CONTINUOUS PROCESS IMPROVEMENT: A DILEMMA FOR AUDITORS

By Steven P. Landry and Ann Fukuhara

Recent developments in management techniques, such as total quality management (TQM) and reengineering or more generally, continuous process improvement (CPI), pose a serious dilemma for auditors. The dilemma arises as a result of reduced internal controls stemming from these new management techniques that emphasize improved organizational performance via process improvements.

The new process improvement management techniques look to increase market share and enhance the quality of products and services by drastically altering systems structures and redesigning processes to improve productivity and customer satisfaction. American companies such as Boeing, IBM PC Co., and Xerox, as well as international entities such as British Telecommunications, Ericsson, Canadian Imperial Bank of Commerce, and Volvo have already embraced these new management techniques. Continuous process improvements promise to reduce costs and improve quality by eliminating waste in terms of nonvalue added work as defined from the perspective of the consumer.

No Checks, Controls, or Reconciliations

In line with the new philosophy of process improvement, organizational structures are growing flatter with employees no longer compartmentalized within rigid vertical hierarchies. Managers value employees and take on new roles as facilitators and coaches as opposed to the old roles of supervising, scrutinizing, and acting like cop bosses. The old, rigid hierarchical controls have little place in the new process-improvement world. Consequently, controls based on the older, more traditional, management structures bear revisiting and modification.

Advocates of process improvement and, in particular, reengineering dismiss the concept of extensive checks and controls. Reconciliations, for example, are considered nonvalue added work and a wasteful activity that should be eliminated. The implications for such eliminations pose serious issues with regard to internal control evaluation and testing procedures.

Internal Control Challenges

If a company has implemented or has decided to implement TQM or reengineering, how should that affect the audit approach?

Purchasing Examples

Use of Credit Cards. The elimination of steps in organizations' processes made to enhance performance can adversely affect audit trails, and thus impact internal control relative to separation of duties. Reengineering proposes revolutionary changes, for instance, to the purchasing cycle. Instead of funneling all purchasing activities through a functional purchasing department, reengineering advocates might propose the utilization of general use credit cards to make purchases. Members throughout the organization would have access to these credit cards.

From an auditing perspective, the use of credit cards by all within the organization would generally represent a serious weakness in internal control. However, process-improvement proponents reject the conventional concept of internal control as it would relate to the traditional purchase process as inefficient and expensive. In some cases, the cost of controls in ordering an item could exceed the cost of the item itself. Reengineering and TQM thus deflect criticism of the credit-card use by stating that the cost of instituting proper controls may exceed the cost of the shrinkage the controls purport to minimize.

Given the implementation of the credit-card method of purchasing, the need for manager authorization no longer exists. Purchasing need not issue a purchase order, receiving need not validate the quantity and price ordered, and accounts payable need not pay for the purchase. Instead, one person retains the authorization and responsibility to make the purchase, have custody of the credit card (as good as cash), and to record the purchase amount against the department's expenses. Classical internal-control systems do not allow one person to possess combined custody, control, and authorization responsibilities. From the perspective of the auditors, the implementation of the credit-card system combines incompatible functions. This increases the risk of concealment or misappropriation of assets.

Purchaser/Supplier Partnership. Proponents of process improvement encourage a continuous process improvement partnership between supplier and company.

As an example of this new kind of partnership, Wal-Mart requested that Proctor & Gamble (P&G) propose the amount of disposable diapers Wal-Mart should order. Over time, P&G skipped the purchase recommendation and just shipped the diapers Wal-Mart required. The effect of this new relationship eliminated many costs related to purchasing activities. Furthermore, Wal-Mart can now rely on competent inventory management.

Reduced Processing. One auditing textbook diagrams the accounts payable cycle as shown in Figure 1 (Arens/ Loebbecke, Auditing: An Integrated Approach, 5/e, (c) 1991, P. 596. Reprinted by permission of Prentice Hall, Upper Saddle River, New Jersey).

Figure 1 illustrates the traditional method of documenting, recording, and processing purchases as well as subsequent payment. The process improvement approach, as suggested by the Wal-Mart and Procter & Gamble example, omits many of these steps. Adherents of the new management techniques might suggest an acquisition and payment process as follows:

* Clerk enters order into the computer system, whereupon the computer generates a purchase order (PO) that is sent to the vendor.

* Vendor sends goods to the receiving docks.

* Upon arrival of goods, clerk verifies that shipment corresponds to an appropriate order. If PO is outstanding, the goods are accepted.

* That same clerk records the receiving of goods in the computer system.

* Computer automatically updates the accounting system as well as issues and sends a check to the vendor at the appropriate time.

The reengineered purchasing process would appear as shown in Figure 2.

When comparing the new process flow of transactions to the conventional process flow, note that Figure 2 eliminates steps 7, 8, 12, 13, and 14 from Figure 1. Furthermore, one person each, instead of several, performs steps 1-3 and steps 4-6 and 9. The steps remaining directly flow to and from a computer system with access by many.

In the process improved scenario, one person can perform many of the transactions previously performed by several persons in various departments. In our example, one person can requisition, cut the purchase order, and forward the purchase order to the vendor. Meanwhile, the clerk at the receiving dock receives the goods as well as authorizes check issuance. The same clerk also records the accounting transaction. Whether involving the ordering or receiving of inventory, this system does not require independent counts concerning amounts received, nor verification of either quantity or price. The clerk performs no reconciliation concerning the goods received nor inspects the goods received for quality control before remitting a check. Process improved organizations build in quality control via partnership development. Furthermore, there is unlimited access to all pertinent information.

These new cost efficient measures more than compensate for the lack of internal controls. These kinds of developments create a new and challenging environment for auditors. Auditing the purchasing cycle may now require new perspectives on just what constitutes adequate internal control as well as the inclusion or consideration of external activities within the audit program.

