priority.

COVID-19 began as a health pandemic, quickly evolved to a global recession, and continues to create economic challenges disrupting businesses and cause financial hardship to households. While we all wait for an effective medical solution (vaccine and treatment), COVID-19 continues to impact your business—value chains, employees, stakeholders, and customers in different ways.

What remains hard to accept is the rapid pace of change—a reality that is not only difficult to understand, but equally tricky to admit, as we all make the best of 2020. As lockdown restrictions get relaxed and most states and nations struggle re-opening for business, you need to re-evaluate your value-chain, and find solutions to your current customer problems and challenges. It’s time to re-visit the fundamentals and plan for the future.

Eight Value-chain considerations as you plan to re-open

(1) Understand changing customer expectations and shifts in demand. 

a. How is COVID-19 affecting your customers and their supply chains – Volatility, Uncertainty, Complexity, and Ambiguity?

b. What trends have you seen, and how will these continue during and post-COVID-19?

c. What additional solutions can you provide to help your clients/customers during and post-COVID-19?

(2) Construct scenario plans and apply lessons learned (you can’t help your customers if your business is struggling).

a. Think of a “Best-Case” and “Worst-Case” scenario, and apply lessons learned to plan for the next 3 to 6 months. How should your business function during and post-COVID-19? 

b. What decisions must you make to manage cash and credit? 

         c. What cash flow challenges are you and your customers facing, and the impact on receivables?

d. What expenses must you re-negotiate?

(3) Manage uncertainty Few experts can predict an economic and fiscal solution to a health pandemic like COVID-19 unless there is an effective vaccine or treatment.  

a. What must you do to survive in uncertain times?

b. Re-evaluate your customer personas. How would you prioritize your ideal customers during and post-COVID-19?

c. What customers can you afford to lose, and what new customers should you target?

         d. What new skillsets will your team need to address current challenges?

         e. Where can you reduce headcount to save money without exposing your organization to new risk?

         f. What roles are critical towards providing essential services and address current challenges? 

(4) Prepare a contingent plan for your “worst-case” scenario.  

a. Increased economic and geopolitical uncertainties impact visibility and demand planning.  Assuming no revenue, how long can your business survive the next 6 to 12 months? 

b. Does it make sense to pivot into other areas? 

c. Your “best-case” scenario can’t be totally ignored either. Some businesses have struggled to manage unprecedented growth during COVID-19 due to a lack of planning.   

(5) Embrace technology.  Select the right technology and tools to support your employees and clients. 

a. How can you improve your digital presence to connect with and engage customers in ways they see as valuable? 

b. What new technology must you embrace and make it easy for current and new customers to work with you?

(6) Manage health and safety concerns. 

a. What health and safety controls must you implement and communicate to your employees and customers to address their concerns during and post-COVID-19?

b. What additional costs and resources will you need to address all health and safety concerns as your business re-opens?

(7) Stay on top of the changing regulatory and risk environments. 

a. What are the fundamental regulatory changes impacting your industry? 

b. What are some of the emerging and rapidly evolving risks you should be aware of during and post-COVID-19?

(8) Update your critical processes, policies, and procedures and train stakeholders.  

a. What changes must you make to your critical processes during and post-COVID-19 to continue delivering exceptional customer experiences?

b. How will you maintain processes, policies, and procedures and communicate the changes to stakeholders?

While these eight steps are not the totality of items management should consider, your internal audit department or an equivalent function, can provide valuable support to management, and insights in helping the organization create value.  However, adding or creating value is not enough.  As you make changes based on available data and other factors, think of ways your internal audit function should evolve and provide timely assurance, expertise in a consulting capacity, and insights to help your organization succeed.  By supporting management to achieve strategic goals and objectives, perform audits and reviews that matter, your internal audit team can quickly adapt and continue not only to add value, but to help management capture and sustain value over time.


“Get the fundamentals down, and the level of everything you do will rise.” Michael Jordan

The lockdown restrictions could be tightened if the number of COVID-19 infections continues to increase.  Your team can take appropriate steps to get the fundamentals right to ensure your business succeeds.  When our favorite athletes encounter difficulties, they often turn to the fundamentals. As your team struggles to cope and adjust to the COVID-19 challenges, some modifications to your strategy and fundamentals are essential to not only adapt, but to thrive during difficult times, and continue to meet your clients’/customers’ expectations. 

By re-evaluating your current end-to-end customer support process, your team will discover a way to make timely changes to continue providing value-added solutions during and post-COVID-19.  Modernized solutions and processes are needed to deliver exceptional customer experiences, increasing their willingness to pay for your products and services. 

Stay Safe!

Jonathan Ngah, CISA, CIA, CFE, CGFM, is a principal at Synergy Integration Advisors, a professional services firm providing internal audit outsourcing and internal audit co-sourcing services to government institutions, private-sector, and not-for-profit organizations in the US and the Asia Pacific (APAC) regions.

Going back to fundamentals. Why re-evaluate your Current and Post-COVID-19 Strategy?

Why must you re-visit your business fundamentals now?

