The Merchant of Venice & Internal Audit

Ever wondered who the first internal auditors were? What skills they applied? What enterprises solicited their services and why. Those who know me, know I’m a firm believer in the idea that there is nothing new under the sun. Finding out the history of a profession and it’s evolution often reveals a lot more about the enterprises and stakeholders to whom the profession renders service. Such discovery is the best career advice to give to young people making up their minds on what they want to do.

I’m very often called on to provide introductory primers to audiences of nonprofit implementers on what internal audit is and even on “how to pass the audit”. I love doing it. I reveal novel insides like “auditors are people” and “don’t upset the auditors”. As I do, I sit back in my mind and marvel at audience reactions. You will be surprised how many people don’t know internal auditors are people. I also love giving insides on how to pass audit. It helps me dispel the fallacy that we auditors are some sadist evaluators looking to fail people, on job exams of sorts. All of that wrong on many levels.

One story I often invoke, in part to spice the conversation but equally to remind people of the organic basis for auditing is Shakespeare’s the Merchant of Venice. Imagine it. The people signed up for an internal audit introduction and then get to hear about Shakespeare’s work. So what‘s the connection? If you are like me and had to read the play in middle school, I hope you were as fascinated by “all that glitters is not gold” revelation in Act II, after all, is that not one lesson we all continue to learn in our adult lives and in the practice of audit? We call it professional skepticism today. But that was just the first digression. The play opens with a sad merchant, worried by the faith of his big bet investments. He has in effect placed all his eggs in one basket, in his case, vessels at sea. Another lesson on risk management and a second digression on my part.

The real lesson to draw in my view is what is missing from the merchant’s enterprise – an internal auditor. Many have questioned why Antonio (the merchant) was sad in the opening act of the play, filled with “melancholy”. Was it for his friend embarking on the consuming enterprise of marriage, that would take him away from their time together? Was it for parting away from his goods on vessels at sea? Was it for the unsavory feeling of making exorbitant profits like Shylock, the Semite he abhorred? I say Antonio was faced with a corporate governance challenge, impacting many stakeholders. An internal auditor could have helped him to examine the governance, risk management and control framework for his enterprise and activities. Consider the issues, financial risks of too much debt or loss due to pirates, market/demand risks if he invested in the wrong goods, operational risk if his ship captains failed to navigate safely, hazard risks from the seas, the social scorn from executive remuneration etc. His friends and collaborators tried, in their ways to be auditors of sorts, hinting at risks. He was sad and did not know why because the internal audit profession had not yet been created. Everyone paid dearly for not having auditors.

McDonald’s Starts Serving McTech to Survive in the Modern Age — Any lessons for Nonprofits?

What does it mean that Macdonald is serving McTech? And what can nonprofits learn from this iconic company that feeds 1% of the world’s population? There is much to learn in my view. And not the least of which of course is MacDonald’s ability to connect with people worldwide and deliver the same tasty big Mac!

Let’s see, Macdonald is going back to its roots, it’s not about the tech – that part is just presentation, it’s about customer intimacy, not to be confused with engagement, its intimacy. And what has reminded Macdonald’s management about intimacy, Amazon, it is the modern day wizard at it. Amazon knows their customers and the products/services intimately and matches the two to fit like a hand in a glove. They take the thinking and worry out of it and what you have left is called “delight”, which invariably translates to cha-ching! The feeling  builds trust and good brand loyalty, when supported by good delivery – customer journey.

At the height of its dominance, Macdonald understood what those tired parents, coming back from the school game with restless kids needed. It was something, simple, predictable, quick and able to satisfy everyone’s taste buds and to keep everyone happy. It was the “happy meal” together with toys, playgrounds, the homely feeling of eating together in the car. For a while though, Macdonald started focusing on costs, we know the “dollar menu” and on operational excellence, that is cost/quality, also known as “value for money”. That was good and it allowed them to expand worldwide but it started leaving “delight” behind, Five Guys, Chic-fil A and others moved in to take some of their customers.

I hear a lot of talk about nonprofit donors wanting “value for money”. Is that really true? Sometimes I have my doubts and wonder if they just want to be delighted. One of the challenges in nonprofit work is the distance between those paying for the services, the donors and those receiving the services, the clients (check my recent blog post on this). Often donors never get to know who received the services. For this reason, value for money is mostly just an abstract idea to donors, just a hedging mechanism. This is one reason why western donors ignore some of the worst crises around the world, until a western face decries it. Oh no, that is not a judgment on the donors, its just a reflection of the distance between donors and beneficiaries and the nonprofit challenge. Many nonprofits struggle and I know work their hearts out to bridge this distance everyday. It will be nice to see more nonprofits move away from formulating strategies entirely based on achieving value for money and more based on intimacy and doing so on the two ends of their value chain, the donors and the clients (beneficiaries). Digitization and the digital revolution is an opportunity for nonprofits to reframe their value proposition with donors and clients.

