WHISTLE BLOWING AND CORPORATE CRIME

By John Kyriazoglou*

Remember that 'whistleblowers' are considered as 'traitors' in many corporate and social environments as they are breaching the norms of the social group and destroying the cohesion and harmony and emotional contracting process of the social group they belong to (i.e. their own company group). 

You see 'whistleblowing' is a 'hard' control, and it, alone, cannot deal with corporate crimes, very well. If you want to study why people commit corporate crimes and protect the company from such events you must look at the whole  set of 'soft' issues, as well.

Hard controls are formal policies and procedures and how well or not they are designed and implemented. They relate to tangible things, usually well-defined, formalized and approved like organizational structure, assignment of authority and responsibility, corporate standards, policies and procedures, risk methodology, ethics code, compliance procedures, computerized systems, company books, registers, audit trail mechanisms, personnel controls like segregation of duties, taking vacation, job descriptions, confidentiality statements, etc.

These hard controls are implemented and used, in everyday business practice to carry out the activities of the organization, by various participants, i.e., people such as employees, managers, board members, customers, etc. These participants usually operate with their feelings, their beliefs, their trust and confidence, their motives, etc., collectively termed soft controls.

Soft controls are intangible things that have to do with behavioral aspects and social properties inherent in people (board members, executives, employees, etc.) and are utilized in applying hard controls in their daily business activities, and especially in business risk management, such as: tone at the top, understanding of the organization by the board, culture, structure of reporting relationships, morale, integrity and ethical values, operational philosophy, trust, Ethical climate, Empowerment, Corporate attitudes, Competences, Leadership, Employee motivation, Expectations, Openness and shared values, Information flow throughout the organization and emotional contracting.

I am afraid 'whistle blowing' will have to be complemented with improving all the other soft controls in order that corporate crimes are minimized at all.

John Kyriazoglou (jkyriazoglou@hotmail.com)

John Kyriazoglou, CICA, B.A (Hon-University of Toronto),

International IT and Management Consultant (with over 35 years of experience),

Editor-in-Chief for the Internal Controls Magazine, www.theiic.org

Author of several books:

(1) ‘IT Strategic and Operational Controls’, Publisher: www.itgovernance.co.uk

Direct Link: http://www.itgovernance.co.uk/products/3066

(2) ‘Addendum to IT Strategic & Operational Controls’

This book contains over 60 of IT audit programs and checklists in all IT audit areas.

Direct Link: www.itgovernance.co.uk/products/3143

(3) ‘Corporate Strategic and Operational Controls’, Publisher: www.theiic.org

with Dr. F. Nasuti and Dr. C. Kyriazoglou.

Direct Link: http://www.theiic.org/publicationsbookstore/bookstore2.html

(4) ‘Implementing Management Controls for Small and Medium-Size Companies’   

AMAZON Kindle Books:www.amazon.com

Direct Link: http://www.amazon.com/dp/B007Z1WTOM

(5) ‘Business Management Controls: A Guide’, Publisher: www.itgovernance.co.uk

Expected to be published within 2012

(6) ‘Pearls of Wisdom of the 7 Sages of Ancient Greece’

AMAZON Kindle Books:www.amazon.com

Direct Link: http://www.amazon.com/dp/B007YNPR8Q

Profile: http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919

Blog: http://businessmanagementcontrols.blogspot.com/

SSRN Free Publications: http://ssrn.com/author=1315434

Improve trust with people

By John Kyriazoglou*

Trust is a very important and critical issue in dealing with your people in any business environment. It takes a significant amount of time to build and can be broken in just an instant.

Is it possible to repair and rebuild trust?

The answer is YES! But you have to ACT immediately.

Don’t let a mistake in judgment turn into a failure of your character.

I would suggest the following steps:

(1) Promote personnel to higher levels of organizational hierarchy, who are capable of forming positive, trusting and caring interpersonal relationships with people who report to them,

(2) Develop the interpersonal relationship skills of all personnel and especially those of current managers and employees desiring promotion, by sending them to relevant courses or by coaching and mentoring programs,

(3) Keep your company personnel informed, as much as possible,

(4) Act with integrity and keeping commitments to all participants in the affairs of the business (employees, authorities, customers, board members, stakeholders, etc.),

(5) Protect the interest of all employees in a work group, even those who are absent,

(6) Be fair, practical, effective and results-oriented, and

(7) Listen with respect, sensitivity and full attention.