“You go back to fundamentals when things start to go awry.” Bill Cowher      

We have all seen our favorite athletes, entertainers, leaders, and teachers encounter and overcome challenges. In difficult times, they often turn to the fundamentals.  Your strategic plan is formulated on core business principles—or fundamentals.  As your teams struggle to adapt and cope with the disruptions from COVID-19, early emphasis between February and May 2020 was about surviving.  What immediate changes must management make to survive in uncertain times? 

As things settled, visibility on the impact such as loan defaults, canceled orders, increased refunds, etc., became apparent.  The new reality surrounding your business has changed. COVID-19 has fundamentally impacted your employees and customers in different ways. Now is the time to re-visit the fundamentals—your strategy to understand the following:

  • What went wrong? 
  • How where we blindsided? 
  • What must we do differently to plan and adapt to the new reality?

Unless, in extreme circumstances, COVID-19 did not and will not change your mission. The fundamentals—your business strategy needs to be evaluated.  How you continue executing your strategy should change to help your teams identify and resolve misalignments, plan, and adapt to the current and post-COVID-19 business environment.

How do you get there?

Going back to the fundamentals requires a simple view of your strategic planning, strategy-formulation, and strategy-execution as an ongoing process.  A designated and neutral Point of Contact should coordinate the re-evaluation process and provide support towards accomplishing the following:

  1. analyze the current environment and identify metrics, 
  2. facilitate collaboration with management and stakeholders and learn during strategy formulation, and 
  3. provide tools and support as needed for your management teams to execute the strategy during and post-COVID-19 and improve.

Mistakes to Avoid – Misalignment Misfortune

We’ve all heard the many clichéd ways to describe when multiple components are aligned in their goals or strategy: “We’re all in this together,” “we’re operating on the same wavelength,” “we’re rowing in the same direction.” And there are plenty more. Achieving alignment in a common goal is critical to the success of any group endeavor. Even one person marching to the beat of a different drummer can threaten the success of the entire group. This dynamic plays out in all facets of business activity.  We’ve seen countless examples of when a business unit impacts strategy execution due to different objectives, not in alignment with the enterprise goals.  

  • Such misalignments (strategic misalignments) probably existed across organizations pre-COVID-19.  
  • Strategic misalignments further complicate the ability to develop and implement a plan to respond in the short-term and long-term to the COVID-19 challenges and other future events.

This quote by Sun Tzu, author of the Art of War, captures the difficulty in achieving success without getting what we call in the modern age “buy-in” from all those involved in the endeavor: “Unhappy is the fate of one who tries to win his battles and succeed in his attacks without cultivating the spirit of enterprise; for the result is a waste of time and general stagnation.”  

  • Why does strategic misalignment exist and remain unresolved? 
  • What is the actual cost if not resolved over time?
  • How will this impact your ability to implement long-term sustainable changes to adapt to the new realities during and post-COVID-19?

There are eight reasons why strategic misalignment occurs and why management and internal auditors fail to resolve those imbalances when they do occur. They include:

  1. Lack of awareness – No one recognized the misalignment.
  2. Management is aware and can’t resolve – Lack of adequate processes and controls with oversight.
  3. Competing and conflicting priorities – Lack of sensitivity towards resource constraints (capacity).
  4. Inappropriate tone and corporate culture at the enterprise or business unit and departmental levels.
  5. Continuous Process Improvement (CPI) projects, internal audits, and reviews performed, are not aligned with strategic goals and objectives.
  6. Inability to identify and mitigate risks – This includes emerging risks and the rapid pace of evolving risks.
  7. Lack of visibility understanding the long-term compliance implications and added cost from regulatory fines.
  8. Inability to execute strategy and meet changing customers’ expectations.

These eight-steps can help your teams identify misalignments between enterprise strategy and business unit priorities, as you re-evaluate and develop a long-term plan to adjust to the new realities during and post-COVID-19.  Strategic misalignments should be identified and resolved as soon as possible to avoid long-term financial losses, reputational damage, and improve responsiveness to the changing business environment.  

Our next post will elaborate on how you can continue re-evaluating your fundamentals, especially in difficult times. The post will provide suggestions on what your teams should focus on as the lockdown restrictions get relaxed, and most states continue re-opening for business.

Jonathan Ngah, CISA, CIA, CFE, CGFM, is a principal at Synergy Integration Advisors, a professional services firm providing internal audit outsourcing and internal audit co-sourcing services to government institutions, private-sector, and not-for-profit organizations in the US and the Asia Pacific (APAC) regions.

How Internal Audit can Navigate Volatile Risk Environments to Create Value

One of today’s pressing management concerns is: What is internal audit’s role in risk management?

There is broad agreement that internal audit has an important part to play in risk management, but just where to draw the line is always a controversial topic. Some make the argument that internal audit should play a lead role in risk management, setting the risk management agenda and advising management on risk issues. Others take a more traditionalist position, arguing that internal audit should only audit the risk management function.

