One of the tasks I get around to not nearly as frequently as I should, is to empty out my wardrobe. I periodically review all of my clothes and ask myself ‘Does it still fit?’ ‘Did the reason I bought this still exist and make sense?’ ‘Is it worn out?’ ‘Is it still in fashion?’ Then the killer question – ‘have a I worn this in the last six months or year?’.
I end up putting a whole section of my wardrobe in the bin or take it to the charity shop. I also rediscover items I forgot about and looks and items that I loved once, and can still see me wearing. This then clears space for new items, new fashion, new (sadly more age-appropriate) items. This is a win, win: lots of additional space; an excuse to shop; and better and newer looks for my work and social life. It’s a great process and makes you feel great.
So if this is so good for me, why don’t I do this periodically? Well it is generally because it takes time. It takes time to sit and go through a wardrobe. It’s easier to add rather than subtract. It’s easier to buy something new when I have ‘nothing to wear’. If I don’t think about it I buy the same sorts of items and styles, because I know they are fine and comfortable. It’s a change-avoidant process.
I think internal controls in organisations are the same. Organisations rarely step back and declutter their control frameworks and actions. People continue to do stuff because it is familiar and comfortable. I’ve asked management colleagues why something is done the way it is. What’s the risk it is intended to manage or mitigate? Why do you do this manual thing when something newer and simpler could be done. Organisations have a tendency, and we as auditors can be at best collusive, and at worst encouraging, of more and more controls added. No management team has endless resource, but yet when something goes wrong they and their organisations rush to fix it with more process, more controls, more stuff to do.
So, accepting that it is easier to add then redesign or remove controls, why don’t more organisations empty their control ‘wardrobes’? I suspect because this requires thought. It requires time. It requires clear thinking. First it requires clear objectives. A clear and granular identification and then assessment of risks arising from those objectives. Then a mapping of current activity, processes, controls and resources to those risks. Then, finally, a confidence to stop doing things, move and divert resources. More than that, this process needs to be repeated periodically, and relentlessly, to maintain the efficient operation of the organisation.
Of course, it’s a paradox that the better an organisation is at risk, the less likely to be efficient at control it is. For crisis is the mother of invention and hard working. Choices in activities, resources, controls and activities are not going to be made, I’ve noticed, unless an organisation no longer has big profits and is in crisis. One reason why startups and small organisations are so inventive is because they have to be. They have to be more efficient and effective and make choices in what they do. Large, profitable, organisations are much less likely to be forced to make difficult choices and prioritise activity.
As internal auditors we should be at the vanguard of organisational improvement and be the pressure on successful organisations to continue to be more efficient. I am unlike the normal expectation of the CAE. I am not particularly rules based, I much prefer principles focused on tangible outcomes required. So I try not to just add control, but instead ask for meaningful control. I am, however, guilty as charged in that I do generally require more control, not less, normally for good reasons but oftentimes because I simply like the order control brings.
So can I take my wardrobe emptying task to work and should I? I think the answer to both will be yes. Will you?