John Kyriazoglou (jkyriazoglou@hotmail.com)

John Kyriazoglou, CICA, B.A (Hon-University of Toronto),

International IT and Management Consultant (with over 35 years of experience),

Editor-in-Chief for the Internal Controls Magazine, www.theiic.org

Author of several books:

(1) ‘IT Strategic and Operational Controls’, Publisher: www.itgovernance.co.uk

Direct Link: http://www.itgovernance.co.uk/products/3066

(2) ‘Addendum to IT Strategic & Operational Controls’

This book contains over 60 of IT audit programs and checklists in all IT audit areas.

Direct Link: www.itgovernance.co.uk/products/3143

(3) ‘Corporate Strategic and Operational Controls’, Publisher: www.theiic.org

with Dr. F. Nasuti and Dr. C. Kyriazoglou.

Direct Link: http://www.theiic.org/publicationsbookstore/bookstore2.html

(4) ‘Implementing Management Controls for Small and Medium-Size Companies’   

AMAZON Kindle Books:www.amazon.com

Direct Link: http://www.amazon.com/dp/B007Z1WTOM

(5) ‘Business Management Controls: A Guide’, Publisher: www.itgovernance.co.uk

Expected to be published within 2012

(6) ‘Pearls of Wisdom of the 7 Sages of Ancient Greece’

AMAZON Kindle Books:www.amazon.com

Direct Link: http://www.amazon.com/dp/B007YNPR8Q

Profile: http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919

Blog: http://businessmanagementcontrols.blogspot.com/

SSRN Free Publications: http://ssrn.com/author=1315434

Business Management Controls for Small-Size Companies

         By John Kyriazoglou*

‘Rule number 1: Never lose money. Rule number 2: Never forget rule number 1.’

                   Warren Buffet, CEO of Berkshire Hathaway

Abstract

This article deals with the business management controls for small-size companies. A business performance model for small companies of five dimensions (C¹P⁴ Model (C one, four Ps), ‘C¹’ for customers, ‘P¹’ for people, ‘P²’ for property, ‘P³’ for production and ‘P⁴’ for performance) is introduced and five general recommendations with specific controls for each performance dimension are presented.
Key words: Small Business Controls, Internal Controls, Small Business Performance Model

1. Introduction

Managing a business, small, medium or large-size is quite a difficult, complicated and strenuous task. Whether you are the owner, major shareholder, CEO, Board Director or other corporate functionary, you must understand how your company works in all its strategic and operational aspects: governance, corporate management, risk assessment, compliance, strategy, operations, etc. You need to establish controls and comprehend, fully, their manifestations and impact, and employ the right internal control framework and its components to suit the specific aspects of the organization you lead, direct and manage.

In managing a small-size company, it is a matter of business life complements by my consulting experience that controlling a small business does not get any easier and in fact it is also to be considered a rather cumbersome task. Especially in the case of a sole company owner whereby the owner and the management of the business is usually the same person, the problem becomes worse.

Here are some recommendations and guidelines, as an example, to help with the aspects of controlling and managing more effectively a small-size business entity, on the basis of a business performance model of five dimensions: C¹P⁴ Model (C one, four Ps), ‘C¹’ for customers, ‘P¹’ for people, ‘P²’ for property, ‘P³’ for production and ‘P⁴’ for performance.

2. Recommendations, Guidelines and Specific Controls

2.1. Business Performance Model Dimension C¹: CUSTOMERS

Recommendation 1: Make your customer your number 1 priority.

This can be achieved by the following controls:

1. Identifying, attracting, increasing and maintaining your customers.

2. Establishing excellent customer sales and support function.

3. Developing and implementing your customer service policy.

4. Ensuring that you are selling, delivering and servicing highest-quality products and services.

5. Maintaining your effective sales ledger and other support systems.

6. Monitoring and reviewing your customer sales and support strategy and operations.

7. Improving your customer sales and support performance.

2.2. Business Performance Model Dimension P¹: PERSONNEL

Recommendation 2: Manage your personnel properly and fairly.

This can be achieved by the following controls:

1. Screening of personnel during the hiring process,

2. Maintaining valid employment contracts and employee documentation (job application, job description, resume, records of participation in training events, salary history, records of disciplinary action and documents related to employee performance reviews, coaching, and mentoring),

3. Establishing authorization controls (for purchases, expenses, invoices, payments, contracts, investments, hiring and firing of personnel, transaction processing, file and records management activities, archiving of critical records, reports, and data, etc.), and implementing segregation of duties (where possible) or compensating controls (as required and if possible).

