Internal Controls in Football

It’s that time of year when college and professional football are beginning their seasons.  Looking at how teams set up their defensive players, one sees an exercise in internal controls. By examining the functions of different defensive players, one can see how they act to neutralize offensive threats and learn from their best practices and incorporate them into the defensive game plan (internal controls).

Teams set up three layers of protection against the threat of the offensive team moving the ball down the field. The first layer of defensive internal control is the defensive line. If the offensive side tries to run the ball, the defensive linemen will act to tackle the player who carries the ball to stop his progress as soon as possible. If the offensive team calls a pass play, the defensive linemen act to sack the quarterback or knock down the ball. If either action is successful, the defense will have neutralized the threat of the quarterback passing the ball down the field.

The second layer of protection is the linebackers. In the event of running play, they assist the linemen in tackling the ball carrier. In the event of a passing play, they will either assist the linemen in trying to sack the quarterback, or disrupt passes that the quarterback throws. The players who make up the last line of defense (set of controls) are the cornerbacks and safeties. These players primarily guard against passes that the quarterback throws. In the event of a running play where the ball carrier gets through the linemen and the linebackers, the responsibility falls to the cornerbacks and safeties to neutralize the threat.

If we replace the setting of a football field with, say, a computer and the threat of the opposition advancing the ball into our territory with someone trying to access the computer, we can learn from those football analogies (internal controls). The computer is housed in a building. Our defensive line are the security guards who block access to the building, except for those individuals who have legitimate reason and are authorized to be in the building. Next, the computer should be set up in a locked room. Instead of linebackers, we have a locked door to the room that will block unauthorized access to that room. If a person is then able to get past the guards and get into the building, we have a password to the computer instead of cornerbacks and safeties.” Hopefully, the result of both set of controls will be the same.  The offensive attack will be stopped before any significant damage is done.

Internal Controls Provide Added Protection

Managers and employees alike often ask why do we always have to:

1. Lock the supply room door?
2. Display our identification card?
3. Sign documents prepared by our subordinates?
4. Ensure that all vendors are registered?
5. Maintain copies of documents supporting transactions?

Some of these requirements are in fact a matter of law or regulation. But even in those cases compliance is not the real reason. This is generally because the provision of the law or regulation was writtin the support the real reason.

In each case such rules, which are examples of frequently applied interanl controls, are imposed to make it less likely that some serious adverse consequence (known as a risk) would 0ccur. The underlying risks behind doing the five internal controls listed above are:

1. An unauthorized person could take some or a lots of supplied for personal use.
2. A non-employee could be gain access to the office, remove personnal or organizational property or information, and not be suspected of having an inappropriate reason for being there.
3. You assistant may make a serious error in preparing a document that could have costly consequences.
4. An unregistered vendor may turn out not be be a legitamit business.
5. It may be necessary to substantiate the validity or accuracy of a transaction at a later date.

An internal control is rarely an absolute quarantee that a problem will be avoided; neither is not doing the internal control a guarantee that there will be a problem. For example, it is possible that a supply room door could be unlocked all day and no items get taken for inappropriate purposes. However, leaving the door unlocked provides too high a likelhood of a theft to be allowed. Similarly, if the door is always kept locked there could still be a theft by an individual determined to commit a criminal act. However, the odds of this happening in an otherwise well managed work environment is appropriately low.
If you are wondering why a certain rule is in place in your workplace, contact Stu on Patrol at this website and he may provide you a likely underlying reason in the form the risk that the rule in designed to mitigate. On the other hand if you are worried that a certain bad thing may happen need an idea of what rule or device may make that problem less likely to happen, contact Stu on Patrol and he may be able to provide you some suggested actions.

BP Deepwater Horizon Risk Management

The news over the past 58 days regarding the consequences of the British Petroleum oil spill in the Gulf of Mexico is really about Risk Management. This process includes identifying serious risks and determining how best to manage them by developing and implementing appropriate internal controls. The Deepwater Horizon catastrophy illustrates the most fundamental risk management errors that can be made.

Traditionally, the most serious risk in the exploration portion of the petroleum industry related to spending huge resources to discover oil by digging a well and ending up with a dry hole. This risk has been addressed by minimizing drilling costs and increasing the speed of creating wells so as to provide the maximum number of chances that a producing well would be created.

Consequences of a blowout (a well that uncontrollably gushes oil) were considered secondary and of little concern. When there was a blowout, a specialized oil services firm was called in to extinguish any fire, install a cap and shut off the value so the owning company could easily take over the production process.

Some major changes that have occured over the past 20 years are:

• Exploration relies more on geological theory and reliable instrumentation and less on random search
• Drilling operations have become more automated and efficient
• More drilling has to be deeper as available local reserves diminish
• More drilling has to be off-shore as available on-land oil fields are becoming fully explored

These changes suggest oil companies should be refocusing their risk concerns from those associated with dry holes to those associated with blowouts.

