A Breath of Cool Alaska Air

Why Sarah Palin is a Brilliant GOP Choice

Sarah Palin addressing the Republican National Convention. Picture Source

Regardless of your political views, you cannot deny that Alaska Governor Sarah Palin is a breath of fresh air to the GOP party. In my view, this is the most brilliant move the GOP party has made to date in this Presidential campaign, and offers up a great analogy to avoiding a common mistake I see when dealing with compliance issues.

Sarah Who?

When John McCain first announced his intentions of choosing Sarah Palin as his running mate, my reaction was, “Sarah who?” Talk about a choice out of left field! Who is Sarah Palin? And when I received the answer, I was even more puzzled. You mean to tell me that a 44-year old Governor, who used to be the Mayor of a small town in Alaska, with no White House experience, is going to run as John McCain’s right-hand woman, for the two highest seats in the Nation?

So at first, I thought this was just a GOP stunt to offset the overwhelming popularity of Barack Obama and the success the Democratic Party has seen recently in the polls. Again, regardless of political views, you have to admit that the Democrats are running a very good campaign, in spite of the fact that Obama had to survive a blood-thirsty battle for the nomination by Bonnie and Clyde Clinton. Many political pundits were touting that regardless of who emerged from the Democratic gunfight, McCain would be in a good position to defeat the weary warrior who emerged “victorious.”

Not so, mon frère, not so!

Once Obama took out Hillary, he went right to work on McCain. Hammering on his platform for change, staying cool under pressure but powerful in his message, Obama has been systematically disassembling the GOP’s chances of another 4 year term. This has culminated in his Democratic nomination acceptance speech, which – admit it – delivered yet another devastating blow to the Republican Party.

So the GOP decides that a relatively unknown, gun-toting, mother of five is the best candidate as a running mate? This looked like a futile Hail Mary attempt to me that was both transparent and insulting to the intelligence of the American public.

And then she addressed America in that remarkable speech, and suddenly the fog lifted. The genius of this strategy unfolded for me, and my whole perspective changed.

Sarah Palin is Her Name, and She’s Coming to the Rescue

Hail Mary? Absolutely. But Futile? No Way.

Lest we forget how many times Joe Montana and the 49’ers were down with only seconds left in the game and over half of the field to cover? Personally I’m a Raider fan, but you cannot deny the thrill of watching Joe and Jerry pull off that Hail Mary to win the game!

In one speech, Palin clearly demonstrated that this is not going to be an easy fight for the Democrats. She brings a fresh cool breeze from Alaska with her that invigorates the Republican campaign. She connected immediately the American public, addressed her critics head on, artfully pierced the Democratic Party’s armor, and made us all laugh and cheer in the process.

Don’t get me wrong. I’m not saying I think the Republicans will win now, nor do I think they will lose. I respect Obama’s responses to the Palin speech, stating that his opponent is not Sarah Palin – it’s John McCain, and reiterating that in the end this race is about correcting the state of America and not dwelling on John McCain’s illustrious military past. Add to that –I was less than impressed with John McCain’s acceptance speech at the Republican National Convention.

The Brilliance Behind the Selection

The point is that there is real brilliance in the GOP strategy of selecting Sarah Palin to run with John McCain. Palin complements McCain. Where McCain is old and stuffy, she’s young and energetic. She brings a whole new dimension to the race with her bulldog attitude and her willingness to face her critics head on about her family issues and lack of experience. Contrast this decision with the GOP deciding to put McCain with, as Paris Hilton puts it, another “old white dude.”

That would be like trying to solve compliance problems with more accountants and lawyers. You’ve heard me say this before, and this perfectly exemplifies what I’ve been talking about. You need to understand how to frame compliance problems properly if you’re going to solve them.

Like most other things, compliance has two components; content and process. The content of compliance involves understanding regulations, guidance, and the nuances of the law, contract, or procedure that you are trying to comply with. This is where content experts like accounts and lawyers really come in handy.

However, the process side of compliance involves understanding how to install a compliance program into your company and get it right. It is understanding the principles of effective process construction, process improvement, and project management for compliance. It’s understanding effective underlying frameworks that apply to any compliance situation, and understanding how to realize them for your organization. This has nothing to do with law, accounting, or anything else related to regulations or procedure.

The mistake people make, is blurring the distinction between the two, and assuming that content experts can handle process problems. When Sun Microsystems called me to help them with their GSA contract issues, I had no idea what was in their GSA contract, nor did I care because it doesn’t matter. What mattered was that I could organize a team, and execute on deliverables that fortified their compliance program. In the meantime, I made some new friends and learned a little bit about how the GSA works, but that’s all incidental to my ability to add value to the situation.

How Will It End?

I really don’t know how this Presidential race is going to turn out. I didn’t like the Republican Party’s chances at first, but they made an extremely intelligent move with Sarah Palin because she’s not another John McCain and she’s not another George W. Bush. What kind of decisions are you making about your compliance program?