4. Communicating constantly your company’s ethics and values to all parties, and practicing what you preach,

5. Rewarding all your employees on performance,

6. Responding, resolving and punishing, if needed, all violators to your standards of practice,

7. Making decisions on accurate facts and data and by understanding of all your business functions and actions of individuals.

2.3. Business Performance Model Dimension P².: PROPERTY

Recommendation 3: Manage and protect your property with due care.

This can be achieved by the following:

1. Money and other financial assets can be managed and protected by establishing and implementing financial management controls, such as:

(a) Appointing a Financial Manager,

(b) Executing basic accounting and bookkeeping procedures (Chart of Accounts, General Ledger, Trial Balance, and Financial Statements),  

(c) Managing your Liabilities by noting down all payments and maintaining invoices, cheques and other payment documents,

(d) Managing Petty Cash, Payments, Accounts Receivable, Accounts Payable and Payroll, and

(e) Developing and monitoring your budget.

2. Physical property (buildings, plants, machinery, furniture, computers, etc.) can be managed and protected by establishing and implementing controls, such as:

(a) Security guards and protection systems,

(b) Asset Registers, and

(c) Taking Inventories,

3. Intangible assets (information systems, knowledge repositories, patents, etc.) can be managed and protected by establishing and implementing business management controls, such as:

(a) Registration of Patents, Copyrights and Trademarks,

(b) IT Governance controls (IT Manager, IT Security Policy, Password Controls, Computer Security Incident Controls, IT Backup and Disaster Recovery Plan, and Security and Safety Controls for Personal and other Computers holding corporate data, and valid maintenance contracts with bona-fide contractors for all hardware and systems),

(c) Business Continuity controls (Business Continuity Plan, IT Continuity Plan, IT Backup and Restore Policy and Procedures and Vital Records Package, and

4. Business Records can be protected by establishing effective policies and procedures to manage your business data. Keeping business records can be easy if they are organized well. Understand the nature of your business and then appoint people to maintain your business records.

2.4. Business Performance Model Dimension P³: PRODUCTION

Recommendation 4: Execute excellent production policies and procedures to satisfy the needs and expectations of your customers and optimize your production process.

This can be achieved by the following controls:

1. Developing, making or purchasing and pricing properly and a competitive basis your products and services,

2. Establishing effective purchasing procedures to avoid fraud and maintaining your purchase records (purchase ledger, invoices, checks, bank statements, bills payable and credit purchase slips, etc.) very well.
3. Executing effective inventory procedures and maintaining proper inventory records, and

4. Streamlining your production process by efficient procedures, and by maintaining proper manufacturing and production files (e.g., Bill of Materials (BOM) File, Master Production Schedule (MPS), Materials and vendors contingency list, and Equipment Operational Description File).

2.5. Business Performance Model Dimension P⁴: PERFORMANCE

Recommendation 5: Implement your business performance management controls with due care and an open mind.

This can be achieved by the following controls:

1. Implementing a performance management system by getting and deploying a Business Dashboard system or by a system suited to your purposes,

2. Establishing and executing a Continuous Business Management Monitoring Plan,

3. Monitoring and reviewing your operational data such as: customer sales and support strategy and operations, financial performance, production performance, etc.

4. Improving your financial, customer sales and support, and production performance.

5. Executing effective compliance and risk programs to ensure adherence to both to internal and external regulations,

6. Ensuring that a qualified auditor (usually external) examines and evaluates all your operational controls, besides your financial reports, at least annually, and

7. Improving your overall performance monitoring process.

3. Conclusion

Consider all these and customize them to your purposes and business environment. 

My experience is that controls are definitely required to ensure that you are profitable and that your small company survives and prospers.

My favorite watchdogs, however, are the budget, cash flow and expenses. The topic of the budget may be boring, but the need for budgeting is indispensable. It gives you immediate warnings that your company is doing well or not.

Your objective should be to have a system of controls in place that will give you excellent warnings when your business is approaching its financial limits that, if exceeded, could do serious harm to your small company.

And of course always and always watch your customers. Excel in providing excellent service and high-quality products to them and the rest will fall in place.

*Author’s Credentials

John Kyriazoglou, CICA, B.A (Hon-University of Toronto), is an International IT and Management Consultant, member of the Institute for Internal controls, founder and supporter of a number of cultural associations, and author of several books in a multitude of topics.

