You are currently browsing the tag archive for the ‘Operational Intelligence’ tag.

In some parts of the world, bribing government officials is still considered a normal cost of doing business. Elsewhere there has been a growing trend over the past 40 years to make it illegal for a corporation to pay bribes. In the United States, Congress passed the Foreign Corrupt Practices Act (FCPA) in 1977 in the wake of a succession of revelations of companies paying off government officials to secure arms deals or favorable tax treatment. More recently other governments have implemented anticorruption statutes. The U.K., for instance, enacted the strict Bribery Act in 2010 to replace increasingly ineffective statutes dating back to 1879. The purpose of these actions is to enable ethical and law-abiding companies to compete on a level playing field with those that are neither. A cynic might wonder about the real, functional difference between, say, Wal-Mart’s recent payments to officials in Mexico to accelerate approval of building permits and the practice in New York City of having to engage expediters to ensure timely sign-offs on construction approval documents. No matter – the latter is legal (it’s a domestic issue, after all) while the former is not.

Moreover, the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have increased their oversight of bribery. At the beginning of 2013 they jointly issued the Resource Guide to the U.S. Foreign Corrupt Practices Act. For its part, the SEC has stepped up enforcement using its own resources. Recently, it charged a group of bond traders with enabling a Venezuelan finance official to embezzle millions of dollars by disguising the money as fees paid to the broker/dealer to handle apparently legitimate transactions. Tellingly, though, there was another relatively recent bribery issue that involved Morgan Stanley where the SEC declined to include that company in an enforcement action because it had demonstrated diligence to prevent it.

Before anticorruption laws, it was expedient for corporations to pay government officials to close business, get preferred status or prevent punishment. Once the laws were established, that stopped being the case. However, from a management standpoint, compliance with the law became complicated because of the dual nature of the corporation, which is both an entity and a group of individuals. In the case of the latter, when an individual breaks the law, is that person at fault, is the corporation or are both? Regardless of how a case is decided, there can be severe reputational damage to a company found violating the law, and that will have repercussions for corporate boards and executives.

This question leads to the agency dilemma, an important consideration in enterprise risk management. Economists long ago recognized the agency dilemma when the modern corporation separated the roles of its principals (that is, the shareholders) from its management. The agency issue exists where the best interests of the principals are either not aligned or in conflict with the interests of the agents (the professional managers running the corporation). But agency issues also extend to the company’s executives and may be rife in any large-scale business. Within the management group, authority to act independently is delegated down through the hierarchy, and the interests of the lower-level managers may be in conflict with those of senior executives, the board of directors and shareholders. For example, suppose that a local manager believes his performance evaluation, compensation and prospects for promotion hinge on the timely opening of a new facility. Confronted with a culture of payoffs for permits, that manager may try to find a way to pay officials for expedited consideration, especially if he is local to the area. From that individual’s perspective, corrupt activity may be the norm, and he may believe himself to be clever enough to violate company policy without detection.

It was once acceptable for a company to claim that it had a stated vr_grc_operational_risk_effectivenesspolicy prohibiting bribery and that executives were ignorant of an employee’s actions. Absent proof to the contrary, that often was enough. However, the FCPA changed this norm, imposing the need for diligence and affirmative actions on the part of companies to prevent employees from breaking the law as well as to detect and report any such violations that do occur (which is how the Wal-Mart situation came to light). Public standards, too, have changed since the 1970s. Despite its self-disclosure after the fact and the steps it took to address the corrupt behavior, Wal-Mart suffered severe reputational damage. Yet even with the likelihood potential consequences, our benchmark research reveals that just 6 percent of companies have effective controls for managing reputational risk.

We assert that the most effective control is to prevent illegal activity from taking place at all. Short of that, companies that can demonstrate that they have taken all reasonable steps to prevent a violation of the law are in a better position to claim that the individual, not the company, is at fault.

