Title: Mark B. Mitchell, MBA, CIA, CGFM Director of Internal Audit NYSERDA
1AGA Audio Conference
Understanding the Importance of Soft Controls in
Improving Operations
- Mark B. Mitchell, MBA, CIA, CGFMDirector of
Internal AuditNYSERDA - November 12, 2008
2Contents
- Understanding The Importance of Soft Controls
- What Are Soft Controls?
- Why Do Soft Controls Matter?
- Evaluating Soft Controls Key Elements of
Improving Operations - What Makes Soft Controls So Difficult?
- Soft Controls A New View
- GAOs Model of Strategic Human Capital Management
3 4What Are Soft Controls?
COSO Model The Organizational Culture
- Integrity Ethical Values
- Commitment to Competence
- Board or A/C Oversight
- Managements Philosophy Operating Style
- Organizational Structure
- Assignment of Authority and Responsibility
- HR Policies and Practices
5Understanding Soft Controls
Where Are Soft Controls Written About?
- Internal Control Integrated Framework, by COSO
- Enterprise Risk Management Integrated
Framework, by COSO - Internal Control over Financial Reporting
Guidance for Smaller Public Companies, by COSO - Foundation Guidelines Red Book, by OCEG
6- Why Do Soft Controls Matter?
7Selling Soft Controls
- Why Do Soft Controls Matter?1
- They can help manager understand why people
behave as they do - They can increase managers effectiveness in
predicting future behavior and - They enable managers to understand how they can
direct, change and control behavior.
1 Paul Hersey and Kenneth H. Blanchard,
Management of Organizational Behavior Utilizing
Human Resources, Third Edition (Englewood Cliffs
Prentice-Hall, Inc., 1977) p. xiv
8Selling Soft Controls
- How can I Sell Soft Controls to Management?
- Management Working with and through individuals
and groups to accomplish organizational goals.2
Potential Influence of Motivation on Performance
Employee Potential
80 to 90 percent
Percentage of Ability
Area Affected by Motivation
20 to 30 percent
2 Ibid. p. 5
9- Evaluating Soft Controls Key Elements of
Antifraud Controls
10Evaluating Soft Controls
- Evaluation Techniques
- Whistleblower Hotlines
- Staff Focus Groups
- Employee Surveys
- Customer Surveys
- Internal Control Evaluations
- Audits (Internal, External)
- Studies
11Evaluating Soft Controls
COSO Model The Organizational Culture
- Integrity Ethical Values
- Commitment to Competence
- Board or A/C Oversight
- Managements Philosophy Operating Style
- Organizational Structure
- Assignment of Authority and Responsibility
- HR Policies and Practices
12Evaluating Integrity Ethical Values
- Has a Code of Conduct/Ethics been adopted that
promotes - Honest/ethical conduct, including internal and
external dealings, and the handling of conflicts
of interest? - Accurate accounting records and reporting?
- Compliance with applicable laws, rules, and
regulations? - Prompt reporting of violations of the code?
13Evaluating Integrity Ethical Values
- Is the Code of Conduct Operating Effectively?
- Communicated effectively (know to staffs)?
- Annual certification by everyone covered?
- New hire and periodic reinforcement training?
- Management involvement and oversight?
14Evaluating Commitment to Competence
- Are employees properly trained to carry out their
work? - Evaluation Techniques
- Employee Surveys
- Internal Control Evaluations
- Audits
- Staff Focus Groups
15Evaluating Commitment to Competence
- Is employee morale good?
- Employee Surveys
- Staff Focus Groups
- Studies (e.g., sick leave patterns, turnover)
- Audits
- Investigations
16Evaluating Management Oversight3
- Are there established procedures for an Ethics
Hotline/Whistleblower Program? - Evaluation Techniques
- Is there a procedure for receiving and retaining
information? - Do procedures provide whistleblower protection
and provide for anonymous tips? - Are any calls coming in?
3 Adapted from COSO, the Sarbanes-Oxley Act of
2002 and PricewaterhouseCoopers white papers.
17Evaluating Management Oversight
- Is Top Management providing oversight?
- Evaluation Techniques
- Are they periodically evaluating internal
controls and antifraud programs? - Assessing whether control activities over fraud
risks are adequate and effective? - Are fraud audits and are investigations conducted
fairly and objectively?
18Evaluating Managements Philosophy and Operating
Style
- Does management evaluate and test the design and
operating effectiveness of antifraud controls on
an annual basis? - The potential for fraud should be considered as
part of the agency-wide risk assessment. - Antifraud programs and controls should be in
place that are appropriate to the likelihood and
impact of potential fraud
19Evaluating Management Philosophy and Operating
Style
- What is the way in which management responds to
any significant deficiencies and material
weaknesses that are identified by the agency,
internal audit or OIGs? - Are matters thoroughly investigated? Disclosed?
- Are internal controls assessed and improved?
- Is there communication and training to reinforce
values, policies, etc. - Are violators treated in a consistent and
appropriate manner?
20Evaluating Assignment of Authority and
Responsibility
- Are unit and individual performance linked to
organizational goals? - Evaluation Techniques
- At the most senior level are executive
performance agreements used? - Are executives held accountable for results?
- Are expectations set so that staff understand how
their daily activities contribute to
results-oriented programmatic goals?
21Evaluating HR Policies and Practices
- Are targeted investments in professional
development being made? - Is a results-orientated culture encouraged?
- For sensitive positions, are background checks
being performed?
22- What Makes Soft Controls So Difficult?
23Understanding Soft Controls
- What Makes Soft Controls So Difficult? 4
- With hard controls both theory and practice are
provided (technical skills) - Early contributions to behavioral sciences seemed
to provide knowledge without effecting changes in
behavior. (Elton Mayo) - The challenge is to identify social skills that
are usable in ordinary human situations.
4 Paul Hersey and Kenneth H. Blanchard,
Management of Organizational Behavior Utilizing
Human Resources, Third Edition (Englewood Cliffs
Prentice-Hall, Inc., 1977) p. 1
24Understanding Soft Controls
- What Makes Soft Controls So Difficult? 5
- The Nature of Change
Time and Difficulty involved in Making Various
Changes
Group Behavior
High
Individual Behavior
Difficulty Involved
Attitudes
Knowledge
Low
Short
Long
Time Involved
5 Ibid. p. 3
25Understanding Soft Controls
- A Behavioral Approach to Management 6
- Our greatest failure as human beings
- has been the inability to
- secure cooperation and understand with others.
-
6Ibid. p.1
26 27Understanding Soft Controls
- How can I better understand employee motivation?
Are the things that make people satisfied and
motivated on the job either the same as or
different from the kind of things that make them
dissatisfied? Answer Theyre different
28Understanding Soft Controls
- How can I better understand employee motivation?
The . . . factors involved in producing job
satisfaction (and motivation) are separate and
distinct from the factors that lead to job
dissatisfaction. 7
7 Frederick Herzberg, One More Time How Do You
Motivate Employees?, Harvard Business Review 81,
no. 1 (January 2003), p. 91
29Understanding Soft Controls
- How can I better understand employee motivation? 8
- Job Satisfaction
- (Motivation)
- Achievement
- Recognition
- Work itself
- Responsibility
- Advancement
- Growth
- Job Dissatisfaction
- (Environment)
- Company Policy and Admin.
- Supervision
- Interpersonal Relationships
- Working Conditions
- Salary
- Status, and Security
8 Ibid. pp. 87 96.
30- Contact Information
- Mark B. Mitchell
- Director of Internal Audit
- NYSERDA
- (518) 862-1090
- mbm_at_nyserda.org