Outlook on growth risks: auditors can help management assess the opportunities and problems the organization may encounter as it expands its business
Uday Gulvadi
WHILE ALL ORGANIZATIONS AIM TO grow, the path to achieving growth is anything but straightforward. Growth can be achieved through new products and services, geographic markets, customer segments, distribution channels, and lines of business as well as mergers and acquisitions. Each of these growth drivers represents different risks and opportunities for the business. The key to achieving sustainable growth lies in optimizing opportunities while balancing and containing the commensurate risks.
Growth risk management is a subset of enterprise risk management (ERM) that warrants senior management attention for organizations that are seeking aggressive growth. Although the chief executive officer (CEO) and senior management are responsible for managing growth risks, chief audit executives (CAEs) can enhance the quality of the process by facilitating the inclusion of growth risk management considerations in the organization's overall strategic planning process, providing an objective assessment of the related controls and monitoring processes, and recommending measures to enhance the design and effectiveness of controls.
Whatever growth strategies an organization relies on, three components are important to increase its chances of success: understanding market needs; crafting a challenging, yet achievable, growth strategy; and ensuring the organization is ready to execute the growth plan. CAEs can help CEOs focus on the key risks in each component by centering the discussion on the most fundamental issues and raising appropriate questions.
DOES MANAGEMENT POSSESS A SOLID UNDERSTANDING OF THE MARKET'S DEMANDS? Auditors can answer this question by analyzing how thoroughly market risks have been considered in management's growth plan. Inadequate knowledge of market conditions or customer preferences is a key growth risk. Many organizations have seen their growth strategies go awry because they misevaluated market potential. Analyzing competitor strengths and weaknesses and understanding market entry barriers are also part of a go-to-market strategy. In addition, the perceived poor quality of an organization's existing products can become an obstacle to the acceptance of new products. Lastly, management must consider its pricing strategy--whether to offer new products and services at premium prices or at competitive rates.
IS THE GROWTH PLAN CHALLENGING, YET ACHIEVABLE? Growth strategies need to inspire people to achieve organizational goals. People are often motivated when they lead and participate in ventures such as launching products and entering new markets, but this enthusiasm can turn into cynicism and declining morale if the growth targets are overly optimistic and not achievable. The growth strategy needs to be well thought out and based on a solid understanding of market requirements, prudent assumptions, and reasonable expectations to avoid these pitfalls and discourage unethical practices to make the numbers. Moreover, the strategy must be articulated and communicated throughout the organization to ensure understanding and consistent performance.
Sometimes an organization's weaknesses lie in the way in which financial projections are developed and plans and budgets are negotiated internally. These risks are particularly applicable when organizations have multiple business units that are managed as separate silos. Budgetary considerations that are impacted by internal politics can lead to turf wars and unrealistic budgets that are not in the organization's best interests.
Organizations also should consider suitable means of financing their growth initiatives. Internal funding can adversely affect an organization's cash flow and may not be viable for companies that need to make large capital investments that cannot be generated in-house. External sources of funding can introduce the risk of needing to manage to external stakeholders' expectations of earnings growth and returns.
IS THE COMPANY ORGANIZED TO ACHIEVE AND SUSTAIN GROWTH? A rapid growth strategy often necessitates the addition of employees at a rate that outpaces the capacity of the organization's training resources. This fast buildup can leave the organization with poorly trained staff who are not well versed in its policies, procedures, ethical values, products, and customers, thereby undermining the execution of growth plans. Companies also respond to growth by making internal organizational and process-level changes that move employees out of their comfort zones, such as creating new business units, product lines, and quality control procedures, or dismantling functional silos.
Creation of a technology infrastructure that is scalable to the needs of the growing business presents risks in terms of security and integration with existing systems. Organizations that plan to enhance e-business capabilities are essentially providing a gateway for customers and suppliers to log into their systems to place or collect orders and check delivery status, which exposes the organization to security risks that could compromise sensitive information. Additionally, technologies such as customer relationship management or enterprise resource planning software require careful planning to ensure they are seamlessly integrated with existing applications and infrastructure.
Growth can also have an impact on organizational hierarchy and decision-making. High-growth companies that are entering new markets or tapping new customer segments will need to be more agile compared to stable, low-growth businesses that sell their existing products to an established customer base. Being agile often requires decentralized decision-making and empowered frontline staff who can respond quickly to changing customer needs. However, this flexibility must be balanced with the risk of diluting controls in the absence of a structured review and approval process.
CONTROL CONSIDERATIONS
As the business risk landscape evolves, internal audit groups should evaluate the risks and challenges that growth creates. Some of the control and monitoring practices implemented by management that auditors should review include:
UNDERSTANDING MARKET DEMANDS Internal auditors should assess the quality of the market research studies conducted and relied upon by management and the credibility of the research agencies, their methods, and the reasonableness of their conclusions. Auditors can discuss with management whether proposed marketing actions are aligned with the market research conclusions. Also, they can look for evidence of dialogue with existing customers about the company's product and service quality and test marketing of new products to focus groups. Auditors should ensure appropriate changes have been made based on consumer feedback.
GROWTH PLANNING Auditors should assess whether a clearly articulated growth strategy has been created by management after thorough deliberations of all factors, including assumptions, key risks, and potential mitigating measures. They also should assess whether input was received from other managers who have a stake in the growth strategy so that there is buy-in at all levels of the organization.
Growth planning should consider various financing alternatives before selection of a suitable funding plan. Auditors should evaluate whether board approval was sought after members had held assiduous discussions and had questioned management's assumptions. They should also determine whether alternative plans have been considered. Additionally, auditors need to review the adequacy and quality of communications to employees about specific goals and targets and the roles they are expected to play. Finally, auditors should evaluate the establishment of periodic monitoring reviews by management to assess the achievement of milestones and make course corrections.
ORGANIZING FOR GROWTH It is essential for auditors to assess the organizational structure and its appropriateness to facilitate the achievement of growth objectives. Auditors should review the establishment of a secure and scalable technology infrastructure. They should determine whether there are procedures in place to scale up resources and staffing and provide adequate training. There should also be procedures to ensure product quality. Moreover, mechanisms are needed for handling customer inquiries, post-sales servicing, and complaint resolution. Auditors should also assess the quality and adequacy of the flow of information and communication between top management and front-line staff to provide sufficient monitoring oversight and feedback.
A ROLE IN GROWTH PLANS
Internal auditors have a key role to play in helping their organization manage growth risks. To perform this role, CAEs should build a multidisciplinary team and consider involving experienced line managers as guest auditors to enhance the practical business perspective of audits. A good starting place for CAEs is to recommend that management and the audit committee include an assessment of growth risks and controls in the annual internal audit plan. Moreover, internal auditors need to be involved at all stages--when growth plans are being discussed, implemented, and monitored--so that they can provide objective and timely feedback that can enhance the chances of success.
UDAY GULVADI, CIA, CPA, CISA, CA (India), is director, internal audit and risk management services, with Eisner LLP in New York.
To comment on this article, e-mail the author at uday.gulvadi@theiia.org.
To share emerging risk issues and best practices from your own audit experiences, or to request coverage of a particular risk, e-mail jamesroth@audittrends.com.
EDITED BY JAMES ROTH AND DONALD ESPERSEN
COPYRIGHT 2008 Institute of Internal Auditors, Inc.
COPYRIGHT 2008 Gale, Cengage Learning
1 comment:
nice blog many many thanks to writer
www.ausriskservices.com.au have close to 20 years experience in designing safety management systems. We offer safety systems that identify and seek to remedy safety, environment, and health risks in the workplace.
Post a Comment