Below is a link to the article that discusses Macdonald serving “McTech”. It got me going. Please read and share your views. What is your opinion of nonprofit corporate strategy designs today? How can they leverage digitization and the digital revolution to explore other strategy dimensions?

McDonald’s Starts Serving McTech to Survive in the Modern Age

McDonald’s Starts Serving McTech to Survive in the Modern Age


— Read on longreads.com/2019/10/02/mcdonalds-starts-serving-mctech-to-survive-in-the-modern-age/

10 Things Keeping Nonprofit Auditors Up At Night – The NonProfit Times Article

What is on your audit plan for 2019? Have you begun to consider topics to address? Here’s a list of the top 10 challenges keeping nonprofit auditors up at night, and possible remedies (see link below) to help auditors continue their critical contributions to nonprofits.

  1. Changes to organizational strategy
  2. Organizational culture
  3. New technology
  4. Cybersecurity
  5. Compliance with funder requirements
  6. Financial controls
  7. Reliance on third parties
  8. Procurement procedures
  9. Transportation and distribution (logistics)
  10. Fraud and corruption

What do you think? I definitely agree with a good many of the items on the list.

In my experience the challenge is that nonprofit management and boards tend to constraint auditors to execute cyclical and compliance based audits of various organization segments/units and organization partners. This mostly out of habit and such audits tend to miss important entity level risks.

Click the article for more details and for some great proposed remedies. I might add that I know the authors well and they are quite knowledgeable about the challenges.

Source: 10 Things Keeping Nonprofit Auditors Up At Night – The NonProfit Times

Tip of the week— it’s the integrity

I recently watched an old video about Warren Buffett, wherein he described how he picks winners – that is people (company leaders) he will trust his investments with. It said he uses three criteria. He started with the second characteristic, which he called energy, then moved to a third which was intelligence. It was not just regular intelligence. It was what was termed adaptive intelligence. An example he gave was a person running towards a destination and on seeing a post in the way, taking measures to avoid the post or minimize its impact, so as to continue running towards the destination – rather simple but key. Now it was the first and most important criterion he cited, integrity that most impressed me. By integrity the Buffet meant knowing when to say no. Basically integrity meant knowing limits and not overcommitting. As an example he discussed how a child understands love. A child understands love to mean time, time spent. Integrity is therefore reflected in commitments made and time spend to correspond with the commitments. Saying no to things we claim are not as important and spending the resources on what we say is important.

As an auditor, I look for integrity in the budget figures and other similar governance documents. When I see no resources committed to a goal e.g. no full time staff or worse staff committed without awarding the needed resourcing or awarding unsteady (reactionary) resource levels, I immediately know and understand the business goal is not critical or prioritized.

Many leaders today regrettably pay lip service to goals around culture, compliance and internal controls, but they lack the resources to support it. Where is the culture budget, the compliance budget – how does our annual budget reflect commitment to stewardship. Particularly, in our nonprofit sectors, where the mission can become an easy cop out to making important business investments towards internal controls and compliance goals. Where stewardship is often about cutting cost rather than investing in robust cultures and infrastructure to support stewardship. Often it’s just that missing leadership quality called integrity and we should look for it our leaders and all our staff.

Endpoints are the Front Line in the Battle for Effective Cybersecurity

Endpoints are the “ends of the network” – your computer, mobile device, internet connected devices etc – we (people, devices, bad actors) interface with endpoints to connect to computing networks, the internet and cyberspace.

I like how the article below uses a comparison to the game of chess to reemphasize the important role endpoints play in effective cybersecurity. To the chess novice, pawns are many and dispensable, like endpoints are many and cost little relative to the value of information on networks. No, those endpoints and the trends in their use are foundational to your cyber defense.

One more point, data is created and transformed at endpoints, and in my view it is best to think of data as the ultimate endpoint. So really, start you cyber security plans with your knowledge of data and data governance — donors, employees, volunteers, clients (beneficiaries), partners, collaborators, vendors.

