This is Part I – Strategic Direction and Alignment of a revised six-part series on the internal audit value chain (IAVC).
Misalignments between enterprise strategy and business unit priorities must be identified and resolved as soon as possible to avoid long-term financial losses, reputational damage, and improve responsiveness to the changing business environment.
Initial publication – May 7, 2018. Updated – May 15, 2020.
We’ve all heard the many clichéd ways to describe when multiple components are aligned in their goals or strategy: “We’re all in this together,” “we’re on the same page,” “we are singing from the same hymnbook,” “we’re operating on the same wavelength,” “we’re in lockstep,” “we’re rowing in the same direction.” And there are plenty more. The reason there are so many clever ways to say the same thing is that achieving alignment in a common goal is critical to the success of any group endeavor. Even one person marching to the beat of a different drummer can threaten the success of the entire group. This dynamic plays out in all facets of business activity, and we’ve seen countless examples of when a person or group causes problems when they have different objectives or are not in alignment with the larger group.
One area where this is all too common is in misalignment between the enterprise strategy and functional business units, operations, departments, or line-of-business (LOB) priorities. I would argue that it is this misalignment that is at the root of many recent corporate blunders that have resulted in costly and embarrassing public scandals and reputational damage. It is also possible that unresolved strategic misalignments over time created significant losses for many organizations impacted by the unprecedented COVID-19 pandemic. When an internal audit or other assurance functions and business units have different or misaligned approaches to executing the strategy, disaster is often not far behind. Strategic misalignments further complicate any organization’s ability to develop and implement a plan to respond in the short-term and long-term to the current COVID-19 challenges and other future events.
Over a six-part series on Internal Audit 360° and the Institute of Internal Auditors (IIA) Magazine publications, I outlined details about each component of the Internal Audit Value Chain. These are six links that, when all appropriately executed and working together, can elevate internal audit and provide excellent value to the organization. They can act as a blueprint for building a successful and robust internal audit function to assist management teams across business units to not only “create value” but to successfully “capture value” and “sustain value.”
The first link in the Internal Audit Value Chain (IAVC) is strategic alignment. Keep in mind that these priorities are different for each organization, are not static, and vary as objectives and needs evolve.
The Internal Audit Value Chain (IAVC)
The IAVC includes “the enterprise-wide initiatives impacting business functions, involving a combination of people, processes, technology, and corporate culture to drive the achievement of strategic goals and sustain profitability.” Internal audit’s role in the value chain requires an understanding of the organization’s:
- Alignment on the strategic direction
- Risk management and monitoring
- Operational effectiveness to include Continuous Process Improvement (CPI)
- Compliance and quality
- Financial management and governance
- Responsiveness to create, capture, and sustain value while adapting to the changing business environment.
The first link in the Internal Audit Value Chain, alignment on strategic direction, is crucial to building a value-oriented internal audit department and requires strong leadership from the top of the organization. On the other hand, strategic misalignment is a recipe for disaster. It negatively impacts the organization’s ability to plan and execute its strategy – the inability to “create value.” It also results in losses – the failure to “capture value” and “sustain value,” and potential fraud, waste, and abuse.
There have been several reported corporate scandals. Examples include poorly managed vendor relationships—where third parties improperly gained access to the data of millions of users—due to misalignment between (1) business functions motivated to maximize revenue, with (2) partners and the assurance functions that are charged with protecting the organization from violating the trust of customers and members. Policies and standards are often designed to provide protection. However, these can be easily circumvented when strategic misalignments are not identified and resolved timely.
I define strategic alignment as in-depth knowledge and application of the organization’s strategic direction, and agreement on its validity, by all the primary and secondary business functions. A misalignment occurs due to a lack of awareness or misapplication in executing the strategy by various departments or business functions.
This quote by Sun Tzu, author of the Art of War, captures the difficulty in achieving success without getting what we call in the modern age “buy-in” from all those involved in the endeavor: “Unhappy is the fate of one who tries to win his battles and succeed in his attacks without cultivating the spirit of enterprise; for the result is a waste of time and general stagnation.”
- Why does strategic misalignment exist and remain unresolved for many public and private sector organizations, government institutions, and not-for-profit organizations?
- What is the actual cost if not resolved over time?
The costs can be very high, as we have seen from the recent panic and rush across the globe to cope with the unprecedented COVID-19 pandemic. We have also seen the struggles from major corporations like Facebook with the Cambridge Analytica scandal – 2018. Misalignment festered in the 2016 problems reported by Wells Fargo when employees opened accounts without the permission of customers, and many other examples too numerous to recount.
Eight Causes of Misalignment
There are eight primary reasons why strategic misalignment occurs and why management and internal auditors fail to resolve those imbalances when they do occur. They include:
1) LACK OF AWARENESS: Executive management, board and committees, and internal audit missed the boat. No one within the organization recognized the misalignment between the enterprise strategy and specific departmental goals. One problem here is that the overall strategic goals may be poorly communicated throughout the organization. What steps should management implement to prevent this from happening? Suggested actions include but are not limited to the following:
- Evaluate existing policies and procedures and validate they remain relevant and updated to align with the enterprise goals and objectives.
- Develop adequate metrics and key performance indicators – you cannot manage what you cannot measure.
If strategic misalignments exist and remain unresolved, how is it possible for internal audit to help management to create value, capture value, and sustain value? Internal audit should collaborate with management as needed to prioritize issues and CPI projects that impact strategy and perform deep dives via audits and reviews that matter!
