Why Sign Off? - - Why Sign On?

The requirement that official documents be signed is about as old as writing itself and continues to show up in nearly every new form that needs to be completed. Why are we asked to sign off on documents that we have completed. There appears to be three separate reasons:

1. Tells the reader that the writer did in fact intend the meaning of every word (and number written in the document.
   
2. Prevents the writer from claiming at a later time that someone else must have written the document. (Either the writer recognizes the signature or a handwriting expert can provide evidence of its authenticity.)
   
3. Reminds the writer that anyone can determine his or her identity and therefore care should be taken to avoid any incorrect or inappropriate material.

If the above is why we sign off, then why do we sign on. In effect the sign on required to enter an information technology network or an specific application is a modern day version of a pen and ink signature. The three basic reasons still apply. A computer system sign-on also has an additional purpose:

• Only those individuals with a recognized user name and password can gain access to network, application or special function protected by the password.

And the computer sign-on also has some very important features (provided passwords are kept secret):

• The exact identity of the person signing on can be easily determined.
  
• The precise day and time of a sign-on can also be determined and recorded.
  
• Extra sign-ons can be required to specifically record the entry of a user into a specific function or sector of an application.

Did you ever wonder why you were asked sign-off so many places on a legal document or sign-on so many times during a single computer session? To discuss any puzzling examples, simply conact Stu on Patrol.

Internal Control Used in Every Day Life

• Alarm Clock to wake up on time. Sometimes for extra important early morning events a second or even a third alarm is set.

• Warning lights, visual messages, and/or audible messages on some cars when doors are left open, lights are left on or seat belts are not fastened.

• Some cars will not start unless all doors are closed.

• Some models automatically turn headlights and windshield wipers on and off as needed, so there is little chance that the driver fail to use these devises or turn them off when they are no longer needed.

You probably know of many more commonly used internal controls. Please take a moment and sent a comment to Stu on Patrol to let me know what some of them are.

Hospital Internal Controls

A common misconception about internal controls is that they only relate to financial matters. One example of non-financial internal controls are those used at hospitals to reduce to very low levels the risks that one patient would be mistaken for another or that a patient would receive the wrong medication.

• When a new patient is admitted into a hospital even before leaving the registration desk the registrar checks a photo ID card and then affixes a bracelet to display vital information such as the patient's name, nature of hospitalization, account numbers, date of admission and the patient's doctor's name.


• If a patient needs Introvenous medication, the supply bag cannot be hung over that patient's bed or stretcher unless the chart is signed by two Registered Nurses attesting to having compared the doctor's order to the lable on the bag before it was hung.
  
• At one time when patients was prescribed a regular medication before being admitted to the hospital they were directed to leave those home so that the hospital pharmacy could benefit from the business of supplying those medicines. However, to reduce the likelihood of errors by the hospital pharmacy, patients are not encouraged to bring thier prescribed medicines with them unless directed otherwise by their doctors.

The reason for presenting these examples of non-financial internal controls is to show that good controls are needed to safeguard any valuable asset that may otherwise be vulnerable. There can not be any asset that is more valuable or worthy of our best care than a human life.

If you can think of other examples of internal controls, please comment back to Stu on Patrol.

Four Approval Signatures

An outside consultant was asked to find out why there were so many errors in a process that required four individuals to review and sign off on the work that was done. What she found was very disturbing. It turns out that while all four approvers knew they were supposed to review the document carefully before signing off, none of them reviewed it all all.

The first reviewer was the most junior level manager. He decided the other three knew much more that he did and would catch any errors. The second reviewer was more senior than the first and she decided that the first reviewer would catch anything obvious and the third and fourth reviewers would catch all of the more difficult problems. The third reviewer was sure that the first two would catch any errors and the fourth reviewer would make any important decisions. The fourth reviewer decided that if there were any problems, one of the other three reviewers would have found and corrected them before the document came to her for review.

Thus, each of the four reviewers signed the document and none of them reviewed it at all. So, what is the answer to this apparent puzzle. There are two answers that should be applied in all cases of multiple document review:

• When developing a process procedure there should always be a specific expectation as to what each reviewer is to be responsible for checking and correcting.

• Regardless of what the procedures say, each person assigned to review a document is to consider that she or he is the only one who is checking the document. Therefore, if there is an error to be corrected or a decision that needs to be made, there is no expectation that anyone else will do it. This attitude ensures that a document receiving multiple reviews get more attentions, not less, than one receiving a single reivew.

If you come across some internal control puzzle, such as four signers none of whom actually review anything, or you have more ideas on when to specify multiple reviews or how to make sure all reviewers do what is expected of them, send a message to Stu on Patrol or use the comment feature of this blog to get back to me.

Control Through Automation

One of the best ways to strengthen internal controls is to automate a process. For example, for many years travel orders were prepared as paper documents and later data-entered into the financial system. However, the paper document does not know for sure if there is money available to pay for the trip, or if the travel has started before all needed approvals are received, or even if all required approvals were ever received.

Now we have E2 Travel, which has increased our level of control over travel a great deal. Under this system all employee travel must be approved and booked through the E2 Travel system. Therefore, our Travel Management Center will not book transportation unless they receive the approval from the E2 Travel system. Also, the obligating travel order is entered into the Momentum financial system on the basis of the aproved amount and accounting codes recorded in the E2 Travel system. This means in most cases that it is virtually impossible for an E2 Travel trip to begin before it has been fully approved. Future integration of E2 Travel with the Momentum financial system will eliminate some of the current data entry and processing steps for travel orders and travel vouchers.

If you have other ideas about how to improve internal control over travel, or if you have noticed a weakness in how it is currently being controled here at the Corporation, please comment back to Stu on Patrol.