Out-Of-Control Internal Controls

Is COSO’s Monitoring Guidance Really Necessary?

I recently sat through a presentation that Trent gave, as he shed some light on what has been considered a serious gap in compliance that has been observed, now that SOX audits are moving their way through Corporate America. It seems like common sense to me, and I write about this now and then, but apparently it’s a bigger issue than you might expect. But do we really need guidance in this area?

What is Internal Control Monitoring?

COSO's Monitoring Design & Implementation Progression. Taken from the COSO Monitoring Guidance Executive Summary. Click Here to Download ( PDF )

In a nutshell, control monitoring is the activity of making sure your internal controls are effective and staying that way. For example, let’s say you have identified employee theft as a key risk at your company, because a large amount of purchases are done with cash. To control for this, you decide to implement a rigorous separation of duties control structure that looks like a cross between the McDonalds drive-thru and the check-out process at Costco. Customers pay their money to one person, and get their goods from a different person. Additionally, a third group of people wait at the exits to make sure that you are carrying out what you’ve purchased. Control monitoring in this case, would be the process of making sure your separation of duties control is working properly. It’s quality control – on the control. This could be done with a combination of on-going activities, and separate evaluations.

Gazzaway advocates that if you do a proper job of monitoring the control, then the control itself doesn’t need to be re-tested by management and auditors for the sake of attestation ( as in SOX 404 compliance ). Instead, both parties ( management and auditors ) should be able to leverage the work done by the control monitoring activities. The bottom line for you is less cost for your compliance efforts, both internally and externally.

Is Guidance Really Needed?

I think the guidance is okay, but the best it will do is raise awareness and give you some pointers in the right direction. I mean – let’s be real. This isn’t the first, nor will it be the last piece of guidance on how to get and keep compliance under control. Plus, the guidance is only a small part of the equation – the implementation is the key, and there’ no way this document is going to get you all the way to a functional control monitoring system.
The creation of a document like this is like creating a turnkey piece of software that is minimally configurable, and touts silver bullet capabilities. Once installed, software like this will give you some good ideas, and be about 10% effective – covering only the simplest and most commonplace functions of your company.

This happens because your company is unique – it runs like no other company in the world. You have a unique set of processes, and circumstances that you need to deal with. When I first started consulting, I thought the company I was working for was making things difficult for itself by insisting on baking its own style of bread. Over the years, after having the benefit if visiting a number of organizations, I’ve realized that every company bakes its own style of bread. It’s what gives you a competitive edge.

So, although I admire the efforts of the Treadway Commission to make things clearer for us, the reality is that control monitoring is neither complicated nor something that can be generally applied to all companies. If I ran a 2-3 day workshop at your company, we could figure out the same thing the Treadway Commission took a year to figure out, and it would be directly applicable to your unique situation.

The Real Issue and Solution

My key insight into this area is this. Internal control monitoring is more about corporate discipline, and less about good ideas. Get your priorities straight, get serious, get organized, and then just get it done.

Parlez Vous IT?

Inside the Role of the Business Analyst

What I mean is, when you need to communicate your business requirements to IT, who is responsible for making this happen? In most of the organizations that I’ve worked in, this person is called a “Business Analyst.” But what exactly qualifies a person to be a business analyst?

What Exactly Is a Business Analyst?

Like a lot of job titles I see materialize in companies, the answer to me is a little concerning. Both the definition and the qualifications are somewhat vague and ethereal. In some companies I’ve worked with, business analysts are just people that collect and document high level requirements. They have absolutely zero technical skill, and are more like documentation specialists. In other companies I’ve worked with, business analysts design solutions and architecture that the IT professionals will build. They are highly technical, and responsible for not only collecting requirements, but also building solutions, and translating them to a point where IT developers can do the grunt work.

Regardless of what they’re called, the bottom line is that somebody needs to take your compliance requirements, and translate them into something that IT can build. For some reason companies don’t take this as seriously as they should, and this lack of awareness becomes a stealthy saboteur that can seriously damage your chances of success on any compliance program or project. We’re going to fix that in this article.

In my travels, I’ve come across three types of business analysts:

The Empty Analyst

The Empty Analyst has no business skills, and no technical skills. They shouldn’t even hold the title of Business Analyst, and it’s in the company’s best interest to reassign this person to something more suited to their real skills. The company usually has no idea what a business analyst should do, and neither does the employee. So the job becomes a functionless and amorphous placeholder for people that want a change of pace. These are totally non-productive people, and if your technical people cannot pick up the slack, you probably have very frustrated business users that cannot get anything out of IT. The only thing I’ve seen worse than an Empty Analyst is an Empty Analyst Manager. I’m not kidding, they exist!