2) MANAGEMENT IS AWARE AND CAN’T RESOLVE PROBLEM: If management is aware of the misalignment, do they have adequate processes and controls with oversight to resolve those disconnects? Remember, adequate processes and controls alone will not sufficiently solve the problem. Some reasons management may be aware of the problem but cannot fix it include weak leadership, rogue managers in critical positions, weak corporate culture, lack of an integrated CPI program, and poor communication between senior executives and business unit leads or functional managers.
3) COMPETING/CONFLICTING PRIORITIES: Let’s assume management has a refined approach to resolve issues. Without the proper emphasis and sensitivity towards resource constraints (capacity), the business unit and functional leaders will simply evaluate requests for corrective actions in the context of other competing priorities. This minimizes the effectiveness of resolving strategic misalignments throughout the organization. It also compounds the problems, impacting the ability of the organization to respond to unprecedented challenges like COVID-19.
4) INAPPROPRIATE TONE AND CULTURE: With the proper tone, the issues articulated in causes #1 to #3 could not have occurred, or will result in minimal impact to the organization. If every business function or segment is not operating on the same wavelength, how could the organization accurately identify emerging and evolving risks, develop mitigation strategies (perform audits and reviews that matter), and effectively respond to disasters like COVID-19?
5) CONTINUOUS PROCESS IMPROVEMENT (CPI) PROJECTS ARE NOT ALIGNED WITH STRATEGIC GOALS: The quote from management sage Peter Drucker— “There is nothing so useless as doing efficiently that which should not be done at all,” highlights the challenges identifying and addressing strategic misalignments. It also eludes to why management and internal auditors fail to resolve those imbalances when they do occur. Investments in CPI projects that are not linked to strategic goals and objectives create limited value to the organization. Over time, management will identify and probably resolve symptoms from causes #1 to #4, such as missed delivery deadlines, poor service or product quality, and product recall, increased costs, loss of market share, customer complaints, employee turnover, lack of innovation, and other problems. Whatever losses that can be quantified at this stage are minimal when compared with the compliance and regulatory issues alongside sustained reputation damage.
6) INABILITY TO IDENTIFY AND MITIGATE RISKS: Managing high-level strategic risks (and achieving alignment on them) is impossible if they can’t be identified. This includes the organization’s ability to identify and prioritize emerging risks. Misalignment from enterprise strategy and business unit priorities at Wells Fargo resulted in adverse publicity over two to three years that began in 2016. It took a firm commitment from the bank’s leadership over multiple years to resolve. To cross-sell services, the bank failed to identify and mitigate risks from opening accounts without the customer’s permission.
The supply chain and other disruptions from COVID-19 raised questions about the effectiveness of existing risk management frameworks and mitigation efforts. An internal audit value chain analysis could have identified red flags and escalated findings to executives and the board timely.
- What can internal audit learn from COVID-19 to be prepared for future crises and disruptions?
- How could internal audit demonstrate its end-to-end value creation, value capture, and value sustainment capabilities?
7) COMPLIANCE IMPLICATIONS PLUS ADDED COSTS: When executives must testify to Congress, the next logical expectation is increased regulatory pressures. This is often a significant cost that can’t be adequately quantified in the short term. A combination of regulatory fines and seizure, class-action-law suits, and loss of major customers can accelerate the demise of the most profitable organization. Governments around the world have provided substantial financial support to bail out small and large businesses struggling to respond to COVID-19. Receiving bailouts from the government comes at a price. This often results in increased regulatory scrutiny to apply lessons learned and prevent re-occurrence.
8) INABILITY TO EXECUTE MISSION AND MEET CUSTOMERS EXPECTATIONS: For any business and government institution, the ability to execute the mission and keep customers happy requires an alignment between the enterprise strategy and business unit priorities. Skilled employees working as part of cross-functional and collaborative teams focused on the mission and customer is imperative. The supply chain disruptions and other unprecedented effects of COVID-19 impacts how most organizations, including government institutions, execute their missions, and meet customers’ expectations. Unfortunately, many have struggled and will continue to struggle post-COVID-19. The ability to adapt and respond quickly will impact customers’ decisions. They can simply reject a brand or minimize how they use a product or service.
“Internal Audit touches all the primary activities in the value chain, and, in addition, can streamline support activities through compliance audits and process evaluations,” writes Emily Ray in her paper, “How Modern Internal Auditing Assists Organizations in Achieving Strategic Objectives.”
To arrive at this conclusion, Ray adapted Michael Porter’s generic value chain model from his competitive analysis showing the primary and secondary value creation activities of an organization.
Internal auditors must think in the context of the Internal Audit Value Chain and the steps required to maintain that “value creation” objective as a starting point. Steps must also be taken by internal audit to help their management teams to “capture value” and “sustain value” for their respective organizations. This requires an end-to-end value chain mindset. Misalignments between enterprise strategy and business unit priorities must be identified and resolved as soon as possible to avoid long-term financial losses, reputational damage, and improve responsiveness to the changing business environment.
Jonathan Ngah, CISA, CIA, CFE, CGFM, is a principal at Synergy Integration Advisors, a professional services firm providing internal audit outsourcing and internal audit co-sourcing services to government institutions, private-sector, and not-for-profit organizations in the US and the Asia Pacific (APAC) regions.