Good Cop/Bad Cop
Posted on March 31st, 2010 by Julie »Permalink
“I never had a policy; I have just tried to do my very best each and every day.” – Abraham Lincoln
No offense to a great leader, but I bet he’d have driven his shared service center nuts! Having just returned from the 14th Annual North American Shared Services and Outsourcing conference in Orlando, Florida, I have more sympathy for the shared service center’s (SSC) position as the “policy police.” Their mission is to provide outstanding customer service in accordance with corporate policies and standard procedures. In our made-to-order, I’ll-do-it-my-way society, however, everyone thinks his or her personal circumstance is unique and deserving of special treatment. When policies and procedures aren’t followed, the SSC must spend time to either understand why this particular circumstance is exceptional or enforce the policy by demanding corrective action. Either way, there are delays and associated costs that impact a SSC’s ability to meet agreed-upon service levels, which are the yardsticks by which a shared service center is measured and ultimately rewarded.
Some SSCs have attempted offensive maneuvers, such as developing and delivering training programs on the location and proper use of documented policies and procedures. Some have resorted to defensive, strong-arm tactics, where penalties are calculated and levied against business units as non-compliance punishment.
None of these tactics win the shared service center many friends and they do little to increase policy compliance. A better approach would be to build policy compliance right into automated processes…and toss exception justification duties back onto the business units. For example, let’s say the policy is that all expenses over $1,000 require two levels of approval. An astute processing clerk in the shared services center notices that employees seem to be bypassing this policy by submitting multiple expense reports for a single purchase in order to stay below the $1,000 threshold. To alleviate the burden of calling employees, accusing them of wrongdoing, and demanding justification (or ignoring violations altogether – possibly enabling fraud — just to avoid the unpleasantness!), a continuous controls monitoring (CCM) application could be used to detect these types of policy circumventions and automatically send notices to offenders to either justify or take corrective action. Their justifications or corrective actions then become part of the historical audit trail. Additional notifications of policy non-compliance sent to multiple managerial levels ought to further entice rogue employees onto the straight and narrow. In this way, the burden and latencies associated with policy non-compliance are pushed back into the business units and out of the Shared Services realm.
Just another new twist on the value of continuous controls monitoring.
