After everything else is in place, the COSO SOX compliance aspect of Monitoring ensures that everything is working as it should, and that when changes to the business occur, there are changes made accordingly to policies, procedures, authorizations, approvals, information reports, communication methods, computer systems, documentation, etc. to reflect those changes within the organizations standard operating procedures. Monitoring gives us the confidence to know that we have integrity in our organization’s operations.
Monitoring is not a witch-hunt for guilty parties. There is the danger of animosity between the monitors and those being monitored. All employees must understand that to err is human. The monitoring function helps to catch small errors before they become big mistakes. Realizing that the supply chain is both internal and external with its interconnected links, a small error early in the supply chain can be disastrous later in the supply chain. Monitoring can also help to identify process bottlenecks and other impediments to operational efficiencies.
Monitoring should not be intrusive to an employee’s job function. Monitoring should be performed with enough frequency to give reasonable assurance that necessary controls are in place without impeding upon an employee’s performance. Likewise, monitoring should be “real”. For example, setting up dummy security cameras works until the employees stealing from the organization realize that they are fakes. Worse, the organization may be under a false belief that the fake cameras are keeping thefts at bay while in fact thefts are happening because the fake cameras have been exposed for what they are. The Association of Certified Fraud Examiners recognizes that the perception of detection is one of the greatest deterrents to fraud. But the perception must be real, not imaginary!
Monitoring should actually occur. Organizations should not demand that employees go through extra steps to ensure data is collected only to not use that data for monitoring. Once this is discovered, it is possible that the employees will either cease the data collection function or not be as concerned with the accuracy of the data collected. Either way, the employee will realize that the collected data has no use and takes time away from other tasks or breaks, whether authorized or not.
In terms of ensuring integrity in our supply chain, monitoring can take on many different forms. The organization should monitor the performance of its suppliers in terms of shipment accuracy (“were the right goods shipped”), timeliness (“did we receive the shipment on time”), and fulfillment (“were all of the goods we ordered shipped”), as a few examples. The same can be said of internal departments. For example, is the warehouse delivering the right raw materials when needed to manufacturing? Is quality assurance processing test samples on a timely basis? The organization needs to know if a supplier or department is not performing to their best or necessary abilities and causing disruptions to other links of the supply chain.
Vehicle and equipment preventative maintenance programs are another form of monitoring, and can help avert costly downtime, repair, and replacement. In much the same way that airline pilots perform an inspection of their aircraft before takeoff, vehicle drivers, forklift operators, and machine users should all be trained on and expected to perform similar inspections before use. This helps to put the maintenance department on notice that there is oversight of their work. Organizations should consider requiring the submission of maintenance logs with employee time cards to the human resources department as an added level of oversight.
A very effective means of monitoring is via software programs that cross-check data at different points in our supply chain. This requires the migration from paper forms to electronic data, and that data gaps are closed. Let’s take the purchasing process as an example. Our organization submits a purchase order (PO) to a supplier. The supplier sends the physical shipment and hopefully an electronic bill-of-lading (e-BOL). Since the e-BOL will arrive faster than the physical shipment, we can immediately compare it to the PO: is the supplier sending us all or part of what we ordered? The ability to know this as soon as possible, including whether the correct goods are likely to arrive or not, could be critical to our supply chain’s performance. If we can receive via barcode label scanning, we can compare our receipt to the e-BOL and the PO. Were we physically shipped what the supplier told us they were sending? Did theft occur along the way? Did the supplier fail to send everything on the e-BOL? Are our receiving employees stealing from us? When the supplier sends the (electronic) invoice, our monitoring process should ensure that we pay only for the correct goods received in first-quality condition. The validation of data between the PO, e-BOL, receipt, and invoice is a very effective monitoring to ensure integrity in this part of the supply chain. And let’s not overlook matching the shipping paperwork to the e-BOL and barcode scanning receiving data. As much as organizations should look to move from paper to paperless when possible, some paperwork will continue to exist for a while, and its value should not be understated.
In all of the above examples, one uniform goal of the monitoring process was to trap problems at their source before they rippled through the supply chain. Not only will this prevent small problems from becoming huge disasters, but the small problems will be easier to investigate, diagnose, and correct if identified at the source.
Our thanks to this article’s author, Norman Katz, CFE, President of Katzscan, Inc. (www.katzscan.com). of Katzscan, Inc. is a consulting firm located just 20 minutes north of Fort Lauderdale, Florida, specializing in supply chain technologies & operations. Norman graduated from the University of Florida in 1985 with a Bachelor of Science degree in Business Administration majoring in Computer Information Sciences. Norman is a Certified Fraud Examiner, a Florida licensed Private Investigator, and holds a Certification in Corporate Governance from Tulane University College of Law. Information on detecting and reducing fraud in the supply chain can be found at www.supplychainfraud.com. Information on supply chain governance can be found at www.supplychainsox.com. Norman can be e-mailed through his web sites or contacted by telephone at 954-942-4141.
DISCLAIMER: This Corporate Governance article is provided as an informational resource and does not constitute legal advice. The information provided in this article is based on the laws in effect at the time the article was published. Laws related to this article’s topics may change over the course of time. Visitors to this website should not rely upon or act upon this information without seeking professional legal counsel.