Independent studies have shown
most small- and medium-size
enterprises do not devote enough
time to the planning process. Time
constraints, lack of training, and
personnel resources may drive this
lack of planning. Planning, in any
form, is a way to ensure continued
organization performance. Not
planning is simply giving up, passing up opportunities to govern and
control your own future.
The three top planning omissions are fraud and internal control
systems, disaster and business recovery planning, and succession and manpower planning. Fraud, according to the 2010
annual report of the Association of Certified Fraud Examiners,
costs businesses an average of $160,000 for each occurrence.
One only needs to read the business trades to see how many
organizations failed after the passing of their founder, due to
lack of continuity planning.
While each enterprise is unique, the planning process is
similar. It’s scaling the process that makes each organization
different. The technology exists for assisting with this process.
There are software programs that enable organizations to automate and streamline the risk management process to save time,
money, and resources associated with ongoing compliance.
With this, businesses can consistently identify compliance gaps,
help justify risk acceptance, prioritize remediation, and react quickly to evolving regulations and overlapping compliance standards.
Risk analytics help you prioritize enterprise-wide risk issues. Reports and dashboards turn information into intelligence, allowing
you to take action before a compliance breach occurs.
Fraud and internal control systems are standardized, which
means you can get the framework for each business unit and
customize for different circumstances. If you have a business unit
that does not take cash or credit cards in payment, then you don’t
need as robust a set of controls for cash as you would in a retail
business unit. But since every organization has assets and liabilities, the universal framework is applicable to everyone.
The framework for fraud and internal controls is spelled out
by the Committee of Sponsoring Organizations (COSO), which
is a collection of the major accounting groups in the U.S. This
framework has been around for almost 30 years, and was recently
updated to reflect changes that have occurred over that time.
The AICPA released a white paper on this subject, which is fairly
comprehensive, and easy to follow. Plus, there are several inex-
pensive software packages that will aid in designing and installing
internal controls into any type of organization. BWise has one
package that is both comprehensive and affordable.
There is a similar framework for business and disaster plan-
ning. Many government websites have basic outlines available
to help individuals and companies get started with this process.
The basic framework exists, but the probability of different
disaster types—earthquakes or hurricanes— changes.
Ultimately, you can customize the procedure to meet the
circumstances for your organization. Virtual Corporation has
a product called Sustainable Planner, which lays out a step-by-step process for developing a plan. SunGard also has a downloadable planner that can get companies started on the right
track to business continuity.
Succession and manpower planning also lend themselves to
a technological solution. First, designate the skillset you need
to make any position successful. Then review all your people to
see who may possess these particular skills. This tells you if you
have someone inside or you need to recruit outside.
You can weigh different attributes, depending upon the
requirements of the position. For example, you may want your
head of sales to be more of a people person than your IT manager. Manpower and succession planning don’t have as many
tools choices, but there are some available. One of the better
outlines is from Workforce.com. It is free to download. It will
walk you through the process of choosing the right successor.
Taking the time to focus on the planning process allows
everyone to think strategically. Smaller organizations spend
an inordinate amount of time with the tactical and not enough
with the big picture. Ultimately, the vision of where you want
the organization to go is why planning is so important.
Remember the old adage: Failing to plan is planning to fail.
Don’t abdicate your future because you’re too busy dealing with
the present. There are ways to find planning time. Start the process, and see where it takes you. Moving toward a shared vision
will engage and energize your leadership team. ITA
(Oscar S. Lewis serves as a financial analyst with Salient
Failing to Plan Is Your Biggest Risk
Insurers need better awareness of the need to deal with fraud, disaster
recovery, and a formal succession plan.
By Oscar Lewis