Endpoints are the Front Line in the Battle for Effective Cybersecurity

Endpoints are the Front Line in the Battle for Effective Cybersecurity


— Read on securityboulevard.com/2019/10/endpoints-are-the-front-line-in-the-battle-for-effective-cybersecurity/

Nonprofits should consider internet isolation cloud solutions in their IT security designs

Sharing below a nice article on internet isolation cloud solutions as a paradigm for implementing security.

A boundary-less IT security defense architecture (design) is definitely one that nonprofits should consider. And the reason for this is business necessity.

Nonprofit business architectures (designs) continue to require operational and even strategic collaboration and partnerships with a variety of global and local partners. These partners are all over the world and in some cases include national governments. The data nonprofits handle includes that of vulnerable and insecure populations. To operate effectively with such populations, nonprofits must maintain relationships of trust with these clients. The trust must in turn be supported by robust data stewardship and security practices, including regulatory compliance regimes. This is because for nonprofit enterprises to be effective today and looking ahead into the future, their sensitive data will need to be shared more often. They will be more exposed to partners having different IT capabilities and a amyriad IT security postures, including no security capacity.

Nonprofit IT security designs must follow the direction of their business designs or fail to be effective in business environments and relationships they must support.

Let me know what you think of the article.

securityboulevard.com/2019/09/internet-isolation-cloud-introducing-a-new-paradigm/

Effective nonprofit auditors think of the customers served to understand risks

One of the main reasons running a nonprofit is very challenging is that it is really difficult to tell who the customer is. Without a good sense of who the customer is, it is difficult to define a clear value proposition and to have a sustainable business and corporate strategy. Why the mention of strategy, the most important risks are strategy risks, all others follow from it in my experience. It may not be obvious but I would also add that without this perspective nonprofit auditors may find themselves speaking an entirely different language from nonprofit executives. Very simply put revenue matters, else there is nothing to really talk about.

So who is the nonprofit’s customer?

Is it the donors that provide the resources and funds needed to carryout the nonprofit’s mission? If so what are they getting out of it? Most donors only have a limited understanding of who receives services. Is it the beneficiaries or clients served by the nonprofit’s mission? These clients pay nothing or less than the costs, so in what way are they the customers? Are the communities and local governments whose populations nonprofits serve the customers? It is true they give the social or even legal access to the populations served but they don’t pay for the services or directly receive the services. Nonprofits in effect do the work that communities and local governments should have done. There is also the question of volunteers, they can be thought of as customers too, they too offer their time and in some cases expertise.

There is no simple answer to the question who is the nonprofit’s customer, many articles and books have discussed it, its one of those chicken and egg problems. The simple fact is that effective nonprofit work, as a business challenge is far more complex than many people realize, and when auditors sit in-front of nonprofit executives and directors they should keep this in mind.

Pay attention, change is not fast

2318333_db03eaaaThis past spring I learned something very insightful by simply staying alert to my surrounds on my commute to work. It may sound like a cliche but nature has a lot to teach us, if we take a minute to notice. But truly, what can have more insight and lessons on change than nature? Mother nature has literally been dealing with change for millennia. Change is not new to it and we can expect it  to have lessons to share on the subject, it thrives on it, just go to your local park and check.

My big lesson was that change may at times be sneaky or elusive but it is never fast. So please let’s all stop talking about the speed of change. There is always more than enough time to detect and deal with change. As an auditor I find this a very useful revelation.

beech-forest-2212473_960_720

In my opinion, no season beats the spring. I can hardly ever wait for the green leaves to fill the often bare and woody scenery of winter in south Maryland. This year’s spring I was extra eager. I wanted to get to my yard and start working on my plants, the many spring projects I had dreamt about — including the inspirations I drew from binging on YouTube gardening and DIY videos, all winter. So I anxiously took stock of all signs of spring this year. One thing I noticed was that the wooded areas on my daily eight minute drive to the commuter train I take to Washington DC. Each day I stared at the leafless trees wondering when they would change. Gradually, I began noticing the tiny buds on the branches. I wondered to myself when they would fill the space and once more hide the many single family homes just beyond them. It took a good three weeks, and I had stopped paying attention, when suddenly the sight of the homes  in the background had disappeared, as I drove by one morning. I quickly reflected back on how the tiny little leaves struggled to fill the space, just a few weeks earlier.

Companies like Eastman Kodak did not disappear in one shot, neither did Blockbuster or has Sears Roebuck today. Their management simply did not see the change coming. We can rest assured that the change did not come fast. Just like in nature, it was slow and steady in the build up and that is why it was not seen. All that is needed to handle change is to stay alert and respond to it. We should worry, when we’re are not detecting change and when we do detect it we should embrace it because it will not go away by us ignoring it.