Failure by Remediation

Fixing the Fix on the Bay Bridge

An empty San Francisco Bay Bridge. Picture Source

Although the actual account is fictional, the facts surrounding it make it quite possible. Last Tuesday, on October 27, 2009 about 5,000 pounds of steel from the Bay Bridge came crashing down on the upper deck, as the wind blew loose a large crossbeam and a couple of tie rods (the slithering cables). Fortunately and remarkably nobody was hurt, but the incident totaled a few cars.

Here’s the irony, which is the part I always love. The structure that failed wasn’t there a couple of months ago—over Labor Day weekend, it was constructed as a remediation! Just before Labor Day weekend, engineers noticed a crack in the bridge (not something you care to see if you’re a bridge engineer) so they rallied the crews to install some “reinforcement,” just to be safe. Although they get an “A” for effort, I guess they overlooked the fact that there might be some wind over a bridge that spans the San Francisco bay (imagine that).

I was actually on the road on Tuesday at 5:30 when the Bay Bridge came falling down. I pushed off from Reno, Nevada earlier that day; I had just finished attending Confab 2009, the annual conference for the Institute of Management Consultants. The conference was awesome. My mentor Alan Weiss opened up the conference with his keynote on Sunday, giving us insights on how to thrive in this economy. He brought the house down as usual—standing ovation.

It was an auspicious time to be driving home from Reno, as I could have quite possibly been driving into San Francisco at that time. I didn’t hear about the incident until I reached home later that night, however I do remember driving by the area, and I don’t remember it being that windy. Of course, the wind was blowing a bit, but nothing terribly unusual. I remember being in Broomfield, Colorado one time, which is right between Denver and Boulder, to do some work for Sun Microsystems. I actually drove there, and when I pulled up to my hotel, the wind was blowing so hard it was difficult to get my car door open. Now, that’s windy. Tuesday in California on the Bay Bridge…not so windy. I find it odd that a moderate amount of wind was enough to shake things loose on the Bay Bridge.

Another thing I find odd is the announcement we heard the following Wednesday morning. They told us, “the bridge would be closed indefinitely.” That’s a peculiar choice of words. I think what they were trying to say is that, “the bridge will be closed until we can get it safely repaired, and we’re working as fast as we can,” however the word “indefinitely” gives off the impression that the bridge will be closed forever, doesn’t it?

We can do better than this on our compliance programs, now that we have a clear example of how not to handle this. There are three lessons we can glean from our Bay Bridge case study, which I’d like to share with you, so you don’t make the same mistakes.

The first lesson is about remediation. The apparently kneejerk reaction to the crack on the bridge was to install an adaptive control, which as I’ve stated many times before is a poor choice when other types of controls are available. I would have preferred a preventative control which would address why the bridge cracked in the first place.

The second lesson is also about remediation. As we’ve seen with the Bay Bridge, even with the best intent, remediation can backfire on you if you’re not careful. You absolutely must do benchmarking on current state before you remediate, then do another benchmark to make sure you’ve actually improved the situation! Seems obvious, but people get this wrong all the time, and actually spend money to worsen their situation.

The third and final lesson is about communication. Take some time to articulate your communication carefully. Words are powerful, and choice of words is very, very important. I’m not talking about spin control, I’m talking about accuracy. Everybody involved needs to know the honest truth, as acutely as you can project it. This bridge will probably be open in a few days; that’s hardly an “indefinite” period of time.

Uncovering weakness in your compliance program, and taking proactive steps to remediate is an enormously responsible move on your part, but you must do it right. Always strive for preventative controls when possible, test your remediation to make sure it reinforces your situation, and make sure your communication is accurate and honest. You don’t want a crossbeam coming down on your compliance efforts because of a little wind.

