A Matter of Trust
Remember Radar O’Reilly of the M*A*S*H 4077th? The over-efficient corporal brought order to the chaos of the Korean War, at least a small portion popularized on television. His trusty clipboard in hand, Radar kept a steady stream of supply requisitions and furlough approvals flowing under the unwitting nose of Col. Blake who perfunctorily signed each form knowing that Radar had things under control. Always just a tad smarter than his boss, Radar knew the ins and outs of getting things done and, as a result, was entrusted with the unofficial authority to see that they did.
The business world is not so trusting. Internal controls, both accounting and operational, serve to hog-tie Mr. O’Reilly’s corporate counterparts from achieving the same kind of hyper-efficiency practiced at the 4077th. The mandate for checks and cross-checks, for supervisor scrutiny and independent review often hampers productivity more than it prevents defalcation. Business practices are designed around the fear that employees are crooks. Auditors demand segregation of duties, controllers clamor for joint custody of assets, dual authorizations and planned job rotations. In some cases the controls become so elaborate that virtually nothing gets done without the consensus of three or more people.
This is probably appropriate in some cases. Even the saints among us might subscribe if the temptation is high enough. PharMor, Barings Bank and Daiwa Bank are just a few examples of the consequences that occur when a tight set of internal controls is absent.
But most employees are not rogue traders, nor are they prone to weasel away millions of dollars even if given the opportunity. Regardless of how often auditors and CFO’s wring their hands over control standards, a company’s fiscal well-being is protected primarily by one solitary factor: honest people. Whether we want to admit it or not, secretaries, clerks, and assistants all wield enormous power for the things they do not do. They are often entrusted with the details of larger issues, seeing to it that the directives of the management suites are carried out. For the most part, they do not steal, pillage or distort information for their own benefit. Perhaps it’s time we stopped creating elaborate systems of checks and balances to ensure Radar doesn’t send an unconditional surrender to the North Koreans.
Virtually any set of control procedures can be circumvented by a dishonest individual. Intelligence is not even a pre-requisite. At my mid-size bank, we maintain strict control over a set of keys to the collateral note file. The keys are locked away in a secure box which is further tucked away it the bank vault. Access to the box of keys is guarded by none other than the administrative secretary, the Radar of the bank. Each year the auditors raise the same issue - the secretary has access to negotiable instruments - and each year we respond in the same way; If not her, then who? Someone has to have access to the box and most of the other administrative employees are eliminated by virtue of their access to accounting records. Hence, the bank is reduced (some would say elevated) to trusting that the secretary will not abscond with a suitcase of bearer bonds and send a postcard resignation from the Cayman Islands.
By selectively peeling back the layers of control procedures businesses accomplish two things: they dignify the employee and they promote efficiency. Internal controls by their very nature engender mistrust. The fewer controls imposed over a person’s job duties the more latitude that person has to exercise judgment and feel empowered. I recently eliminated a cumbersome set of control procedures over ACH processing in my bank. In doing so, I acknowledge that criticism may be heaped on me by auditors and regulators, yet the processing time has decreased, staff morale is up and we’re getting more done with the same level of resources as before. It works because I have a key person (my Radar) that I can trust. Am I naïve? Setting myself up to be burned? I don’t think so. The odds are in my favor. Honesty is still the best policy for the vast majority of employees.
Internal controls are an integral part of a business. They create a safety net for the conduct of normal business operations, insuring that unintentional errors do not go undetected and discouraging intentional wrong-doing. Most, but not all, errors or defalcations will be caught by a good system of internal controls, a system that encompasses a cost/benefit trade-off that rejects control procedures when they impair business opportunities. Good employees will always be the key component of any control system. If you think Radar would send that unconditional surrender, your best control is a pink slip.
Chris B. Call is a Chief Financial Officer and former auditor, and has had articles published in the American Banker, AgriFinance, Across the Board, and Farm Times.
Many more articles in The CFO Refresher in The CEO Refresher Archives