In the domain of internal controls his books include:

(1) ‘IT Strategic & Operational Controls’, www.itgovernance.co.uk (main author)

(2) ‘Addendum to the IT Strategic & Operational Controls’, containing audit checklists and programs, www.itgovernance.co.uk (main author)

(3) ‘Corporate Strategic & Operational Controls’, with Dr. Frank Nasuti, Ph.D., CPA, CICA, CFE, as the co-author, http://www.theiic.org/publicationsbookstore/bookstore2.html

E-Mail: jkyriazoglou@hotmail.com

Profile:http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919

Blog: http://businessmanagementcontrols.blogspot.com/

SSRN Free Publications: http://ssrn.com/author=1315434

Methods and Tools for Crafting and Assessing Strategy 

By John Kyriazoglou* 

The following methods, tools and techniques may be utilized for the analysis, assessment and evaluation of strategy of any type of organization.

The evaluator may use only one method, or more than one, depending on his (or her) experience and situation.
These methods, tools and techniques are:
v SWOT analysis,
v PEST Analysis (also known as PESTLE Analysis),
v Gap Analysis,
v Portfolio analysis,
v Value chain analysis,
v Delphi Method,
v Life cycle analysis,
v Screening strategic options,
v Financial analysis,
v Scenario planning,
v Critical success factor analysis,
v The five forces,
v Market Segmentation,
v Directional Policy Matrix,
v Competitor Analysis, and        
v Change management methodology.

These are described next.

SWOT analysis: The SWOT analysis (strengths, weaknesses, opportunities, threats) is one of the most popular. This involves looking at the strengths and weaknesses of your business' capabilities, and any opportunities and threats to your business. Once you've identified all of these, you can assess how to capitalise on your strengths, minimise the effects of your weaknesses, make the most of any opportunities and reduce the impact of any threats.
It's important to remember that opportunities can also be threats - for example, new markets could be dominated by competitors, undermining your position. Equally, threats can also be opportunities - for example, a competitor growing quickly and opening a new market for your product or service could mean that your market expands too.
A SWOT analysis can provide a clear basis for examining your business performance and prospects. It can be used as part of a regular review process or in preparation for raising finance or bringing in consultants for a review.
Once you have collected information on your organisation's internal strengths and weaknesses, and external opportunities and threats, enter this data into a simple table.

	Positive	Negative
Internal	Strengths	Weaknesses
External	Opportunities	Threats

PEST Analysis (also known as PESTLE Analysis): PEST analysis is concerned with the environmental influences on a business. The acronym stands for the Political, Economic, Social and Technological issues that could affect the strategic development of a business.

Some possible factors that could indicate important environmental influences for a business under the PEST headings are: Environmental regulation and protection, Economic growth, Income distribution,  Government spending on research, Taxation, Monetary policy,  Demographics, Government and industry focus on technological effort, International trade regulation, Government spending, Labour and social mobility, New discoveries and development, Consumer protection, Policy towards unemployment, Lifestyle changes, Speed of technology transfer, Employment law, Taxation, Attitudes to work and leisure,  Rates of technological obsolescence, Government organization and attitude, Exchange rates, Education, Energy use and costs, Competition regulation, Inflation, Fashions, Changes in material sciences, Stage of the business cycle, Health & welfare, Impact of changes in Information technology, Economic "mood" and consumer confidence, Living and housing conditions, Internet, etc.

Gap Analysis: Gap Analysis is a method used extensively in the process of designing the strategy of an organization.  With the use of this method, the gaps between the present situation and the desired state are defined, in terms of processes, procedures, technology, systems, human resources, infrastructure and organizational structure.

The steps to achieve this are:
v Selection of basic quality and quantity criteria,
v Definition of desired future performance position,
v Measurement of current performance,
v Recognition of the gaps between the existing and the future desired position, and
v Designing and executing a strategy to achieve the desired position by bridging all the defined gaps, and by improving the processes, procedures, technology, systems, human resources, infrastructure and organizational structure.

Portfolio analysis: Analysis of the balance and compatibility of an organization’s strategic business units strategies within a larger corporate setting, in terms of market share, growth rate, more investing, product growth etc.

