A statement on policy and procedures Issues as they relate to managements views and lord flings with regard to MOB A-123 audits. Writing position papers on justification of actions taken has raised some questions about control. There seems to be a shift in the mind set of managers now that Section 404 of Sox’s (documentation) has really kicked in with compliance performance of the financial managers responsibility or in others words , who has or had authority ,command, and control of the process.
The cause and effect of policy often goes against the procedures that are written to enforce the objectives of the policy. This is the standard loop hole in the blame game of shifting responsibility to the weakest component In the chain of custody process. In researching this Issue a new term has been developing in my statement writings, reciprocal responsibility. This reinforces the checks and balance that Is Intended to be In place at the out set.
Most players In this game like this idea but there’s not enough wiggle room for them. What they really want is assurance that the process is the root cause and not the policy. Managers enforce policy. Policy and procedures must be reciprocal to be effective and efficient. Most of the regulations allow for this sort of dialog to take place and encourage it, which is why Serbians-Solely is so board in its overall concept.
Section 404 barely consist of a whole paragraph Thus allowing for broad interpretation for unknown circumstances yet to be considered (lessons learned) have successfully brought together adversarial components of major operational programs to bring clarity, understanding, and appreciation of each opposing inherent view of responsibility, objectives, and concerns that cause conflict In Information flow. By Its very nature, program management Is very personal and control Is a major part of that activity.
Most people are reluctant to surrender that control; if it is perceived to be critical to their status in terms of command and control, even if it is not required. No one wants to be at the bottom of the pecking order in the chain of command. In risk management, some managers take on needless risk Just to maintain control… This must be explained to managers, that one does not need to own something to control it. Depending on the function, ownership does not define control… Authority is the overriding criteria for control. Internal Controls only work well in the environment that they were designed for”.
Just as in the physical law of nature, the adjustments to correct a problem can be Just as disastrous even with proper controls. ‘The operation was a success, but the patient died’. Internal Controls have hit the wall of slightly criteria on the subject of materially to meet the level of reasonableness of the consideration given. And expectation of the outcome. “To support the conclusion, that the market will and can correct itself. With the proper internal controls is a fair assumption. As with policy and procedures they too household be capable of self adjusting to the demands of the process.
But too much too soon is critical mass for any system to continue to function as intended. The Law of Diminishing Returns takes over and this is what happens when controls are not built to withstand the limitless aggression of greed. ” There should be a certain amount of flexibility built-in to standards of control to allow for the occasional exception to the rules, but this should only be applied when not approving the event causes more harm than good. Standards must change to remain standards Donald J. White CAFE/SOX November 28, 2012