An organization should have clearly articulated and documented antibribery and corruption policies and procedures, institute mandatory training of and signed acknowledgements of having taken it by executives and managers, and put in place incentives and disciplinary measures. However, these required measures are increasingly insufficient to demonstrate diligence in preventing corrupt activities. Companies also must have a software-supported internal control system that flags suspicious activity immediately and triggers a rigorous remediation process that analyzes, investigates and documents the disposition of each incident. Incidents that are detected long after their commission are more difficult to cope with and pose much higher legal, financial and reputational risk.

vr_oi_information_sources_for_operational_intelligenceSoftware is available that helps detect activities that violate anticorruption laws and regulations as they occur or shortly thereafter; this is far more effective than waiting for internal audits or (worse still) whistleblowers to uncover malfeasance. To prevent violations of the FCPA and other antibribery statues, corporations must be able to monitor their financial and other systems for warning signs. These applications take advantage of operational intelligence, a class of analytical capabilities built on event-focused information-gathering that can uncover suspicious actions as they occur. Our research on innovating with operational intelligence shows that companies use an array of systems (led by IT systems management and major enterprise applications such as ERP and CRM) to track events, analyze them, report results and create alerts when conditions warrant them, as detailed in the related chart. The research also shows that about half (53%) use 11  or more information sources in implementing their operational intelligence efforts. In the future, effective FCPA software increasingly will need to look at a wider range of internal data as well as information from external sources and social media to determine, for example, whether a consulting company that just received a finder’s fee is run by or employs a relative of a government official. Today, companies can utilize software from large vendors such as IBMOracle and SAP, as well as vendors with FCPA-specific software such as Compliancy and Oversight Systems.

Bribery and corruption are unlikely to disappear entirely. Regardless of anyone’s best intentions, corporate boards and executives can find themselves enmeshed in a scandal not of their own devising. The best defense in such cases is plain evidence that the organization has done everything reasonable to prevent its occurrence and has discovered and dealt with it promptly if it does. Policies and training are vital components, but software can be the extra component necessary to improve the effectiveness of monitoring and auditing to support anticorruption efforts.


Robert Kugel – SVP Research

One of the community groups to which I donate my time is an organization that puts on a Concours d’Élegance – a vintage car show. Such Concours date back to seventeenth-century France, when wealthy aristocrats gathered to see who had the best carriages and most beaudacious horses. Our Concours serves as the centerpiece to a broader mission of raising money for several charities. There a many such events in the United States and elsewhere, but this one, which has been held every year since 1956, has the distinction of being the longest continuously running Concours in the United States.

A couple of years ago I started helping out on the day of the event, but soon I was in charge of registering and keeping track of the 250 or so cars that apply to be in the show. The spreadsheet-based system for keeping track of the cars was a mess, and it was the root cause of many (if not most) of the needless headaches that we were experiencing running the event. I wound up with the job because (following my own advice) I suggested that we change from spreadsheets to a real database, and I developed its design. At the same time we also changed from an all-paper registration system to an online one in order to reduce the need for volunteers to key in information from forms. This has substantially reduced errors associated with the data entry process. As a bonus, because we have all the information stored electronically, the members of the committee that selects the cars to appear now use tablets to review applicants rather than passing around paper forms and photographs.

The new system has streamlined many of our basic processes and cut down on errors, but it has not been without challenges. One is that owners of older cars tend to be older themselves, and some have limited or no experience using computers, and little or no interest in learning how to deal with email and the Internet. Even though we offer the option of filling out a paper entry form and attaching photographic prints, our notifications go out by email and the payment process is handled online. Like many businesses, we have had to determine how best to work with members of the public (car owners in our case) who find our process an exasperating headache.

Managing the registration process also provides ongoing confirmation of the research that my colleagues and I perform on using information technology in business. To be sure, the issues I confront are trivial in comparison to those of a larger organization and very different in scope. Yet I can see the connection between shortcomings in process design or software capabilities and some problems that develop on the day of the event. Here are some the lessons I have learned over the past two years, all of which reinforce the best practices Ventana Research advocates.