Value chain analysis: A systematic way of examining all activities within and around the organization, such as: purchasing inputs, human resources, designing products, delivering and supporting products, and relating them to an analysis of the competitive strength and advantage of the organization.
Value Chain Analysis describes the activities that take place in a business and relates them to an analysis of the competitive strength of the business. These activities are:
(1) Primary Activities - those that are directly concerned with creating and delivering a product (e.g. component assembly); and
(2) Support Activities, which whilst they are not directly involved in production, may increase effectiveness or efficiency (e.g. human resource management). It is rare for a business to undertake all primary and support activities.
What activities a business undertakes is directly linked to achieving competitive advantage.
Value chain analysis can be broken down into a three sequential steps:
(1) Break down a market/organization into its key activities under each of the major headings in the model,
(2) Assess the potential for adding value via cost advantage or differentiation, or identify current activities where a business appears to be at a competitive disadvantage, and
(3) Determine strategies built around focusing on activities where competitive advantage can be sustained.

Delphi Method: Assessment of whether a strategy is likely to be correct or needs change, improvements, etc., on the following basis:

      A moderator crafts a questionnaire and submits it to a group of experts, without each expert that participates in the group knowing the identity of the other experts in the group,
      Each expert responds on its own and without the influence of the group or other dominating individuals,
      The moderator compiles the results, and formulates a new questionnaire that is submitted to the group again (3 to 4 is the usual case), until satisfactory results are achieved.

Life cycle analysis: Assessment of whether a strategy is likely to be correct given the stage of the product life cycle on criteria, such as: resources, competences, cost reduction, market growth rate, customer loyalty, etc.

Screening strategic options: Evaluating various strategic options by ranking them against the expectations of resources and stakeholders, and/or by decision tree analysis, and/or by scenario planning (i.e. matching options to different future scenarios), etc.

Financial analysis: Assessment of profitability and beneficial impacts likely to accrue from the strategies by the use of various financial measures, and tools, such as: payback period, ROCE, Discounted Cash Flow analysis, Shareholder Value Analysis, funds flow analysis, break-even analysis, sensitivity analysis, cost-benefit analysis ,etc. (note)

Scenario planning: A technique that builds various plausible views of possible futures for a business. 

Critical success factor analysis: A technique to identify the areas in which a business must succeed in order to achieve its objectives and outperform the competition.

The five forces: The theory that there are five defined factors that influence the development of markets and businesses:

v Potential entrants, 
v Existing competitors,
v Existing buyers,
v Existing suppliers and
v Alternative products/services.
Using this model you build a strategy to keep ahead of these influences

Market Segmentation: A technique which seeks to identify similarities and differences between groups of customers or users.

Directional Policy Matrix: A technique which summarizes the competitive strength of a business’s operations in specific markets.

Competitor Analysis: A wide range of techniques and analysis that seeks to summarize a businesses' overall competitive position

Change management methodology: The change management methodology examines the current environment with respect to organization culture, communication, organization design, job design, infrastructure, personnel, skills and knowledge, people/machine interfaces, and incentive systems. The following steps may be used for managing changes effectively in any organization:
Identification of the various roles in managing changes,
Establishing and maintenance of successful support for the change management project,
Establishing commitment from all staff involved via  effective communication,
Identification and management of resistance to change, and
Development of cooperation through team work.

 ====================================================================================

Author's credentials

John Kyriazoglou (jkyriazoglou@hotmail.com)

John Kyriazoglou, CICA, B.A (Hon-University of Toronto),
International IT and Management Consultant (with over 35 years of experience),
Editor-in-Chief for the Internal Controls Magazine, www.theiic.org
Author of several books:
(1) ‘IT Strategic and Operational Controls’, Publisher: www.itgovernance.co.uk
Direct Link: http://www.itgovernance.co.uk/products/3066
(2) ‘Addendum to IT Strategic & Operational Controls’
This book contains over 60 of IT audit programs and checklists in all IT audit areas.
Direct Link: www.itgovernance.co.uk/products/3143
(3) ‘Corporate Strategic and Operational Controls’, Publisher: www.theiic.org
with Dr. F. Nasuti and Dr. C. Kyriazoglou.
Direct Link: http://www.theiic.org/publicationsbookstore/bookstore2.html
(4) ‘Implementing Management Controls for Small and Medium-Size Companies’   
AMAZON Kindle Books:www.amazon.com
Direct Link: http://www.amazon.com/dp/B007Z1WTOM
(5) ‘Pearls of Wisdom of the 7 Sages of Ancient Greece’
AMAZON Kindle Books:www.amazon.com
Direct Link: http://www.amazon.com/dp/B007YNPR8Q
Profile (1): http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919
Profile (2) http://www.managementexchange.com/users/nwstdt9cyq
Blog: http://businessmanagementcontrols.blogspot.com/
SSRN Free Publications: http://ssrn.com/author=1315434