This issue is my final installment devoted to business infrastructure. In my experience people respond to rules in two very different ways – they rebel or they embrace. Two opposing perspectives that imply rules function to consent or restrict a particular action. The job of the business leader is to harmonize these two seemingly conflicting viewpoints so that the business’s fundamental objectives are satisfied. To do so it is beneficial to have a context for rules. That is my ambition with this issue of The Business Odyssey.
I use the term Rules to convey clear and unambiguous standards not a convenient excuse to impose autocratic, arbitrary, or oppressive authority. Quite to the contrary, rules should serve as the foundation to thoughtfully empower people. Rules do so with explicit interpretations or appropriate actions the business has adopted to guide the response warranted for a particular circumstance. Rules enable the confident delegation of responsibilities as well as the preservation and routine replication of actions.
The discussion that follows focuses on business infrastructure’s dependency on rules. Previous issues have described people and things; those responsible and the tools used to effect an action. Rules are the explicit guidelines specifying what to do and when to do it. When People, Things and Rules are properly designed and effectively functioning this infrastructure improves performance and protects assets. So how I am going to define rules?
Business rules are the acceptable or approved actions expected to be applied to specific transactions, activities or decisions.
Business executives expect that certain routine activities will be handled consistently, correctly and timely. Rules are an explicit statement, best in writing, expressing the allowable or acceptable treatment to be applied to a specific action. Rules serve four distinct business needs: operations, reporting, compliance and protection.
Operational
The senior business executive’s primary concern is typically focused on making money. Making money is obviously accomplished with operations that create customer satisfaction, do so efficiently and is adaptable to change. The business’s operational activities convert the promise the company makes to its customers into the satisfaction the customer expects. Managing the operations ensures that the fidelity of the product or service the customer receives is consistent with the customer’s expectations. Moreover, doing so efficiently is required so that the business is profitable and capable of delivering the return expected by owners and providers of capital. Nevertheless, the executive can’t subordinate other important responsibilities to a single-minded focus on making money.
Senior executives need a frequent barometer to monitor operational effectiveness. The integrity of this barometer depends on the contributions of others and a common understanding of its meaning. Monitoring operations requires a shared understanding of the rules and how those rules are applied. A few examples of routine operational issues that require adherence to specific rules.
- Order processing
- Collecting money owed
- Scheduling production
- Manufacturing or production methods
- Product packaging
- Customer service
- Routine financial performance
- Selling
Reporting
Business executives depend on reliable and timely information. This information may be diagnostic or strategic. Regardless of the application the business executive depends on the veracity of the information relied upon to make decisions. Business executives depend on knowing what it is that they are looking at.
A recent client had the accounting staff produce a weekly operating report for its senior executives. Included as part of this operating report was the cash balance of each bank account. Pretty simple right? Well maybe not. As it turns out the executives thought they were looking at a cash balance reported by the bank at the end of the banking day. The accounting staff on-the-other hand was reporting the cash balance showing at the time (most often mid-day) and was adjusted by deducting outstanding disbursements. Either one of these was legitimate. In this case however, two different definitions of cash balance was used. Executives thought cash balance meant one thing and the accounting staff was reporting something different. This is not an example of accounting incompetence but rather an example of ambiguity arising from the absence of clearly defined rules. And no one, that is until I looked at it, thought to consider the possibility that a discrepancy of meaning existed. A discrepancy that was compromising the reporting of cash balance. This observation naturally led to suspicion towards other reported numbers.
Another example from the same client. I was asked by the CEO to provide a comparison of current year billings to previous year billings. Despite the CEO’s impatience and dismissive demeanor I had a pretty good idea of what he was looking for. Nevertheless, my job was to advise him and the President of operational deficiencies and vulnerabilities, and I recognized that this simple request would allow me to expose just that. So I decided to ask a few of the accounting staff, who, had I not been there, would have been the target of that question, what was meant by billings. This was not a formal term the company used. And as no surprise to me, I got as many definitions of billings as people I asked, all different I will add.
The point is clear, the absence of rules, in this case the measure of dollars committed to the company collected or promised, would produce misleading information. The absence of rules dictating what things mean will result in people making-up their own definitions. Some of these definitions will be approximately correct but there will be subtle and not so subtle differences. One of the roles that rules play is to eliminate misunderstandings, ambiguities and misinterpretations. Standardized definitions are but one form rules can be found.
But this application is critical especially when looking at financial reports. Most of the accounting standards that exist are simply detailed statements of what a term or phrase means. It is critical that all financial reports be free of ambiguity, errors and other misleading information. Similarly estimates or projections are often required. This should be clearly recognizable and qualified with the underlying assumptions. For a report to be reliable it must be free of ambiguity and errors. Rules establish the standards used when reports are prepared. Without these standards the integrity of what is reported is severely compromised.
Compliance
Businesses are expected to comply with many different kinds of legal requirements. This legal requirements include taxes, human resources, contracts, environmental and safety regulations as well as countless others. Most of these legal requirements include reporting obligations together with an agency’s right to verify compliance. When a failure to comply is discovered there are often serious fines and penalties. Thus businesses are oftentimes required to verify that they operate in a lawful manner and have satisfied legal obligations. Meaning a business needs to demonstrate convincingly to an outsider that is adhering to legal rules.
Protection
Rules also serve to protect the assets of the business from fraud, manipulation, or threat. The following are examples of rules applied for purposes of protection.
- Segregation of duties – separating authorization, custody, and record keeping roles to prevent fraud or error by one person.
- Authorization of transactions – review of particular transactions by an appropriate person.
- Retention of records – maintaining documentation to substantiate transactions.
- Supervision or monitoring of operations – observation or review of ongoing operational activity.
- Physical safeguards – usage of cameras, locks, or physical barriers to protect property, such as merchandise inventory.
- Top-level reviews – analysis of actual results versus organizational goals or plans, periodic and regular operational reviews, metrics, and other routine diagnostic indicators.
- IT general controls – security, to ensure access to systems and data is restricted to authorized personnel, such as usage of passwords and review of access logs; and change management, to ensure program code is properly controlled, such as separation of production and test environments, system and user testing of changes prior to acceptance, and controls over migration of code into production.
- IT application controls – Controls over information processing enforced by IT applications, such as edit checks to validate data entry, accounting for transactions in numerical sequences, and comparing file totals with control accounts.
Rules take many forms and serve multiple purposes. It is the responsibility of senior executives, owners and directors to ensure that the business infrastructure incorporates rules that are clear, unambiguous and properly conceived.