Author: Sj. (Sjoerd) Vredenberg
Woken up and even dismayed by integrity incidents, organizations are busy identifying initiatives which can contribute to the reduction of integrity risks. It is at least as important to actually implement those measures and determine whether this control actually contributes to risk mitigation. In this article we focus on control. Are you in the driver's seat and steering in the right direction?
Setting standards is followed by Control
In a recent article we explained the necessity of determining vulnerability (Risk Profile) and how to deal with the 'red line' (Set standards).
While Setting standards, the integrity violation – the 'red line' – is defined by the organization: what is allowed and what is definitely not allowed (anymore). Setting standards also includes coming up with measures that can detect, reduce and correct the causes of, the violation itself and its consequences.
Setting standards will be followed by Control: implementing what has been devised in order to reduce integrity risks, verifying whether this is actually happening, determining that it is effective and, if necessary, taking action to improve control.
Control means: execution
Control concerns actually carrying out of what has been devised, the standard. Control is primarily about actively recognizing, preventing and cure. In any case: execution!
An example:
The organization's Safe working environment policy sets the objective: 'increasing awareness of undesirable behavior among management and board.' This clearly defines what the organization wants to achieve in terms of control to prevent an unsafe working environment.
The standard has been set!
In a project the HR department has realized that the 'Modern leadership' training is a mandatory part of onboarding new managers and directors. A refreshment course has also been developed for existing management. A planning has been made for these training initiatives and invitations are being sent quarterly.
Control has been designed, set up and is being executed.
Provable assurance
In case devised and designed measures actually have been implemented and are being executed, a significant part of Control has been achieved. But we're not there yet...
Verifying the actual execution, is also part of Control (including the ability to demonstrate/prove when asked). In order to avoid any confusion, we call it Validation in this article.
The organization wants to ensure that the new 'Modern leadership' training in the introduction program for new managers and directors does not remain a one-time version of a good intention.
Moreover, the organization wants to be sure that all new managers and directors who joined the organization between the previous and the current training, did participate.
And were it really the new managers and directors themselves participating the training?
Following the training in a much later stage due to the inability to attend as planned, is not what the organization wants either.
Is nothing or no one slipping through the cracks (completeness), isn't it coming 'too late in the day' (timeliness) and was execution done in the right manner (correctness)? That is what Validation focuses on.
Validation leads to 'additional' activities surrounding the measure itself (the training in the example), with the aim to determine whether what was planned and intended has been done.
Does it make sense?
Measures have been devised and designed, they are carried out and it is demonstrably validated that this is done completely, on time and correctly. But, does it make sense to make all these efforts? The answer should, without doubt, be positive.
Measures are assumed to reduce the integrity risk.
In the long run, the measures should reduce the number of integrity incidents. And that is what the organization moreover wants to determine..
The new 'Modern leadership' training has been created to reduce the risk of an unsafe working environment. The organization has chosen to carry out a one-off baseline measurement among the entire staff before the start of the new training, with the aim to determine to what extent a safe working environment is experienced. Now that the introduction program has been expanded with the new training and refreshmnt course, questions about a safe working environment and undesirable behavior are standard part of the annual employee satisfaction survey and of individual performance reviews.
By analyzing, the organization has been able to determine that this particular measure definitely contributes to reducing the integrity risk!
Improve
Being a final element of integrity control, continuous learning and improvement is essential. Action and improvement management is an integral part of Control.
Evaluating the training 'Modern leadership' has resulted in an improvement action that next quarter the course will be sharpened due to the gender diversity aspect.
Control concerns: knowing the standard, carrying out measures, determining their execution, verifying effectiveness and improving where necessary.
For the print version of this article, click here.
Comments