It’s not surprising. These widely divergent views stem from major philosophical differences on the role of internal audit. As an internal auditor, I often ask clients and stakeholders what they believe to be my role. The answers tend to vary widely depending on the maturity level of the client’s internal controls environment. Government and Public-Sector clients might see internal audit as a function responsible for Internal Controls over Financial Reporting (ICOFR) and Internal Controls over Financial Systems (ICOFS). Others from this sector believe internal auditors perform assessments related to the Office of Management and Budgets (OMB) Circular No. A-123, management’s responsibility for Enterprise Risk Management (ERM) and internal control as “control experts.” Some in the private sector point to internal audit’s responsibilities for Sarbanes-Oxley Act (SOX) compliance, while others say the internal auditor’s primary role is to uncover fraud, waste and abuse.

The one common reply, however, that internal auditors are the “controls experts,” rarely changes which raises the question: Where did the Internal Audit profession fail in educating clients and stakeholders about internal audit’s roles and objectives?

If stakeholders have a narrow, limited view of the problems we solve as internal auditors, what are we doing collectively to change that perception? The noted psychologist Abraham Maslow observed: “If the only tool you have is a hammer, then every problem looks like a nail.” If stakeholders view internal auditors as only “control experts,” then Maslow’s quote can be rephrased: “If our only tools as internal auditors are controls, then every problem looks like a potential risk.”

If, as a profession, we want to think more broadly and completely about the role of internal audit in risk management, we need to think beyond controls. What tools are required and when for the internal audit function to navigate the volatile and complex risk environment to create value?

The internal audit risk management toolbox should include the following:

  1. The identification of risks;
  2. The prioritization of risks;
  3. The evaluation of the underlying process, systems and management’s capabilities to manage risks;
  4. The design and implementation of internal controls to mitigate risks; and
  5. Continuous monitoring and evaluations of controls to determine effectiveness in mitigating risks.

This is how clients and stakeholders should define our roles as “control experts” and in turn this is critical for internal auditors to create value for our clients.

In an earlier publication titled “Many Internal Audit Failures Stem from Misalignment with the Company Strategy” I defined the Internal Audit Value Chain (IAVC) and its key components. The IAVC is “Enterprise-wide initiatives impacting functional areas across every organization involving a combination of people, processes, technology, and tone-at-the-top to drive accomplishment of goals and profitability.” Internal audit’s role in the value chain requires understanding the organization’s: (1) strategic direction, (2) risk management and monitoring, (3) operational efficiencies, (4) quality and compliance, (5) financial reporting, and (6) responsiveness to customer and regulatory needs to create value. It’s important to keep in mind that these priorities are not static and vary as enterprise-wide objectives and needs evolve. In this article, part two, we are looking, as you have already guessed, at risk management and monitoring.
In the Institute of Internal Auditors’ Internal Auditor publication, “Optimizing Internal Audit,” I defined risk assessments as they relate to ongoing organizational activities to include: an understanding of internal audit priorities that drive annual audit plans and information obtained and evaluated by internal auditors from continuously interacting with stakeholders. Internal auditors simply must have a strong understanding of the macro and micro risks impacting their respective organizations.

Eight Steps to Navigate Volatile Risk Environments

There are eight primary steps internal audit teams can take in collaboration with stakeholders to identify and mitigate evolving risks that could have significant impact on their organizations if ignored. They include:

  1. Ensure collaboration among the Three Lines-of Defense: There are many adaptations of the three-lines-of-defense approach to involve business lines, risk management, and compliance and audit team collaboration in identifying and managing risks. KPMG provided a good example in a white-paper by Doron Telem titled “The Three Lines of Defense: Making the Transition to a Mature Risk Management Model.” In this paper, Telem asserts that such collaboration, “could entail workshops with management, as well as some external expertise and interviews (including with non-management individuals) to ensure as many issues as possible have been considered.” The IIA position paper: “Three Lines of Defense in Effective Risks Management and Control” provides an excellent base-line example. The IIA paper acknowledges the unique factors impacting every organization that must be considered in coordinating the three-lines-of-defense duties and the underlying role of each group in the risk management process.

    To recap the three lines of defense approach:

    • The first line-of-defense consists of Line-of-Business (LOB)/Department Managers who are the risk owners.
    • The second-line-of-defense consists of risk management, control management and compliance professionals with limited independence identifying and mitigating risks.
    • The third-line-of-defense consists of risk assurance professionals with greater independence such as internal audit reporting to a committee or governing body.

    Prior to assigning any LOB lead as a “risk owner,” steps must be taken to validate that risk owners have the technical skills to understand the dynamic nature of the risks assigned to them. If a manager began as a bank teller 30 years ago, for example, and advanced through seniority into a leadership position, assigning key risks to such a manager, without evaluating his or her skills in the context of the current operating environment would be significantly risky. The threats to banking have evolved a great deal during the past 30 years.
    The IIA paper concludes that all three-lines of defense should exist in some form at every organization, regardless of size or complexity. A modified version of this framework is needed for any organization, including government agencies, to effectively identify and mitigate risks.

