An operational review is a powerful
tool that offers insights into the way
your organization really works on a current basis. More importantly, it shows
you how well it is prepared to meet future
challenges.
“The holistic approach — looking at the
function of the system as a whole as a way
of determining its impact on the efficiency
of the parts — provides the basis for a blueprint to raise your organization’s performance to the next level,” says Harry
Cendrowski, CPA/ABV, CFE, CVA, CFD,
the president of Cendrowski Corporate
Advisors LLC.
“Operational reviews give you a comprehensive assessment of governance —
defining expectations, granting power
within the organization and giving feedback as to whether the job is being done
the right or wrong way,” adds Cendrowski.
Smart Business spoke with Cendrowski
about what companies should expect from
an operational review.
Of what benefit is an operational review?
The objective of an operational review is
to help organizations learn to act, instead
of just reacting to the challenges of growth
and change.
Because the information provided is
practical from both a financial and operational perspective, it leads to very practical
recommendations to help a company
achieve its goals. The review identifies the
extent to which your internal controls
actually work and enables you to identify
and understand your strengths, weaknesses, opportunities and threats.
How does the process work?
Experienced teams interview and
observe. Actually watching how employees carry out their responsibilities is a key
part of the process. It also is important that
the team gain the employees’ trust and confidence. In this regard, they must be
assured that whatever they say will be kept
confidential. Therefore, management must
guarantee anonymity to anyone who offers critical information. Otherwise, employees
will filter their responses and the data will
be much less useful.
What are some of the areas of assessment?
Governance and ethical guidelines —
Responsibilities, authority and the scope in
which an employee has the freedom to act
must be clearly defined and documented.
Employees must actually have the authority to carry out the general responsibilities
and specific tasks they have been assigned.
Strategic planning and tactics —
Without clear strategic direction, there
likely will be different expectations
between ownership and management. The
corporate structure must be designed to
best leverage business and tax opportunities. Customer service standards must be
clearly defined and understood by the
employees, who must actually agree with
them. You might be surprised to discover
how often this is a problem.
Communication and reporting standards — If there is confusion in these
areas, there could be lapses in internal controls, putting the company and/or its assets
at risk. Reports must be useful, and the
flow of information and how it is
processed must keep pace with the company’s growth.
Contingency planning, testing and recovery — Contingency plans must not
become outmoded. An organization must
be really prepared to react to disruptions.
This includes establishing a formal process
to review transactions processing during
both disruption and recovery.
Information technology (IT) and
security controls — Every organization
must have safeguards to ensure system
transactions and information are restricted
only to authorized users. Proper IT security policies must be in place, state-of-the-art
protection techniques employed, and
everything be documented, periodically
updated and continually monitored.
Management’s objectives for the protection and integrity of the data must be met.
What sort of report is presented?
It defines objectives, describes the current conditions in which those objectives
must be met and recommends whatever
changes are necessary. The plan has three
levels of recommendations: one for executives, another for management and a third
for staff.
The executive summary concentrates on
strengths, weaknesses, opportunities and
threats to the organization as a whole. It
contains recommendations for any needed
changes in policy or governance.
The management plan is based on
employee feedback coupled with our
expertise and includes areas of immediate
improvement as well as suggestions of
potential problem areas.
The staff report deals with nuts and bolts,
like charting the hierarchy of the organization, and spelling out specific control
objectives that are critical to the mission
and to which personnel must pay close
attention to if they wish to engender both
organizational and personal success.
HARRY CENDROWSKI, CPA/ABV, CFE, CVA, CFD, is president of Cendrowski Corporate Advisors LLC, Bloomfield Hills.
Reach him at (248) 540-5760 or [email protected] or go to the
company’s Web site at www.frauddeterrence.com.