The AGM in question had the usual agenda, one item of which was the presentation of the accounts and approval by the auditors.
Except this time the auditors refused to sign off the accounts.
We got into a big discussion over this and there were many factors and reasons that were quoted (or inferred). But the main reason seemed to be quite straightforward: The accounts folks were not following prescribed procedures. Mainly this related to expense payments. There did not appear to be a sufficient audit trail stretching back through the system to satisfy the auditors that funds were being appropriately distributed.
We had cash payments being made for (legitimate) services but no record of that payment ever having being received. The auditors (and the committee) did point out that there was no implication of wrongdoing anywhere down the line but the auditors pointed out, quite rightly, that lax accounting controls did open the group up for accusations of misconduct or fraud.
So what went wrong?
Well in an earlier incarnation I was actually a senior person in this group and I had cheque signing authority. I made it a point when signing checks to only sign them when I was sure that the appropriate document trail existed (that's my audit background coming through). During my tenure there was never a bad comment from the auditors.
However in the interim it appears that things have started to get a little lax. Cheques were signed based on 'goodwill' (i.e. 'we know the person submitting the claim, we trust them and we know they made the payment they were talking about') and whilst that is an appropriate human sentiment which results in better relations with the membership and speedier payment of expense claims, it just doesn't wash with the auditors.
Overall the sums in question are not huge - not by any means - but that is no excuse for not following appropriate process. After all nobody can legitimately say 'This is the process for doing something - but you only need to do it if you think it's important' The process is the one that is followed in all circumstances. Granted, you can have a process which has multiple levels within it (say for enabling different types of authorisation for different levels of payment) but this is still a process, and it still needs to be followed.
I think this is indicative of a lot of process issues that occur in companies.
Processes are put together (sometimes officially, sometimes unofficially) but over time things start to get a little 'lax'. Shortcuts are taken. Personal relationships are exploited. Corners are cut. Over time these little shortcuts start to become the norm and pretty soon you are running with a process that is no longer robust and auditable, and you are opening yourself up for the potential for loss, fraud or corruption.
How many times have you, for example, had a PC issue and - rather than ringing the help desk - you've gone directly to your friend who knows about these things and had he or she fix the problem directly? I bet you know someone who's done that. Or what about trying to get authorisation for a project, or an initiative, or something similar to that? Have you ever 'massaged' the figures to make the ROI look a little better just so that you didn't have to follow a more in-depth approval process? What about splitting purchases out into smaller ones so that each payment didn't cross an authorisation threshold but could be approved within your own payment band? These are all items I've seen or come across which are 'shortcuts' in a process (You can read about another incredibly simple, but potentially damaging one here).
We all know it goes on. We probably all do it as well.
So how can we stop it? Suggestions please.....
The Perfect Process Project Second Edition' is now available. Don't miss the chance to get this valuable insight into how to make business processes work for you. Click this link and follow the instructions to get this book.
All information is Copyright (C) G Comerford