  2. Adopt a risk management methodology/framework: According to the IIA’s 2018 North American Pulse of Internal Audit report, Chief Audit Executives (CAEs) need to position internal audit to be an internal disruptor, relentlessly challenging the status quo and identifying and focusing on emerging risks.

    An objective methodology should be used to evaluate and prioritize risks in the context of the organization’s strategic direction. The process should be ongoing and provide flexibility to make timely changes as new information becomes available. A comprehensive risk assessment methodology should include mitigation strategies in the context of the organization’s resources, such as: culture, processes, technology, and risk tolerance.

  3. Establish Operational Risk Management (ORM) and Chief Risk Officer (CRO) roles and authority: How much authority does the ORM function and CRO have in influencing key decisions? ORM is a highly specialized function requiring complex data analysis and modeling skills with responsibility to identify and monitor risk exposures against management’s appetite for risk.

    Executives, committees, and business unit managers making key decisions might not view risks through the same lens as ORM experts. Could there be instances when ORM predicted an incident, but lacked the authority to mitigate the risks? It happens all the time. Any disconnects between ORM conclusions and management decisions should be taken seriously by an independent function such as internal audit and be targeted for further review.

  4. Conduct continuous monitoring and assessments: The concept of continuous auditing and monitoring is frequently discussed by internal audit practitioners but not often implemented. Plenty of literature exists on this topic. A Deloitte white-paper, “Continuous Monitoring and Continuous Auditing: From Idea to Implantation,” for example, covers this topic in detail. The paper provides two key explanations as to why few organizations implement continuous monitoring and auditing. First, management has not seen a clear, strong business case for establishing either continuous monitoring or continuous auditing in their organizations. Second, management lacks a clear picture of how continuous monitoring and auditing would be implemented.

    Given the increasing threats and dynamic nature of risks confronting many organizations, an inflexible or static “annual audit plan” approach might not provide the responsiveness needed for internal audit to quickly change course and address evolving risks. The use of Risk and Control Self-Assessments (RCSA’s) in theory seems a practical approach. Analyzing the output from an RCSA and the skills of the risks’ owners might highlight inefficiencies in identifying and mitigating evolving risks.

  5. Prioritize and perform Test-of-Design (TOD) and Test-of-Operating Effectiveness (TOE) for high risk controls, processes and functions: Assuming the cost of implementing a control does not exceed the benefits of the controls, then some element of prioritization is needed to determine which controls to test and when. Internal controls that mitigate key risks to the organization across various LOB functions are the logical places to start. Management and internal audit can use other subjective factors to include operational or compliance needs and determine other areas to perform TOD and TOE.

    Using limited organizational resources to perform extensive TOD and TOE without a focused approach on risks or other factors is not ideal. With adequate planning and emphasis, performing TOD and TOE remain critical tools for management and internal audit to use in navigating volatile risk environments to create value. Findings from controls testing can create value if recommendations are properly documented to allow LOBs to understand disconnects and see the value of remediating issues to prevent re-occurrence.

  6. Achieve Line-of Business (LOB) collaboration and consensus on findings and recommendations: In order to gain collaboration from LOB leadership, internal audit should have obtained their blessing on which areas to review as part of annual or periodic audit planning. For the three-lines-of defense to function correctly, stakeholders—including ORM and CRO—must collaborate extensively during the audit planning, execution, reporting, and remediation phases. Without this level of participation, internal audit will run into several roadblocks along the way in navigating volatile risk environments. The interpersonal, problem solving, communication, and technical skills of the internal audit team are the foundations of any successful effort to obtain consensus on findings and recommendations. The desired output is LOB processes and controls to mitigate risks and prevent re-occurrence.
  7. Help foster a positive corporate culture (Corporate culture vs LOB sub-cultures, management skills and incentives, staff turn-over and risk tolerance): Quantifying and qualifying the impact of failures of culture and tone-at-the-top, if not properly addressed, are near impossible to correct in the long term. For example, the problems at Wells Fargo covered in Part One, “Many Internal Audit Failures Stem from Misalignment with the Company Strategy,” that began in September 2016, could not be quantified as of May 2018 although the damage to corporate reputation is clear.

    Consistent failures stemming from poor tone-at-the-top, sub-culture clashes across different LOB’s within an organization, lack of skills to identify and mitigate key risks, and inability to implement continuous monitoring and oversight of key functions are a few examples that could expose an organization (Starbucks and Facebook as high-profile examples) to significant risks. Internal audit may see these dynamics at varying levels while executing our mission. Failure to accept the reality and risks associated with these problems can be directly linked to the inability of the internal audit function to navigate volatile risk environments and thereby create value for the corporation.

  8. Consider external factors that could encourage excessive risk taking: Regulators frequently have a limited ability to effectively enforce regulations across industries to protect consumers and create desired outcomes. Regulators are often behind the times or unconsciously allow loopholes—often temporary—in the enforcement of regulations. Management will often use these loopholes or the “everyone is doing it” rationale to justify excessive risk-taking. Internal audit must understand external factors and loopholes used by management to obscure the true risk landscape and implement adequate processes to identify and mitigate risks.