It is now being painfully documented that there are numerous precautions that were diminised or skipped entirely in the Deepwater Horizon drilling operation. These include not ensuring that only top quality blowout protection equipment was submersed a mile beneath the surface and not thorouhly tesing that equipment before the drilling reached the depth where oil was expected. The most recent revelation was that BP used only about a third of the recommended number of mechanical devices designed to ensure that the drill pipe is centered in the well before attemping to seal the installation of that pipe with cement. The stated rationale for taking such short cuts was that the drilling operation was behind schedule.

There is no question now that the cost of not taking known precautions has greatly exceeded any projected savings from speeding up the completion of the well. Eleven men have died, many others were injured, many millions of barrels or crude have entered the Gulf and adjoining shoreline, wetlands and beaches, killing fish, birds and other wildlife and threatened the fishing and tourist industries throughout the entire Gulf Region.

Stu on Patrol is concerned about wasting resources to protect against risks that have greatly and decreased in relevance and ignoring new risks that are more severe than the old ones. If you know of other instances where industries and organizations seem to be guarding against risks that are no longer as serious as they used to be and have failed to address newer more serious risks, please comment back to Stu on Patrol with what you see and what you think needs to be done about it.

Stu on Patrol will take all comments seriously. If they relate to any aspect of Corporation for National and Community Service operations, they will be greatfully acknowledged and thoroughly researched, but will not be published. If your comment does not relate to the Corporation, it will be published here in its entirety.

Internal Controls for Painting a Room at Home?

When you decide to paint a room at home you will be concerned with the quality and cost of the job. Therefore, many of the things you do will be similar to the use of internal controls at work.

In planning the job, you will need to:

• Choose the color
• Gather equipment and materials
• Decide when you will do the work

You will do a risk assessment - by thinking of what can go wrong:

• Paint on the carpet, furniture, draperies, windows and/or moldings
• The previous color may not get completely covered
• Spots could be missed
• The color on the wall may not look like the sample picked at the store

You will install controls - to prevent things from going wrong:

• Mask windows, doors and moldings
• Use plenty of drop clothes
• Keep a damp rag handy to wipe up any drips before they dry
• Paint a small section behind where funiture usually sits and let it dry to check color
• Buy some extra paint in case another coat is needed

You will do quality control - so problems can be fixed as soon as possible:

• Stop and check job after completing one wall
  - Is coverage okay?
  - Is there any paint under the drop clothes?
  - Are edges sharp between painted and unpainted surfaces?
  - Does the color look right?
• What changes in procedure are needed before painting other walls?
• What changes in proceudre are needed before painting other rooms?

If you apply these precautions and considerations, you will be glad you did and will also have a nicer paint job to show off to your friends.

Have You Ever Hired a Clushmaker?

When I was a youngster, many years ago, there was a popular campfire story known as The Clushmaker. The story is about an aspect of a strong internal control environment that is often lacking in a well established bureaucracy.

A young man entered a U.S. Army recruiting station. When asked his line of work, he answered that he was a Clushmaker. Not wanting to admit not knowing what a Clushmaker was, the Seargent who first greeted the applicant referred him to the Captain that supervised the station. As the story progressed, the young man was introduced to a long chain of ever more senior officers, none of whom was willing to admit not knowing what a Clushmaker was. Finally, the young man was introduced to a Five Star General who was not not in a position to refer this potential recruit to a more senior officer.

Naturally, the Five Star General was also unwilling to admit that he had never heard of a Clushmaker. But, he also didn't want to miss out on any benefit that a Clushmaker may provide his organization. So, he signed him up and ordered him to begin his clushmaking operation at once. The newly enlisted Clushmaker started by requisioning a long list of needed supplies and equipment as well as a detail of 50 men to make all needed preparations. Finally, when all was ready there was a tower erected that stood 500 feet above a pond that was 10 feet deep and 40 feet in diameter. At the top of the tower was a two ton ball that measured 10 feet in diameter. Connected to the giant ball was a cable that exended all the way down the tower to a large lever on a control panel at which the Clushmaker stood.

The General asked the Clushmaker if all was ready and the Clushmaker answered "yes."
Then the General directed that all available troups on the base where the preparations had been made be assembled around the 40 foot pond so that all of them would know the value of the Clushmaker who was recrutied into this unit.

Then, the General gave the order to "make clush." At which point the Clushmaker pulled on the lever, causing the ball to be dislodged from its resting place at top of the 500 foot tower and plumit down the 500 feet into the pond. The result was an overwelming clushing sound followed by water being splashed out of the pond in all directions thoroughly soaking all those who observed the event.

So, what does Stu on Patrol think of all this? That is an easy question. It was an absolute waste of whatever was paid to the Clushmaker, for the supplies, materials and work detail he requisitioned, and the time taken up by the numerous observers, including the ficticious Five Star General who authorized the project. The only lesson learned is that a great deal of time and expense could have been saved if the Seargent who initially greeted this young man of dubious talents had asked him what a Clushmaker did and what value it would have to the U.S. Army.

The more important question, directed to all those who read this story is, "Have you ever done or observed someone in your organization do anything that resembles hiring a Clushmaker?

Please write in to Are We in Control because Stu on Patrol wants to know.