Time to Cut Bait on 404

Dear Sarbanes-Oxley, We’ve Had Enough

ComplianceWeek blogger Melissa Aguilar covered a story on 404 this month, about yet another attempt to amend the Sarbanes-Oxley Act. According to Melissa:

“Two amendments to delay or even rescind Section 404 for many companies came before the House Financial Services Committee on Wednesday, a surprise move that left investor advocates fulminating to anyone who would listen. One amendment to postpone Section 404(b) until 2011 for non-accelerated filers did pass on a voice vote, and will come before the full committee for a roll-call vote on Nov. 4…

A separate amendment, offered by Rep. John Adler, D-N.J., would have gone even further: exempting all companies with less than $700 million in market capitalization from Section 404(b), which would include many filers already complying with it.”

I’d like to opine on this for a minute. Since 2002, Sarbanes-Oxley has been nothing but a huge mess. That’s why it needs to keep being amended. If it worked, they would just leave it alone. I understand the original intent, but once again good intentions were met with bloated, inefficient legislation which did nothing more than create immense and undeserved wealth for accounting and law firms at the expense of Corporate America.

After the overwhelming and egregious acts of corporate con-artists like Enron and MCI Worldcom, something needed to be done. There’s no question about that. However the hallmark of good leadership is decisions that lead to results that are effective, and as a bonus efficient. Sarbanes-Oxley is neither, and I don’t understand why they continue to let this governmental Godzilla torment the generally honest and hardworking businesses of America that keep this nation running.

Please understand this point about your compliance program. Effectiveness is everything. You must know if your compliance program is effective, and if it is not, kill it—and start over quickly. It’s serving no purpose, and it’s draining resources. And in this time of economic uncertainty, the last thing your company needs is an ineffective compliance program draining money and human resources.

How do I know it’s ineffective? It’s pretty simple, let’s look at the evidence. When SOX first rolled out, companies poured millions of real dollars into trying to “comply.” I was working with large clients like Sun Microsystems at the time, and was personally involved in some of these efforts. Reams of documentation, produced by armies of people spending countless hours resulted in millions and millions and millions of dollars in expense. We had external auditors and internal auditors and objective third parties. We had lawyers and accountants and accountants’ lawyers and lawyers’ accountants all working as diligently as possible to achieve the holy grail of SOX compliance. Of course, this was the story at just about every large accelerated filer. The costs were so grandiose that non-accelerated filers were paralyzed with panic and rightly so; how in the world would they be able to afford this? They’ve been pushing back ever since, and the SEC grants them extension after extension to file, while they try to figure out how the cost will impact them (more tax dollars at work). Even after the “final” extension, it seems now that they’re rescinding the finality of the final extension, to extend the filing date yet one more time.

And we’ve done all this work for what? So that corporate scandal cannot harm the good American people. SOX was positioned as the rainbow for white collar crime against the innocent working class; a covenant of peace between the US government and the American people that the devastating floods of corporate greed would never inflict financial injury to the hard working American family again.

Fast forward a short seven years, and the entire economy collapses under—drum roll please—corporate greed. How could this happen? We spent trillions on SOX compliance to avoid this very thing. How on earth could this happen?

Do you know what happens when you wear loose shorts on the north shore beaches of Hawaii? The waves there will pound you into the sand, and within three minutes, your shorts will be gone. Good intentions, bad results.

America just got pantsed, the SOX shorts are too loose. I believe Representative Jon Adler is heading in the right direction. Better to just kill the whole thing, but of course that won’t happen. It makes too much sense.

Can you Hear Me Now?

10 Ways to Improve Communication on your Compliance Program

Communication problems are at the root of 90% of compliance program implosions. Most of these problems are easy to remediate, once you have the proper awareness and take the appropriate actions. Here are 10 of my favorite tips for boosting communication on your compliance program:

1. Create a Communication Plan. Seems to make sense, but surprisingly most compliance programs that I see don’t have one. Planning in any form, pays dividends and a communication plan is no exception. I find it easiest to use a spreadsheet and keep it simple. Record who will be communicated to, when, and in what format. Make sure you cover all the parties that will be affected.
2. Execute the Communication Plan! This seems to make sense also, but you’d be surprised how many times I step into a situation where a communication plan has been created, but it’s not being executed. Why go through the trouble if you’re not going to follow through? It actually makes sense to have a control and audit plan in place for your communication plan. This is territory that is already familiar to you, so why not leverage it to improve your communication efforts?
3. Avoid a “Need to Know” Mentality. Compliance tends to be a subject area where companies try to control and spin information. This is a very bad idea. Communication should be immediate, straight-forward and honest to all people affected. This is the only way to get full commitment and cooperation from the resources that are necessary to make your compliance program work properly.
4. Validate Understanding. Proper communication involves you sending information, them receiving information, and you verifying the understanding of the information. This last step is important. It’s not good enough to just “push” information out without testing for understanding. Periodically poll your communication targets to see if they’ve received and understand your message.
5. Avoid the “Telephone Game.” This is an old game we used to play as children, where someone starts with a message whispered into someone’s ear, and it makes itself around the room until the final person announces what they finally heard. Invariably it has nothing to do with the original message. Make sure you’re communicating directly with your targets, and there’s no second hand information passing around. For instance, instead of communicating only to managers with the assumption that they’ll carry that message to their direct reports, communicate directly to all people on the front line, including their managers.
6. Communicate Frequently. Do not setup a communication program where you only communicate with people once a month, once a quarter, or Heaven forbid once a year! You should have weekly or even daily communication with most of your targets. Things are constantly changing on your end—people need to be informed.
7. Be Pithy in Your Communication. Get straight to the point, do not use a lot of words. How do you feel when you receive an email or letter that’s the length of a novel? Nobody will read this. Learn how to communicate your message in as few words as possible.
8. Create Graphics for your Communication. A picture is worth 1000 words, so it’s very effective. In addition to making your communication lively and interesting, a graphical model is able to communicate a lot of information in a relatively small amount time. Take advantage of this leverage in your communication. For instance, if you’re trying to communicate compliance violation effectiveness, a nice graph would be a good choice over a lengthy report.
9. Do more than Email. For some reason, when people think of format for communication, they start and stop with email. Email is fine, but there are a number of other ways to communicate your message that are much more effective. Consider a lunch festival, radio show, or print newsletter. Be creative, your audience will appreciate it.
10. Get Feedback. Talk to your audience about what works for them, and adjust as necessary. In this information age we’ve been bombarded with information from all angles. Everybody has learned to adjust in their own way. You won’t know what you audience likes, until you ask them.

Communication is one of the most important things to get right on your compliance program. I hope this gives you some ideas on improving its effectiveness. You don’t need to implement all 10 to get good results. Out of this list, think of 3 that you can do right away and get them in place by the end of next week. This will give you good momentum for following up on the rest.

Down to Earth Advice

Balloon Boy Hoax Could Cost Family, Big Time

6-year-old Falcon Heene says he was hiding in a box in the attic while authorities were searching for him.. Picture Source

On Thursday, the story (which preempted just about every other story) was that six-year old Falcon Heene may have climbed into an experimental helium balloon that accidentally took to the skies of Colorado. Panicked, authorities sounded the alarms and pulled Colorado’s best together in a concerted effort to save the boy. The balloon finally came down, and the boy is nowhere to be found.

By Sunday, the story according to CBS News was:

“a little boy[who] had floated away in a giant helium balloon was a hoax concocted to land a reality television show, authorities said Sunday, and the boy's parents will likely face felony charges.”

Now it looks like the Heene’s are facing felony charges, some of which may include multi-year jail terms and hefty fines in the hundreds of thousands of dollars. Richard hasn’t been convicted, but the evidence right now doesn’t look good. Authorities are quite certain, this was a hoax.

Stunts like this, which are intended to shortcut the system, are unnecessary and extremely damaging. Richard’s “reality career” is finished, and he’s looking at some very serious penalties. Don’t take shortcuts in your compliance program. Do your diligence, and get it done right. Otherwise, your program is just full of hot air.

Don’t Flip Out

Good Ideas still need Best Practices

Sometimes, in our zealousness to get started we ignore good practices and flip straight over the objective. Enthusiasm is great, but don’t let it get in your way. You can do it, take your time, do it right.