While these eight steps do not define the totality of internal audit’s role in helping the organization identify and manage risk, they provide a solid roadmap for internal audit to navigate the volatile and complex risk environment and create value for the organization along the way. Executives and managers should empower risk management and internal audit teams to help quickly identify and prioritize risks, evaluate the underlying processes and systems related to risk management, and assess the design and implementation of internal controls to mitigate risks. Significant risks must be identified, and mitigation strategies and controls implemented in a timely manner to avoid long-term financial loss and reputational damage.

Jonathan Ngah, CISA, CIA, CFE, CGFM, is a Principal at Synergy Integration Advisors, a consulting firm providing Audit, Governance Risk and Compliance (GRC) solutions to Federal Government Agencies, private-sector and not-for-profit organizations.

Improving Performance Measurement for Government Sector Organizations

The first step in improving performance is Performance Measurement. While Dr. Deming did not actually say “If you can’t measure it, you can’t manage it”, he strongly emphasized the importance of metrics whenever possible. The Association of Government Accountants(AGA) defines performance measurement as an expression of how well an entity has performed in relation to a baseline such as established goals. The Government Performance and Results Act (GPRA) of 1993 provides guidance and standards on evaluating and reporting performance. Private sector guidance and standards such as the Sarbanes-Oxley Act (SOX) of 2002, and its government sector equivalents – the Office of Management and Budget (OMB) requirements provide frameworks to meet accountability requirements and evaluate and report performance.

Government agencies and public services organizations performance measurements may not be the same as the profitability and productivity measurements used by for-profit private sector organizations. However, there are many ways for government and public services managers to demonstrate Stewardship and Accountability in the use of tax payer resources to provide critical services and report performance.

The AGA “Public Attitudes toward Government Accountability and Transparency 2008 to 2010” report exposed significant public concerns about lack of trust and transparency from the government such as: (1) An obligation to report and explain the sources and use of funds, and (2) Responsibility to the public for spending.

Government and public services financial managers have made significant improvements in accountability and transparency since 2010. Yet the perception remains that some organizations are not a good steward of public funds.

What changes in Stewardship and Accountability should tax payers expect from managers in the use of tax payer resources to provide critical services?

How do these managers adjust to the “new normal” – continuous budget cuts and provide improved accountability and transparency?

How can agency managers reconcile a focus on supporting their missions with improved financial management?

Private sector Chief Financial Officers (CFOs) and their Financial Management Teams (FMTs), work within an evolving “profit, cost and loss” environment as well as standards and guidance such as SOX that presents significant incentives to function in an efficient and effective manner. Lack of “profits” and in some rare-cases lack of “cost” objectives should not stop government and public services managers and their FMTs from going beyond the requirements of existing standards such as the CFO Act, GPRA and OMB to execute their missions and improve public trust through Accountability and Transparency.

Below are eight (8) performance improvement suggestions to consider:

  1. Alignment of policies and procedures with agency objectives and strategy: Unlike private-sector CFO’s, government and public services managers have minimal input to the policies mandated by congress through legislation. Even more challenging, these FMTs might have to deal with frequently changing policies that could conflict with their agencies mission and strategic objectives.

    Within the Federal space, FMTs must comply with multiple, conflicting policies and voluminous Standard Operating Procedures (SOPs). The awareness, interpretation and application of all applicable Financial Management policies presents a daunting task. Below are some suggestions for government and public services managers to consider with every change in administration:

    • Review universe of applicable policies to confirm relevance to mission and financial reporting.
    • Update SOPs to reflect changes and ensure alignment with your strategic objectives, and proper interpretation and application throughout your agency.
    • Solicit feedback and confirm understanding and acceptance from the agencies FMT. Communicate feedback to appropriate stakeholders, and proactively resolve any concerns.
    • Maintain on-going monitoring through self-assessments to confirm appropriate interpretation and application.
    • Keep it simple. Many Federal FMTs such as the Department of Defense (DoD) are tasked with supporting complex multi-faceted missions. These teams must execute well in supporting all aspects of their missions. Complex policies and SOPs will have a counter-productive effect given the complex nature of some of the agencies operations.
  2. Integrated governance, risk and compliance (GRC): Several standards and guidance documents exist to help government and public services managers and their FMTs operate in an efficient and effective manner, to execute missions and provide accountability and transparency to congress and tax payers. Government and public-sector FMTs must embrace performance expectations and a culture of accountability and make appropriate changes.

    Accountability begins by keeping things simple with a focus on high-risk items that could significantly impact the agencies mission and operations, strategic objectives and, financial reporting and, prevent and detect fraud, waste and abuse.

    Complex solutions, when applied to solve complex problems in the context of a complex operating environment often result in predictable and expensive failures. If sustainment, effectiveness and efficiency are important, solutions must be simple.

    Private-sector organizations have learned how to integrate GRC strategies to drive performance results, minimize reporting errors and realize significant savings by not performing these tasks in organizational silos. What is stopping government and public services managers from modifying and applying these concepts in a similar manner within the framework of existing OMB standards?

