How block chain auditing can help you see the woods from the trees.
I recently read a very interesting article by Dr Jacqueline Conway from Waldencroft titled “The cost of organisational silos”. In the article Dr Conway describes how organisational silos conceal risk and cites the example of UBS;
“These executive leaders believed that the bank was both healthy and safe. UBS had become so large and complex and “riddled with structural silos” that no-one really knew what was going on. Not the leaders, not the risk managers, not the regulators.”Conway, J.The cost of organisational silos. Retrieved March 11, 2019, from https://www.linkedin.com/pulse/cost-organisational-silos-dr-jacqueline-conway/
Typically, these silos hide the true business processes that are often cross-departmental. It is this inter-departmental activity that deliver outputs and outcomes to customers and results in value for shareholders and other stakeholders.
Outdated traditional auditing
In this case the problem with silo auditing is that reports focus on effective departmental silo performance and not the end to end business process performance. Of course, the other effect is that each department may be 95% effective when viewed in isolation. But when viewed as a process, lets say of three departments, the overall performance isn’t 95%; it is 95%x95%x95% and therefore 85.7%. Departmental silo auditing masks the true effectiveness to the delivery of business outcomes.
The risk is that audit schedules are based on processes as silos where the cross-departmental nature is hidden. Senior managers will comply and demonstrate they are able to identify risks and that the appropriate actions take place. Risk based business process auditing requires the collection of meaningful evidence where the inputs and outputs between different departments within the same business process need to identified. That evidence being analysed to produce a report highlighting risks to business outcomes is complex not least because the evidence is one department experience the output of another.
Block chain auditing focuses on outcomes
The future is to look past the silos and focus on people impacted by the processes and actions. For example, if our HR department has a people management process, aren’t we better off asking the employees what they experience of the HR Departments activities rather than just speaking with the HR department? Different types of employee will be experiencing what the HR Dept do based on the context and their unique job role. In auditing terms these are individual blocks of data. By asking a large range of people or blocks we can explore the true nature of a cross-departmental process where people are interacting as a chain – hence block chain auditing. By involving different participants as blocks we remove the value judgements because the output of each block is checked against the experience of the next as to its value and impact.
So why aren’t we doing this already?
Seems straight forward, but this isn’t an approach adopted by many organisations, mainly for two reasons;
- Change is difficult – it can be hard for individuals and organisations to embrace change. But if we are to improve, then change we must.
- Capacity – Interviewing 100+ employees that comprise a single cross-departmental process is time consuming. It can get very complex and analysing all the interactions can be beyond a single auditor to collect, analyse and report. We must look to tools which enable us to achieve this.
Digitising risk and compliance
In summary, using block chain technology and experiential audit techniques allows us to digitise audit evidence and translate the importance of this in terms of risk to cross-departmental process outcomes.
About the author: Ian Rosam from HPO Risk Solutions is focused on helping organisations digitise risk & compliance by leveraging the power of cloud, block chain and AI tools to optimise business and compliance performance.