by Peter Holtmann
Last weekend I was finishing next year’s financial business and finance plans with associated balanced scorecard maps when I realized that this topic had some relevance to readers of this column. As I moved through the business plan and started to associate key action items to timings and groups I worked through the theory of how to demonstrate the achievement of business practices to RABQSA’s board of directors, team, and our customers.
Yes, we create an annual business report that gives some highlights of the year but how do we use these yearly achievements to plan for the next three to five years? More important, would we—or could we—demonstrate this process to an external auditor? This was the spark I needed to sit down and relate some of our real-world planning to business improvement auditing.
First, let’s get the definition of business improvement auditing on the table. For our certifications, our definition is an evaluation of the design, development, and delivery of an organization’s business plan, finance plan, risk management plan, human resources practices, and application of continuous improvement tools such as Six Sigma, lean, and balanced scorecard.
The outcomes of such an audit will provide an organization with a benchmarking point and allow it to identify areas for improvement. Some of these topics are covered in ISO 19011:2011, which I have detailed in previous articles. When writing these documents for RABQSA, I challenged myself on what we were presenting as a business and what type of professional I would accept as an external evaluator of my business plans.
First and foremost, the professional would need to have some real-world experience of creating, implementing, and reporting on business plans. This is a qualification-based requirement because theory must be backed up by application. The professional I would seek would have had experience reporting to a board of directors and key stakeholders and be trained and skilled in strategic thinking.
The auditor would be required to spend time with my board of directors and key executives to get a feel for the organization, how we share information, who makes decisions, how business planning is decided, and where the business is focused. This professional would need to demonstrate some very high-level personal attributes for leadership, decision making, principles, and conceptual focus and confidence.
Our business plan is similar to most other plans and templates on the market. What changes year to year is the amount of content delivered through the document. The goal is always to reduce written content in favor of graphical, tabulated, or diagrammed representations of purpose and goals. The plan should accommodate sufficient information for a new board director to interpret and concise enough to allow an executive to enact strategy. When searching for a professional auditor, I would seek someone who could critically appraise these attributes and evaluate their quality and quantity.
Strategic plans are increasingly popular. RABQSA has a three-year vision document that’s reviewed and updated every year at our annual general meeting. The document sets the tone for our business and is designed to show the board and CEO commitment through strategy, executives and managers implementation of the strategy, and measurements of success through high-level key performance indicators (KPIs).
I would expect an auditor of this document to seek information from my team and my board to demonstrate that the market is receptive to its vision. Customer feedback, competitor analysis, capability statements, and financial feasibility tests would all be good places to find this validation.
Financial plans are the “tell” of any organization and its CEO. The level of commitment to growth and the adequate allocation of resources to ensure financial liquidity and appropriate business continuity/contingency needs to be clear and demonstrable. Experience in reading and analyzing financial data is essential here. Gross-margin analysis, net-profit percentage, labor-efficiency ratio, return on investment (ROI), and metrics for product development are a few data points that the auditor should be familiar with.
A working knowledge of for-profit, nonprofit, and charity organizations is a prerequisite for any auditor who performs business improvement audits. The very nature of for-profit and nonprofits can mean the difference in accrual vs. cash accounting and profit and nonprofit activities.
RABQSA documents its tax status and key activities in each country it operates in. An auditor evaluating these activities should be able to make a conclusion regarding compliance with tax requirements. This doesn’t mean that he or she needs to complete a full financial audit but I would expect the auditor to at least read the audited financials from previous years, identify previous auditors’ findings, and extrapolate them for the future.
Risk management is always an interesting avenue for any business. In my experience, less than 10 percent of businesses have implemented any form of risk management. However, ISO 19011 calls for not only the audit team to have a risk management plan but to assess the company’s plan.
There are many ways a company might assess and mitigate risk. Business continuity, organizational resilience, counterterrorism, recall and crisis planning, anti-money laundering procedures are a few examples of it. Being intimate in these practices may be desirable in an auditor but not realistic or affordable.
RABQSA assesses risk based on strategic and operational risk and prepares plans based on impact. I would expect any auditor evaluating this approach to have some training in risk analysis. The auditor may review any corrective action data, external audit reports, customer feedback, and internal audit reports or perform a strengths-weaknesses-opportunities-threats analysis. With these data the auditor could build a detailed picture of business pressures and confidently address the validity of the approach.
Human resources practices assume that industrial relations, workplace employment law, equal opportunity, and antidiscrimination requirements are assessed. These are very specialized practices and may span more than one department or subsidiary of a larger organization. For example, I administer employment practices in two countries and must be knowledgeable in at least two others.
I would expect any professional interpreting my human resources practices to examine organizational structure, reporting and responsibilities, professional development, employee engagement data, and training budgets to evaluate how RABQSA treats its employees.
Customer and corporate charters, culture statements, and subsequent mappings are key to understanding the CEO’s vision of an organization and how its staff works to achieve it. I have discrete budgets and initiatives in my business and finance plans set aside for staff development, culture, and analysis of work place health.
Although there are many approaches and philosophies for continual improvement, I use a hybridized version of balanced scorecard to carry strategy into initiative at management and group levels and then to task responsibility and reporting. We also conduct monthly progress reports of all initiatives; projects—new or existing—must map to a business strategy and be prioritized.
Assessing the right technique for the business is tricky. Having training, education, and experience in continual improvement techniques is vital for an auditor. When hiring a professional auditor, I don’t want a generalist; rather, I’m looking for someone with discreet knowledge and skills in the application of my choice. For me, that’s balanced scorecard. I would expect the auditor to interview staff from all levels of the organization to ensure that the balanced scorecard is used at all levels and that there is clarity of purpose within the business. Testing of vision, mission, and culture statements and any key messages would be another way.
In conclusion, the auditor may reference a particular governance framework, association guideline, or industry benchmark. In my case, there are a number of association and nonprofit frameworks and guides to equate RABQSA’s business. Choice of framework is a governance matter and the organization’s board should spend time understanding its choices.
The findings of business improvement auditing should identify the framework, pathway being followed, progress to goals, and areas for improvement or further analysis. The auditor should draw upon his or her experience to identify common practices, best practices, and topics for further discussion at the executive level.
Note that not all audits are conducted against a standard such as ISO 9001 and may be an adjunct to on-site compliance activities so there may be no need to be concerned with crossing the auditor-consultant line. The caveat with this is to be sure that the parameters are understood and agreed to before an audit, reiterated at the opening meeting, and summarized at the closing meeting.
This may not be the definitive version of audit practices and techniques when considering business improvement auditing but it may assist you when working with business executives like me and the expectations they may have when entering a continuous improvement audit.
About the author
Peter Holtmann is president and CEO of RABQSA International Inc. and has more than 10 years of experience in the service and manufacturing industries. He received his bachelor’s degree in chemistry from the University of Western Sydney in Australia and has worked in industrial chemicals, surface products, environmental testing, pharmaceutical, and nutritional products. Holtmann has served on various international committees for the National Food Processors Association in the United States and on the Safe Quality Foods auditor certification review board.