  3. Changes to the tone-at-the-top (entity-level controls): For any organization to function in an effective and efficient manner, there needs to be a balance between personnel, processes, and systems. The tone-at-the-top brings this together as leadership makes critical decisions to ensure the following:
    • People – the right personnel, with the right skills are available to get the job done right the first time and minimize waste through re-work.
    • Processes – the combination of manual and automated processes has been properly designed and implemented to help the organization accomplish its objectives. Simplicity, functionality, acceptance and understanding by staff is critical for efficient and effective processes. On-going monitoring is critical to assure that changes are made appropriately and align with strategic objectives and missions.
    • Technology – the systems and tools deployed by an organization are only as good as the ability of employees to utilize the technology in the context of the organizations processes, policies and procedures to accomplish objectives, in an effective and efficient manner, and report performance.
    • Tone-at-the-top – government and public-sector organizations are expected to comply with multiple and complex and often conflicting policies; while relying on outdated processes and legacy systems. Management must institute a focus on effective and efficient processes and workflow improvements to maximize performance while operating in an environment of continuous budget cuts. Leadership must establish and enforce a culture of performance and accountability.

    Tenures for commercial CFOs and executives are often longer than four (4) to eight (8) years, which means they have the time to develop and implement long-term sustainable solutions. Changes in administrations often result in turnover and gaps in key government and public services positions. The frequency of turnovers and delays in filling top positions presents challenges that impacts continuity, tone and the ability to implement long-term sustainable changes. The challenges should not stop government and public services managers from implementing the appropriate tone, delivering results within budget and, providing improved accountability and transparency.

  4. Independent and objective internal audit function: Can the Office of Inspector General (OIG) function like a true best-in-class private sector internal audit department to create and sustain value?

    The Institute of Internal Auditors (IIA) in its guidance and standards outlines 16 steps for creating and sustaining an internal audit department. Examples of these steps include: Establishing authority for the internal audit function, identifying leadership and an independent audit committee and, understanding bench-marking needs. Private-sector organizations with best-in-class internal audit functions go beyond the traditional internal audit role of reporting findings to making recommendations to improve accountability and transparency. For private sector organizations profit, cost and loss objectives are the incentive to develop internal audit functions capable of creating and sustaining value in many ways.

    Are the OIG departments within most Federal Agencies set-up to function within the frame-work of existing Federal guidance and standards and be the equivalent of a best-in-class internal audit function? If the answer is “no”, then the next obvious question is, why not?

    A best-in-class OIG could be the reason to ensure a Federal Agency executes its mission and realize economy, efficiency and effectiveness of operations and accountability.

    Could there be a benefit having a singular, uniform OIG and internal audit structure across all Federal Agencies? Achieving significant improvements requires identification of and consequences for continuous violations and non-compliance with policies and guidance.

  5. A best-in-class comptroller and CFO organization: Can the government and public-services sector agencies establish a best-in-class comptroller and CFO shop like those in the private-sector?

    The U.S General Accounting Office (GAO) in its April 2000 Executive Guide series publication examined the reforms laid out by the CFO Act and subsequent related legislation, and described how they can be effectively implemented, to place Federal CFOs/FMTs on par with private sector corporations, as well as state and local governments that have already made investments in financial management.

    According to this GAO report, the private sector, CFOs/FMTs roles previously centered on oversight and control, focusing on fiduciary responsibilities and with less attention to increasing the effectiveness of operating divisions. However, the evolving business environment created need for significant changes. Increased competition resulted in the requirement to find new ways to reduce administrative costs, add value, and provide a competitive advantage. At the same time, advances in information technology made it possible for CFOs/FMTs to shift from a paper-driven, labor intensive, clerical role to a more consultative role as advisor, strategist, analyst, and business partner. Government and public-services sector CFOs/FMTs face similar pressures to increase efficiency.

    The list below outlines the recommendations from the GAO report:

    • Build a foundation of control and accountability that supports external reporting and performance management.
    • Provide clear, strong executive leadership.
    • Use training to change the organizational culture and engage line management.
    • Assess the finance organization’s current role in meeting mission objectives.
    • Maximize the efficiency of day-to-day accounting activities.
    • Organize finance to add value.
    • Develop systems that support the partnership between finance and operations.
    • Reengineer processes in conjunction with implementing new technology.
    • Translate financial data into meaningful information.
    • Develop a finance team with the right mix of skills and competencies.
    • Build a finance organization that attracts and retains talent.
  6. Best-in-class Information Technology (IT) and Information Security (IS) operations: The availability, reliability and integrity of data is important to make timely and critical business decisions to help an organization accomplish objectives and provide accurate financial and performance reports. Within most organizations, the IT function plays a significant support and facilitation role to the CFO/FMT and other stakeholders. The ability of the IT/IS and CFO/FMT teams to speak a common language is a critical component for them to work as an integrated team to help the organization accomplish objectives while providing improved accountability and transparency.

    Some government and public-services sector organizations have struggled achieving financial audit objectives due to challenges obtaining and providing adequate and complete “evidential matter” to support audits from key systems. For these agencies, the inability to obtain accurate, complete and reliable data impacts their ability to make critical business decisions which impacts performance.

    While struggling to modernize their IT infrastructure, federal and public-sector agencies must also respond to increasing Cybersecurity threats. The recent experience with the City of Atlanta, GA (after a March 22, 2018 ransomware cyberattack affected multiple applications and client devices) highlights the need for heightened cybersecurity controls and processes. Best-in-class organizations realize the need to separate the IT support and facilitation role from the IS function.

  7. Human capital requirements: Investments in a skilled work force that can function within the dynamic nature of your organization’s operations is critical. Government and public-services sector CFOs/FMTs must begin by assessing areas for “skills” improvements within their respective organizations and be open to new ideas to accomplish results in an efficient and effective manner.

    Pro-actively targeting, recruiting and retaining talent from best-in-class private sector organizations could be an alternative approach to diversify the skills within your respective teams. Look for accountants, auditors, risk management and information systems professionals with proven experience successfully applying accounting, auditing and IT principles and concepts across multiple industries. Such employees can successfully transition into the government and public-services sector space and drive performance results.

  8. Continuous monitoring: The evolving risks facing many government and public-services sector organizations remain an area of concern. Identifying, prioritizing and mitigating key risks impacting operations, performance and financial reporting must remain a top priority.
    The questions raised, and issues discussed in this article are an attempt to explore simple solutions and facilitate conversations on ideas that could be implemented to improve performance measurements, reporting, accountability and transparency for government and public-services sector CFO’s/FMTs in the context of existing standards and guidance. Budget uncertainty and constraints and the need to-do-more-with-less are unfortunately the “new normal”. The pressures from congress and tax payers to drive effectiveness and, efficiency and, improve accountability and transparency will only increase.

Jonathan Ngah, CISA, CIA, CFE, CGFM, is a Principal at Synergy Integration Advisors, a consulting firm providing Audit, Governance Risk and Compliance (GRC) solutions to Federal Government Agencies, private-sector and not-for-profit organizations.

Misalignment Between Organization Strategy and Line-of-Business (LOB) Priorities

We’ve all heard the many clichés describing when segments and teams within an organization are aligned in their goals and strategy: “We’re all in this together,” “we’re on the same page,” “we’re rowing in the same direction.” And there are plenty more.

Since we all realize that achieving alignment in a common goal is critical to the success of any group endeavor, why is this so hard to achieve?

Several recent business headlines point to one area where this is all too common: the misalignment executing enterprise-wide strategy and Line-of Business (LOB) priorities.

Alignment between strategic direction and operational tactics is crucial to any successful organization and requires strong leadership from the top and commitment from all LOB functions. Lack of strategic alignment is a recipe for disaster. Consider Facebook: the social media giant ran into problems when a third party improperly gained access to the data of millions of users – the strategic objectives of reputation and growth conflicted with LOB objective of maximizing revenue. Wells Fargo experienced a similar conflict between reputation and LOB revenue maximization when employees opened millions of accounts without the permission of customers. On April 12, 2018, Starbucks offered another example of the damage towards achieving strategic goals caused by a LOB policy decision to remove guests that sat down at a table waiting for a friend without purchasing anything.

I define strategic alignment as an in-depth knowledge and application of the organization’s strategic direction, and agreement on its validity, by all the major LOB functions and processes of the organization. A misalignment occurs when there is a lack of awareness understanding importance of the strategy, or miss-application in executing the strategy by various departments or LOB’s.

Sun Tzu, author of the Art of War, captured the difficulty in achieving success without getting what we call in the modern age “buy-in” from all those involved in the endeavor: “Unhappy is the fate of one who tries to win his battles and succeed in his attacks without cultivating the spirit of enterprise; for the result is waste of time and general stagnation.”

Why does strategic misalignment exist and remains unresolved for many public and private sector organizations?
What is the actual cost if not resolved over time?

The costs can be very high, as we have seen with Facebook, Wells Fargo, and many other examples too numerous to recount here.

Eight Causes of Misalignment

There are eight primary reasons why strategic misalignment occurs and why management and internal auditors fail to resolve those imbalances when they do occur.