Dilbert, August 17, 2008. Source

 

The Interested Analyst

The interested analyst is the most common type of analyst I see. These are people who have adopted business analysis as a second language of sorts. They understand a little bit about their end users ( i.e. compliance ), and they have a few technical skills. They probably have a rough understanding of how compliance works, but you wouldn’t want them designing a compliance process. They probably know a little SQL ( a common database language ), but you wouldn’t want them designing an intelligence system ( i.e. compliance data system ). The company feels like they have a pretty good job description put in place for their business analysts, and the analysts themselves feel pretty good about their role, and feel like they are actually contributing in a positive way.

Here’s the issue. Remember the “Telephone Game” you used to play in grade school? This is the game where you sit in a circle, and you start with somebody whispering a phrase to the person sitting directly to their left or right. They only have one shot to communicate to their partner – nothing can be repeated or clarified. This goes around in a circle until it gets back to the originator of the phrase. The original person then states out loud what the “new” message is, after it has passed around the circle. What makes this game fun is that the original message never holds its composure, and in the end you usually end up with something completely off base.

This is what happens when the Interested Analyst attempts to build business requirements. They will interview your business end users, and only get a portion of the real requirement correct – for simplicity sake let’s say 50%. Then, they will attempt to build documents for IT. Since they’re only fractionally technical, the communication to IT will be a fraction of what technical people need to know – again, let’s say 50%. In the end, IT is building a solution that is at best 25% of what the users want. Add to that a project management team that insists on a waterfall approach and you have a disaster waiting to happen.

The Expert Analyst

The Expert Analyst is the only one who will get you to the Promised Land. The Expert Analyst understands both the business and IT extremely well. They are qualified to design a compliance process, argue the merits of an intended solution with the internal auditors, architect and build a compliance data system, and address external auditors on all levels.

The Expert Analyst understands that business analysis is an industry, and seeks to understand the body of knowledge that encompasses it. They study things like effective process design, stakeholder negotiation, and project team integration.

For obvious reasons, these are the kinds of business analysts you want at your company. With business analysts like this, you really don’t need business people or IT people, just a group of great people that can get the job done. This is the foundation for what I call a Finance Systems Group. You don’t have to go this far however, to get the benefit of having Expert Analysts at your disposal.

So, Where Are These Super-Human Analysts?

You may be saying to yourself, “That’s all fine, however where do I find people like this?” Actually, it’s not as hard as you might think. The key is to find people that are motivated to grow in this direction, and then cultivate them with training, education and practice. It won’t happen overnight, but it won’t take forever either. Start by finding good technical people and / or good compliance analysts with a desire to develop into something greater. Then, whether it’s me or not, solicit the help of a good coach that can develop the skills necessary to complement the skills they already have.

This approach may seem a little costly and time consuming, but what’s your current cost of retaining your Empty and Interested Analysts?

List Broker Brokers Great Deal

InfoGroup’s CEO Found Guilty, But Where’s the Penalty?

Vinod Gupta and Former President Bill Clinton. Picture Source

Very carefully!

Not too many people can claim this distinguished accomplishment, however it seems like Vinod Gupta, ex-CEO of InfoGroup has pulled it off!

InfoGroup, better known for its InfoUSA and SalesGenie service trademarks, was founded in 1972, and was predominantly headed by Gupta up until recently. Gupta agreed to resign late last month, in response to a lawsuit filed by its shareholders to the SEC. Apparently InfoGroup’s shareholders weren’t that thrilled about the fact that Gupta was spending millions of the company’s money hobnobbing around with the Clintons. According to an Associated Press report, Gupta …

“… had spent nearly $900,000 since 2001 flying the Clintons to domestic and international locations and political events. Gupta has been a major donor to Democrats and gave at least $1 million to Bill Clinton's presidential library in Arkansas. Gupta also took part in a fundraiser for Hillary Clinton in Manhattan in June 2007.”

According to the report, in addition to stepping down from the CEO spot ( although he will still hold a director spot on the board ), Gupta will pay $9 Million back to the company over the next five years.

But here’s the interesting part. Gupta will be paid $10 Million as part of his severance agreement! So by my math, that means Gupta is a cool $1 Million ahead of the game, and still gets to direct things from a board seat.

This is the byproduct of a shareholder lawsuit?

Hat’s off to Vinod Guta. I want to meet the lawyer who negotiated this deal!

Above All, There's Courage

Attitude Trumps Ability

This kitten has the right attitude!

Rottweiler plays with Kitten - Watch more free videos

View video at http://tinyurl.com/6kkled

Meeting your goals involves only a small set of fundamentals, of which courage is the least found, and most important.

Updates, and More Free Stuff!

New Articles Published on John Weathington's Quest for Compliance

John Weathington was invited by Quest Software, to be an expert blogger on the topic of compliance. Here you'll find a discussion for DBA's, database developers, and IT management on compliance concerns, observations, issues, and solutions, based on the consulting work of John Weathington. Click here to visit the blog site at Quest Software. Below are links to the individual topics.