No Policies. 981



  • So, one of my clients has a CEO who does not want policies to be in place… She wants everyone to be empowered, have autonomy so that their creativity and productivity is high… All this is good and well but we need to put controls in place with processes and policies at this day and age if you want to be SOX compliant and/or in compliance…
    Any suggestions or advise on how to have this balancing act and get controls in place while leaving this environment at this infant stage???
    Ah, the joy of being in auditing and compliance.



  • This is a real problem, as C level executives don’t want to understand that these years trust and judgement is being replaced by process.
    So, she does not want policies to be in place… She wants everyone to be empowered, have autonomy so that their creativity and productivity is high…
    It is a policy. She must document it, tell people to document what makes them feel creative and productive, put some preventive and detective controls in place…
    A meeting with the external auditors will help. Definitely, it is not the perfect situation to be involved…



  • She wants everyone to be empowered, have autonomy so that their creativity and productivity is high…
    Where did this CEO get the idea that establishing controls would disempower employees, take away autonomy, kill creativity, or reduce productivity?
    I’m willing to bet the company has some exsiting controls already in place that have not been documented. These are probably informal. Formalizing the controls by documenting them doesn’t necessarily mean that the culture of the company has to change drastically. They may need to make some adjustments to ensure they can prove that controls are operating effectively.
    What is her approach to risk management? Does she think she has no vulnerabilities?



  • I agree with you all… I think she views guidelines, procedures and policies as restrictions that will stiffle the Engineers and other people who are so used to doing whatever they want - free range, if you will - around here…
    At some point, she has to think about risks and how to mitigate them and establishing/documenting controls one would think.
    They have gone through a SOX effort and a result of SOX, the auditors are saying we should have policies in place to address things like Security Policy, Password Policy, etc… Now she said she doesn’t want policies…
    Ah, the fun goes on…



  • Now she said she doesn’t want policies…

    Perhaps the CEO should seek employment at a private company.
    I’m not aware of any company that was able to skip by without any policies/procedures or some kind of documenation of the controls in place. Ask her how she looks in an orange jumpsuit?
    CFOs ‘get’ the importance of it. Does the CFO have any pull with the CEO?



  • I agree… The CFO understands this…The CIO understands it…They have to deal with the CEO who just doesn’t get it yet.
    I don’t know how much pull the CFO has but the CIO is constantly battling with her. I mean, the woman just doesn’t like words like ‘business processes’…‘policies’… -and-lt;sigh-and-gt;… …



  • There are other words or sentences she will like more, like:
    ‘Failure to comply with Sarbanes-Oxley exposes senior management to possible prison time (up to 20 years), significant penalties (as much as USD5 million), or both’
    ‘External Auditors will not sign their attestation’
    ‘SEC investigation’

    ‘A minor problem may become a major issue’
    ‘Problems with investors, lenders and customers’
    ‘Brand problems - confidence will be weakened, affecting stock price’



  • There are other words or sentences she will like more, like:
    ‘Failure to comply with Sarbanes-Oxley exposes senior management to possible prison time (up to 20 years), significant penalties (as much as USD5 million), or both’
    ‘External Auditors will not sign their attestation’
    ‘SEC investigation’

    ‘A minor problem may become a major issue’
    ‘Problems with investors, lenders and customers’
    ‘Brand problems - confidence will be weakened, affecting stock price’
    Sometimes you just have to tell it to these people like it is :lol:



  • Thank you for your GREAT responses. I laughed out loud reading your comments. I knew I can count on this forum to provide such support.
    Warmest regards,
    SG


Log in to reply