  1. Lack of awareness: Executive management, boards and committees, and internal audit all failed to identify risks. No one within the organization recognizes the misalignment between strategy and specific departmental goals. This often occurs when overall strategic goals are poorly communicated throughout the organization. What steps should management implement to prevent this from happening?
  2. Management is aware and unable to resolve problem: If management is aware of the misalignment, do they have adequate processes and controls to resolve the disconnects? Adequate processes and controls alone without commitment will not resolve the problem.
  3. Commitment to resolve misalignment loses out to competing priorities: Even when executive management is committed to strategic goals and has adequate policies in place to resolve issues, without the proper emphasis and sensitivity towards resource constraints (capacity), the LOB will simply evaluate requests for corrective actions in the context of other competing priorities. This minimizes the effectiveness of resolving strategic misalignments throughout the organization.
  4. Tone at the top (business-as-usual attitude): With the proper tone, the issues articulated in causes #1 to #3 could not have occurred, or would result in minimal impact to the organization. The opposite is true for organizations lacking the appropriate tone. The business-as-usual attitudes and sub-cultures within LOB segments override enterprise-wide goals, exposing the organization to increased risks and significant losses, including financial and reputational damage.
  5. Quantifiable costs of misalignment: Over time, management will identify and probably resolve symptoms from causes #1 to #4, such as missed delivery deadlines, quality and product recalls, increased costs, loss of market share, customer complaints, employee turn-over, lack of innovation, and other problems. Whatever losses that can be quantified at this stage are typically minor when compared with compliance and regulatory issues or sustained reputation damage.
  6. Risks implication (unable to identify and mitigate risks): Managing high-level strategic risks (and achieving alignment with operational processes) are impossible if they can’t be identified. It’s best to keep this brief with a recent example. Starbucks recognized and reacted quickly to their LOB inappropriate actions, whereas Wells Fargo was slow to formulate an effective response to LOB actions resulting in significant negative publicity that began in 2016 and will require years for the bank to overcome.
  7. Compliance implications plus added costs: Unchecked LOB actions that conflict with strategic goals can result in executives testifying to congress or European Union committees and courts, resulting in increased regulatory pressures. This is often a significant cost that can’t be adequately quantified in the short term. A combination of regulatory fines and seizure, class-action-law suits, and loss of top customers can accelerate the demise of the most profitable organization. In April 2018, for example, Wells Fargo accepted a fine of $1 billion related to auto insurance and mortgage abuses. Most organizations would choose the smaller costs of enhanced controls and compliance with strategic goals over steep fines and regulatory restrictions.
  8. Inability to execute mission and impact to customers: For any business and government agency, the ability to execute mission and keep customers happy requires alignment between the enterprise-wide strategy and LOB priorities. Skilled employees working on cross-functional and collaborative teams focused on the mission and customer are imperative. Facebook and Wells Fargo will be dealing with the fallout from LOB’s failing to adequately execute strategic goals for a long time. In such case, customers have a choice. They can simply reject a brand or minimize how they use a product or service.

Executives and Managers should be proactive in anticipating and resolving problems related to misalignments between enterprise-wide strategy and line-of-business priorities. These must be identified and resolved as soon as possible to avoid long-term financial losses and reputational damage. I welcome any suggestions you can provide on this topic.

Jonathan Ngah, CISA, CIA, CFE, CGFM, is a Principal at Synergy Integration Advisors, a consulting firm providing Audit, Governance Risk and Compliance (GRC) solutions to Federal Government Agencies, private-sector and not-for-profit organizations.

Evaluating Value Created by Management Consultants

The next time you are in a with management consultants hired by your organization to provide support, bring up this question and listen to the different answers: “What is your value proposition?”

Before you can begin to answer this question, it is important to distinguish between the actual value provided and the perception of value. A consultant may perceive that the service they provided offered real value to the client and be able to quantify the value but the client may not have the same perception of the value.

The perception of value derived from services provided by consultants can be impacted by the level of involvement (skills, risks, cost, timeline and complexity) and the importance of the project to the client.  

How would a manager who decided to hire consultants describe this value?  

How would the consultants perceive the value provided?

Merriam-Webster dictionary defines value as “a fair return or equivalent in goods, services, or money for something exchanged.”   The services provided by consultants should create real and perceived value for their clients. Consultants should remain focused on value creation when executing engagements.  Providing complex solutions that clients cannot easily understand, implement and sustain is an example of non-value-added outcomes.

The term “value” is often used by consulting firms as a major differentiator when marketing diverse services to global clients. Yet evaluating the value chain for consulting is not a straight forward process.  It can depend on clients pressing needs (which can change during the course of the engagement) and other subjective factors that can’t be easily measured.

How is value created and perceived?   

Consultants create value for their client if:

  1. they enable the client to provide the same or better quality good or service at a lower cost, or
  2. they enable the client to improve existing processes for the same costs.  

The perception of value however is constantly evolving. What we value today could be significantly different from what we value tomorrow.  

The strategy for value creation is no longer a matter of positioning a fixed set of activities along that old model, the value chain. Successful organizations increasingly do not just add value, they reinvent it.  As a result, an organizations strategic task constitutes an ongoing reconfiguration and integration of its resources and capabilities to constantly create value for customers. What an organization does with those resources and capabilities is just as important as what resources and capabilities it possesses.   

Evaluating the value of management consulting services should not be different.  This also applies to projects managed by internal consultants. Such services are often measured in cost saving opportunities, increased revenue generation, return on investments, payback, etc. to the customer.  Not all value created however, is captured by the traditional methods.

Let us know your thoughts on the issues raised in this blog, and check in next month as we continue exploring ways to provide value-added solutions to clients.  

The content in this blog should not be considered advice and is provided for informational purpose only.  For additional information on the issues outlined, please contact us at

1 – From Value Chain to Value Constellation: Designing Interactive Strategy by Richard Normann And Rafael Ramírez.