New Approaches

Although these "radical approaches" may appear to auditors as weaknesses in internal control, supporters of both TQM and reengineering suggest alternative control measures. Champions of process improvement favor new systems with summarized or ex-post controls. For example, in the purchasing case, the purchases made by credit cards are reviewed when the departmental manager reviews expenditures or when accounting receives credit-card statements. With regard to partnership development, managers from both organizations can develop real-time information systems that tie together sales, inventory, and purchasing data into shared databases. The sharing of information among partners reduces information asymmetry thus lessening the need for extensive controls.

Trust

Importantly, the foundation of continuous process improvement rests on the premise of trust. Organizations pursuing CPI prefer to allocate resources to trust development, with respect to both inter-organizational and intraorganizational relationships, as opposed to allocating resources to the development and maintenance of internal controls that inherently are based on mistrust. An organization that trusts its employees, suppliers, and customers possesses the potentially enormous competitive advantage of lessened internal and external transaction costs. Externally, firms can reduce transaction costs via shared data bases and through the elimination of duplicated effort as noted in the Wal-Mart example where Wal-Mart was able to vastly reduce its purchasing overhead by trusting Procter & Gamble to keep its shelves stocked. In addition to reduced transaction costs, the organization can depend upon an expanded universe of continuous process improvement inputs. In the Information Age, organizations commanding such an expanded information gathering network have a leg up on their competition.

A Consistent Approach

Proponents of process improvement justify reduced internal control procedures, particularly with regard to unlimited information access, as consistent with modern information technology. Modern information-technology experts advocate individuals design their own information environments that emphasize information use and sharing. This approach reduces information asymmetry, thus allowing for greater and more informed involvement in the continuous improvement process. Consequently, procedures developed in this kind of environment reduce costs by decreasing the labor time involved in checks and reconciliation while enhancing productivity via increased information use and sharing.

Auditing CPI Organizations: Risky Business?

From the perspective of the auditor, process improved control structures and procedures that utilize information sharing to eliminate division of duties, lessen independent checks, and minimize safeguards over assets increase control risk by minimizing error detection and increasing the potential incidence of material misstatements. For example, revisiting the accounts-payable example, no one inspects purchased goods for quality or quantity, and the reengineered process does not create documentation to report potential quantity and quality problems. Thus, a purchaser may send a check to the supplier for nonconforming or insufficiently supplied goods. The detection of these errors may not occur until after the completion of the purchasing cycle. Finally, the process improved--ex-post support documents for these purchases from the traditional auditing perspective provide an inadequate audit trail.

The continuous process improvement philosophy relies on the premise of employee honesty and relationships based on trust. Reconciliation and checks will occur after the cycle of purchasing has concluded. Auditors, however, need to concern themselves that the improved processes and consequent reduced internal controls may not prevent potential, material losses or fraud, and could possibly reduce the chances of detecting the discrepancies until after completion of the purchasing cycle or possibly never. Hence, assessing control risk and planning the audit may require more than establishing materiality and understanding traditional control procedures. TQM and reengineering may require auditors to examine, to a much greater degree, issues such as client integrity and potential, unethical, or illegal activity.

In assessing a CPI client's internal controls, auditors may need to consider performing "trust audits" to ascertain the efficacy of a client's continuous process improvements. Particularly, the auditor should consider the tradeoff between the value of improvements and the cost of reduced internal controls. Such issues need debate and discussion among auditors because of the increased risks associated with performing audits on process redesigned organizations.

In an already extremely competitive environment, process improved organizations may adversely affect the cost of an audit. To audit a continuous process improvement, organization may require more time and effort than initially anticipated. The reduced internal controls could increase the cost of planning and performing the audit. In addition, the potential need to expand the concept of the audit to include trust factors and shared data bases may also exert upward pressure on audit cost.

Challenges and Opportunities

Although continuous process improvement poses potential risks, auditors should rise to the challenge raised by a changing and dynamic environment. Global competitive pressures require American companies to achieve greater organizational performance by consolidating traditional processes and developing systems that require fewer checks and reconciliations. Companies that have implemented continuous process improvement will testify that these new management techniques deliver enormous benefits and reduce costs. If customers receive little or no benefit from the additional steps required by controls, then why should companies invest millions of dollars to perform nonvalue added work?

TQM and reengineering pose challenges to auditors, but these new management techniques also represent opportunities. Given the redesigning of control procedures driven by continuous process improvements, the external audit becomes even more important. Third parties such as stockholders, investors, and creditors will need to rely on audited financial statements more than ever. The users of these financial statements will place a heavier burden on auditors.

Participation in their clients' continuous process improvement agendas presents intriguing possibilities. For instance, auditors can develop trust audit programs to update internal control assessment techniques in line with the CPI philosophy of trust-based reduction of traditional internal controls. Auditors should also consider assisting their clients by becoming part of their clients' cross-functional teams to help develop new internal control procedures. Such new internal control procedures should be developed within the CPI framework in terms of assisting the client from a value added perspective, especially with regard to reducing and possibly eliminating waste. Auditors must not fall back on traditional cookbook solutions during the evolution of these new internal controls. Consequently, it is important that auditors maintain close contact with their clients.

Continuous process improvement management techniques will continue to stimulate changes in control procedures. To maintain viability in a changing environment, auditors must demonstrate flexibility and adaptability. *

Steven P. Landry, PhD, CMA, CPA, is an assistant professor of accounting at the University of Hawaii at Hilo.Ann Fukuhara is a senior auditor at William Ronald Dolan, CPA, Inc.

Editor:
Douglas R. Carmichael, PhD, CPA
Baruch College

AUGUST 1996 / THE CPA JOURNAL