The quality of your IT department is a key factor in business success. Our research finds that companies with a competent IT staff get better results from IT than those that have mediocre or worse talent. In our Concours we found that to be true. To bring the registration online, we worked with a company that has an online scheduling service. The owner of the business is a Concours volunteer and a generous supporter. He donated the cost of his employees’ time, and we piggyback on his infrastructure. This works out well because his basic system was well suited to be modified to our very limited requirements.

The project involved creating a one-page web form that populated a couple of tables. I had defined all the fields in the tables along with their properties. We did not need the company to create and refine reports because we were linking Microsoft Access to the source tables and using it for reporting. We only needed the company to do the coding of our online form and create the underlying SQL tables.

We started developing the online registration system and database for keeping records two years ago in early November with the expectation that we would be ready for testing at the end of January. I thought this would give us plenty of time to begin accepting entries beginning in May. I figured the schedule was realistic, even though our project was a low priority for the staff because it was at most a one-week job. Unfortunately, the schedule turned out to be optimistic because the guy responsible for doing the work was incompetent. Instead of being ready in January, we went online with very limited testing in mid-June, three months late and six weeks after our announced starting date. While waiting, we had to constantly deal with owners who wanted to enter their cars. In the shortened registration process, we had to contend with a more concentrated load of questions, exceptions and errors. Despite all of the pain, I had to smile because our little project was almost a parody of the typical horror story of a major IT effort gone wrong. IT projects can fail for many reasons, but a competent, dedicated IT organization will overcome obstacles and promote business success.

Business leaders should be able to speak IT. Few business schools teach IT skills to prospective executives. Some businesses like to cross-train promising employees so that when they are promoted to senior-level positions they will have had the experience to understand most if not all of the facets of the business at an elemental level. They are in a better position to see how the issues in one part of the business affect things in others, and so are better able to deal with issues as they arise. Such experience also enables them to challenge excuses from people who are not getting the work done. In our case I can easily imagine being told the delay was the result of a change in scope, flawed software, negligent consultants – anything but the IT department staff. Line-of-business executives should know something about IT and IT department operations (or at least have someone on their staff who does). Without such knowledge, they will hear lame excuses that they don’t know enough to challenge, and have no ability to communicate clearly and quickly to overcome IT-related issues.

Bad data doubles workloads. OK, I made up that number, but I doubt it’s way off the mark. We collectively spend about half the time we spent two years ago collecting, correcting, organizing and using data about the cars and their owners. We are able to generate accurate, up-to-date reports in a matter of minutes. I fear that this lesson is often lost in corporate settings. Managers and executives often have only a limited idea of how much time is wasted in their organizations by needless and fixable issues. Good data stewardship is critical to the smooth functioning of all businesses, big and small, as I recently noted. Having good data yields a positive result: We were able to let the selection committee review the cars on tablets. This speeded up the process, and enabled members to easily jump back to compare entries and zoom in on photographs of cars and their engine compartments.

Root cause analysis and continuous improvement should be your mantra. We had many fewer issues in this our second year of operating the online system, but I still see improvements we could make to improve process efficiency and reduce the number of errors. When I find issues in our processes I try to determine their root cause. If it’s data- or technology-related, I try to figure out how to fix it. If it’s a process issue, I try to see whether an IT element might help the process along.

My major project for this coming year will be to deploy the Eclipse BIRT open source reporting tool for the Concours. We have users who need up-to-the-minute reports as we get close to the day of the event, and require write-back capability to correct database errors. I’m trying to follow our advice to use desktop spreadsheets where they are appropriate (and they are sometimes) but avoid them when they ultimately create more problems than they solve. A substantial portion of this year’s data issues started with desktop spreadsheets.

Sometimes a simple condition makes it easier to demonstrate larger principles that are at work in a more complex situation. In this case, keeping track of cars and their owners demonstrates the importance of using the right tools to efficiently achieve good data management. This example illustrates the importance of having the right people doing the job, and the importance of continually looking for root causes of business issues and finding ways to address them.


Robert Kugel – SVP Research

RSS Robert Kugel’s Analyst Perspectives at Ventana Research

  • An error has occurred; the feed is probably down. Try again later.

Twitter Updates


  • 127,122 hits
%d bloggers like this: