Straighten Up and Fly Right

A Brave Pilot Teaches Us about Low Probability Compliance

This picture was taken from the Safety Reliability Methods, Inc. website. This is the consulting firm were Captain Sullenberger practices. Picture Source

I’m proud to say the Captain Sullenberger lives only minutes from my house in Danville, California. For obvious reasons, he’s a national hero as well as a hometown icon. Shortly after the Airbus 320 left the airport, it encountered a squadron of birds that took out both engines. By all accounts this should have been a catastrophic event; however, Captain Sullenberger had the presence of mind to pull the aircraft around for a water landing in the Hudson River. As dangerous as this maneuver is, it took only moments for Captain Sullenberger to realize this was the only option.

With no engines, the plane lost power quickly. Trying to land back at La Guardia Airport was too risky. The plane was facing the wrong direction, so he would need to successfully negotiate a U-Turn, then find his way back to the airport over a densely populated area. The plane was too low and too slow to pull this off. Another option would be to land at another nearby airport, however once again that would entail gliding over a densely populated area with no power. Once again, way too risky.

So, Captain Sullenberger announced to the air traffic controllers in a calm and controlled voice, “We’re gonna be in the Hudson.” What an existential moment.

With laser-like execution Captain Sullenberger accomplished the perfect water landing in the Hudson River. He eased the plane down, keeping the nose up. As the plane glided over the Hudson waters, Captain Sullenberger took great care to keep the plane straight and steady. The landing was so smooth the two cabin members didn’t even realize they had landed in the water! Maintaining his calm and collected composure, the Captain issued a one word command to the cabin crew, “Evacuate.” Within minutes all passengers were safely arranged on the wings of the plane awaiting rescue. The Captain was diligent on his passenger count, and made several passes to ensure that everyone was safe. Then and only then, did Captain Sullenberger depart the plane.

Thanks to YouTube and the US Coast Guard, you can watch the amazing video of the landing and the first responders coming to the rescue.

This truly amazing event illustrates some important realities that we must take to heart if we are to run an efficient compliance program:

Lesson #1: Risks with unbelievably low probabilities actually do happen sometimes

I’d like to profile this risk for you. Remember, risk is uncertainty, and the uncertain event I’d like to focus on is the risk that a flock of birds will take out all your engine power. With any risk comes three important properties; probability, detectability, and impact. Detectability in this case is off the charts high: 100%. Any pilot knows when both engines are gone, so this is not an issue.

Probability however is extremely low. To illustrate how dramatically low the probability is, if we ran a Six Sigma effort on this process, and we categorized a defect as a flock of birds taking out all engine power, this would in fact be a true six sigma process. That’s because experts say the probability that a flock of birds will take out all your engine power is less than one in one million! It can take up to 3 defects per million opportunities for a process to qualify as a six sigma process.

The impact however can be catastrophic: a loss of lives. That is why the airlines take such great pains to control for this risk in spite of the extremely low probability of occurrence. You need to take this same attitude with the risks in your compliance program. All high impact risks must be addressed.

Lesson #2: There’s no substitute for training and practice

Captain Sullenberger trained his entire adult life for a situation like this. Not only has he been a pilot since the age of 14, but he was a fighter pilot in the military, and actually trains pilots on risk and crisis management. Although he had never been in this actual situation before, he had simulated scenarios like this many times, and was well trained to handle the circumstance. Talk about the right person to pilot this plane!

For all of your high impact risks, setup training and simulations to see how you would respond. Try to make the simulations as realistic as possible. Invest the time in brainstorming and improving mitigation. Even if the risk event never shows up, you’ll earn big brownie points with your auditors.

Lesson #3: Don’t beat yourself up if you do everything right and the impact still shows up

The problem with extremely low probability risk events is that you never get a chance to practice with a real situation. As I’ve said many times, reality is the best teacher. Even with the best simulations, there may be conditions in reality that have overlooked. Or perhaps the mitigation just requires you to be a little lucky.

This was certainly the case with Flight 1549. The amazingly bad luck of losing both engines was counterbalanced with amazingly good luck. Since it was only 5 minutes after takeoff, everybody was still buckled in and nobody was wondering around. Although there was a current in the Hudson, there were no large swells that would have complicated the landing. As busy as the Hudson River can get at times, at the time of this crisis it was very clear to land where the Captain needed to land; however, there were a good number of rescue boats nearby to aid the rescue once the plane had landed.

Luck always plays a big role in the outcome. Even if you do everything right, things still might not line up for you. Swallow the sour pill, and move on.

It’s no doubt that Flighit 1549 will go down in history as one of the most amazing airline happenings of our time. In the face of possible catastrophe, Captain Sullenberger pulled off an amazing feat of skill and courage. Although you probably don’t have lives at stake at your company, you do have livelihoods. You have a financial responsibility to both your employees and your shareholders. In this day and age, it’s more important than ever to proactively take diligent steps to mitigate high impact risks: even if they probably won’t happen.

Transparency 2.0

Welcome to the New Age of Compliance

Janis Krums from Sarasota, Florida posts the first photo of U.S. Airways flight 1549 on Twitter from his iPhone. . Picture Source

In fact, the term Web 2.0 has no foundation in technology at all. There was never a Web 1.0, or an organization that officially released the 2.0 version of the web. Instead, Web 2.0 refers in large part to a culture shift driven by social networking technology like wikis and social networking sites like Twitter and Facebook. This cultural shift puts the power of information in the hands of the masses. Whereas before we counted on newspapers and other print media like magazines for our news, the new generation pays much more attention to the citizen journalism distributed by the social media sites.

Think about the heroic water landing of US Airways Flight 1549. There are so many things that are amazing about this event; the probability that the birds took out both engines at the same time, the coincidence of having the perfect conditions and the perfect pilot to land the plane safely. However the other amazing thing for me was that I knew about it before most people in America. How? I was on Twitter at the time it happened, and as it was happening Janis Krums, a fellow tweeter was there witnessing everything. In an instant he was texting and uploading pictures to Twitter, and within minutes spread across Twitterdom for all interested tweeters to read.

In this day and age, everybody is equipped with all the tools necessary for citizen journalism. Most phones today have a camera or video capability. And even when the phone is not handy, it’s not uncommon to see someone on the street carrying around a digital camera or a compact video recorder of some sort. And people don’t hesitate at all to use it.

You may have also heard about the recent BART shooting in my neck of the woods. BART (Bay Area Rail Transport) is a public rail system that we use to get around sometimes. On New Year’s Day, Oscar Grant was shot down by the BART police in the Oakland station. In the old days, an investigation may have entailed interviewing the police officer and any witnesses that may have seen what happened. Then, at the conclusion of the investigation, interested parties would read about it in the newspaper or perhaps catch it on the evening news.

Those days are gone. Apparently there were not one but several people with video cameras that captured the whole event. And thanks to Web 2.0, live video of the actual event was available to the masses in no time. What’s most remarkable however is not the technology, it’s the culture shift. The technology made the video available, but the culture shift caused a frenzy of interested people to actually watch the video. According to the San Francisco Chronicle,

Video footage taken by a passenger shows BART police moments before Officer Johannes Mehserle shot Oscar Grant. (CBS5 / Courtesy to The Chronicle)

“The videos - taken by onlookers - have been downloaded more than 450,000 times from KTVU-TV's Web site, said William Murray, the site's managing editor. That's tantamount to two months' worth of downloads in a few days, he said. An annotated version of one video uploaded to YouTube on Sunday was averaging more than 1,000 views an hour.”

The same sense of social responsibility lives inside your company. After all, the people that feel duty-bound to report the “news” as they see it from ground level are the same people working at your company. They are watching what’s going on. They are still carrying their camera phones, and compact video recorders, but more importantly they are carrying their Web 2.0 attitude.

In the wake of landmark scandals like Bernie Madoff and Satyam, trust in corporations has evaporated and the social masses are taking control. Nowadays, people feel it’s their social duty to protect each other from the crooks, and the Web 2.0 movement gives them the platform to accomplish this. Add to that the unavoidable added pressure for oversight, governance, and accountability from those that are responsible for enforcing it, and that means a new age of compliance—the age of Transparency 2.0.

In the new age of transparency, you must be ethical. There’s no other option. Covering up your tracks and getting away with it are a thing of the past. It’s too easy to get caught these days and far too punishing to be worth it.

But more than that, you must continuously demonstrate objectively that you are running a no nonsense company. This means having sufficient data systems in place to prove your innocence at any given point in time. In the absence of accurate data, people will come to their own conclusions, which is usually not in your favor.

The Web 2.0 culture is here today, living in your company. Whether you like it or not, everything that goes on at your company is being observed and possibly recorded. How comfortable are you with that idea?

Audit Presence

How to Control your Image in an Audit

Picture Source

The next time you find yourself facing an audit think about this. A famous New York University established that when someone casts their eyes on you 11 major decisions are made based on your image within 7 seconds. Whether you realize it or not, your image is an asset or a liability that can either make you or break you. What impressions are you giving to your auditors?

If you don’t think it matters too much, think again. If an auditor suspects that something’s fishy, or things don’t seem right, your audit can quickly turn into an investigation. For instance, did you know that government contract auditors are trained by the government as investigators? If you show up for an audit projecting the wrong image, and an auditor senses wrongdoing, even if you’re not doing anything wrong, you could find yourself in the middle of something you don’t need to be in. Costly fees for lawyers and eDiscovery can be avoided if you just pay attention to what I call your "audit presence."

A while back I wrote an article for California Executive entitled, “Four Secrets to Passing Any Business Audit.” In it, I detail my fourth secret as “Make Sure You Control the Audit.” Most people don’t know they can control their own audit, because they assume the auditor should be running the show. This simply isn’t true. And since your image plays a huge part in controlling the audit, I turned to image expert Angie Katselianos for some additional advice. Ms. Katselianos is an image consultant in Italy that assists clients in improving individual and organizational performance. According to Angie,

” Developing a magnetic style and personal brand that conveys confidence, competence, and credibility goes more than skin-deep – it's an inside out job.

It starts with:

• Recognizing who you are;
• Building upon your distinct inner qualities and values;
• Aligning these with your professional goals and target market's values;
• and ultimately, Reflecting that integration in your personal appearance and style.”

Applying this to an audit situation brings us to my first and most critical piece of advice:

Audit Presence Tip #1: Know that You Are Acting Ethically and In Control

When Ms. Katselianos says it’s an inside out job, it means that you have to know within yourself that two things are absolutely true; you are ethical and have nothing to hide, and you are in complete control of your processes. There are subtle things about the projection of your image that you cannot control, but can absolutely be perceived by an auditor. This should come as words of warning to people that are trying to hide something, like the person who hides behind his defense lawyer knowing he’s guilty. You cannot cover up unethical behavior, even with the best training and tactics. In the game of Poker, when a person subconsciously signals to players what he’s thinking, it’s called a “tell,” something even professional players fall victim to. Walking the ethical route is the only way.

To know that you’re in control is a matter of audit intelligence, practice, and attitude. You must have the proper data systems in place to inform you of your compliance status, and you must practice different audit situations to know how you will handle them. After that, stop second guessing yourself. You have all the information you need to be in control.

Audit Presence Tip #2: Dress for Success

It’s no secret that the way you dress says a lot about how you feel, and vice versa. In Italy, when an auditor shows up at your doorstep, you would think they just walked off the catwalk at a fashion show. This is no accident; they obviously know the effect that image has on an audit. Ms. Katselianos states:

“The way you look affects the way you feel, and the way you feel affects how you behave. Dressing carelessly impacts your demeanor and influence to the same extent as when you present an impeccable outward appearance that projects indisputable leadership qualities.”

You need to dress sharply in an audit. If your auditor is wearing something business casual, you should be dressed in a suit. If your auditor is wearing a suit, you should be dressed in a better suit. The point is not to intimidate (which is probably what your auditor is trying to do), but exert power and control. This leads to my final tip.

Audit Presence Tip #3: Act Confident but Not Arrogant

There is a fine line between confidence and arrogance, so before we go any further lets highlight the difference. Dr. Alan Weiss taught me that confidence is the honest to God belief that you can help someone, and arrogance is the honest to God belief that you don’t have anything left to learn. You need to walk right up to the confidence line without crossing over the arrogance line. If you get arrogant, you and the auditor will be on opposing sides. This is not what you want.

Make direct eye contact, and stand up straight with your shoulders back. Smile, but do not smirk; this signals contempt. The easiest way to do this is to keep your thoughts in the right place. You are there to help the auditor understand that you have everything under control.

The path your next audit takes will be determined within the first seven seconds of meeting your auditor. In improper image can actually lead to a costly and time consuming investigation. You can avoid all this by first being the person the auditor wants to see: ethical and in control. Without this first component nothing else matters. Then, when the auditor arrives dress for success, and act confident but not arrogant. Take some time today to talk to an image expert like Ms. Angie Katselianos. One free consultation may save a lot of money and grief.

Outsourcing Giant is Outsourced

India Takes its Place in the Global Scandal Lineup

Ramalinga Raju, ex-Chairman of Satyam is in the Mulligatawny this month.

BusinessWeek is calling Raju “India’s Madoff,” and the scandal has quite often been compared to our Enron fiasco of early 2000.

B. Ramalinga Raju resigned on Jan. 7, 2009, admitting the firm had falsified accounts and assets and inflated its profits over several years. Noah Seelam/AFP/Getty Images . Picture Source

Raju has been cooking the books, and now he’s cooked. According to BusinessWeek , Raju

“sent a startling letter to his board and the Securities & Exchange Board of India. Raju acknowledged his culpability in hiding news that he had inflated the amount of cash on the balance sheet of India's fourth-largest IT company by nearly $1 billion, incurred a liability of $253 million on funds arranged by him personally, and overstated Satyam's September 2008 quarterly revenues by 76% and profits by 97%.”

What was he thinking? Has he not been listening to the news lately? Did he really not know how this was going to turn out?

This is bad news for not only Satyam, whose stock sank 78% on the day, but also PricewaterhouseCoopers, the audit company that endorsed Satyam’s accounts. What a bonehead move on their part. As if they don’t have enough to worry about, did they not follow what happened to Arthur Anderson in the Enron meltdown? What? Oh well, we might be looking at the Big 3 instead of the Big 4 pretty soon.

As for Raju, his goose is cooked. Now, like the rest of the world, India is under the gun for more oversight and better governance. Join the club. It seems like there’s a global epidemic of extremely rich corporate types taking people for huge amounts of money. Or maybe, the disease has just been dormant, and this new era of transparency is flushing out all the king cockroaches.

Good, another reason to celebrate a new day.

Are You Afraid of the Wastebasket?

What to Do When Your Idea Doesn't Work

Picture Source

Need a way to scare the animals away? I guess this shark-gull looked good on paper, but I don't think the animals are buying it.

Creative brainstorming on controls is necessary, but they must be checked with reality to be practical and effective. Once you realize your great idea for a control is actually a bad idea, throw it away. Don't implement a bad control just because you've already invested the resources to bring it this far. You're better served taking the lesson learned and moving on.

If you think this shark-gull looks ridiculous, wait until you hear about some of the controls I've come across.

Updates, and More Free Stuff!

Free Compliance Charter Download

I've just created a Microsoft Excel Compliance Charter template that you can download here for free. Please pass this on to anybody else that might benefit from it.

Let's Network Socially!

I've developed quite a social network presence, and I'd like for you to join me.

New Articles Published on John Weathington's Quest for Compliance

John Weathington was invited by Quest Software, to be an expert blogger on the topic of compliance. Here you'll find a discussion for DBA's, database developers, and IT management on compliance concerns, observations, issues, and solutions, based on the consulting work of John Weathington. Click here to visit the blog site at Quest Software. Below are links to the individual topics.