The CEO assumption is an important element of any organisation’s operational and strategic decision process and must be based on evidence and process. It is not a synonym for a ‘wing and a prayer’ nor is it the final hope that ‘things unseen will not go bump in the night’. We have all seen movies about the frozen-closed safety valve in a critical facility that leads to terrible consequences (e.g. Longford) and heard news reports where process oversight or poor maintenance cause failure leading to reputational damage and business continuity loss.
The crux of this CEO ‘art form’ is getting the right information to identify the areas and issues needing attention and where necessary to instigate action which scrutinises certain reports urgently: to ensure risk is understood and managed– after all that’s the job of CEO oversight. While the CEO will interact with staff members, external advisors, insurance brokers and IT professionals, the art of a good CEO assumption is crafted in the habit of questioning, testing and validating with an experienced eye to see beyond the foreseeable. Most organisations establish policy and build compliance regimes based on detailed analysis, nevertheless the system can often leave critical issues behind. The CEO may assume all is going as directed within agreed delegations but this assumption may not be right. And as we know authority can be delegated but responsibility always rises to the top.
A good CEO Assumption is based on a combination of critical factors including policy, automated ‘workflow’ reporting, specific tracking of risk, legal framework and compliance training, with decisions to reassess established process using formal review within the management team. At times the CEO may engage an external ‘subject matter expert’ to independently test chosen options or results. All these are intended to ensure that the CEO Assumption is based on evidence and that it is robust.
Asking the right questions, honing legal and jurisdictional framework is all about seeing detail that only experience teaches, this is the art of a good CEO Assumption. But beyond this, a good CEO will encourage senior staff to challenge existing assumptions and try to ‘look with new eyes’. It is about creating a culture of permission: to test assumptions and encourage an atmosphere of watchful practice. Further, a CEO doesn’t need to become an ‘Undercover Boss’ to be exposed to the truths at the ‘coal face’: a visit to the lunch or crib room can often tell the CEO more about the business than any management report. Some companies use the management team from other divisions to test risk and to validate reporting assumptions in each other’s division.
From my experience, the following are five areas worthy of review, presented with provoking scenarios to stir the thinking and to make senior management uncomfortable when they reassess the basic tenants behind the many corporate assumptions.
Assuming your Insurance Policies cover all Eventualities
A company transported 20 GP doctors by mini bus along remote back roads. For five years they assumed the doctors were employees of the company and covered by employee insurance. An unrelated question to the underwriters found that the doctors were not employees and were not insured.
An insurance company in Australia specifically excludes ‘fixed term contract’ employees from the ‘Directors and Officers Insurance’. This exclusion places the Directors outside the insurance ‘firewall’ if action is taken against the company by the CEO, CFO or professional staff.
Assuming that Safety and Business Continuity Planning meet all Eventualities
A human services organisation with some very difficult clients called the police at least once a month. Client interview rooms were fitted with duress alarms but it was discovered that only half were operating when tested and there was no response procedure to rescue staff members needing urgent assistance.
A training company allocated the preparation of medical dissection instruments to the receptionist. However, there was no ‘Management of Sharps’ policy in the company and the receptionist had not been trained for the task.
Assuming that the Computer and ICT System is Secure
Assuming the computer system has a working backup is very risky. Total loss of a company computer records is not only about fire but about hacking and malicious lockout. Two companies tested recently had a backup regime which provided no backup of the critical business data, due to a number of recent process changes.
One backup system missed a range of user files on the server which included all documents, client records and legally admissible information. Another had a regular backup process but delivered blank data onto the media. One also located all backup drives in the same room as the computer. The problems were not identified because the backups were never tested.
Question 1: When was the last time you ordered a full install of the company backup and how did you verify the outcome? You cannot assume your backup will reinstall all company documents going back years. Some backup systems use a redundancy approach to economise storage. In a total loss situation, it can often mean that the company record is only as good as the assumptions made by the IT programmer or cloud provider when the system was set-up and this process is often established without sufficient discussion or periodic review by the CEO or senior management. There are different types of backup, and assumptions made by the IT programmer (maybe years ago) is no way to guarantee business continuity at the highest point of foreseeable risk.
Question 2: Have you tested the ‘Contact Us’ box from your company website? One company had no connection into their system from this customer enquiry process and were losing all web enquiries.
Assuming the Accounts track the Business Plan and Report Contract Performance Accurately
Budgets are hard work and should report to the Board against business plans and to the government against funded contracts. CEOs and senior staff manage and rely on these budgets- But who has oversight of the allocation for cost codes against projects and cost centres? Often this is done by junior staff when they pay invoices. Testing and tracking the cost allocation process is vital.
Assuming that Contract Delivery and KPI Reporting are the Same Thing
Contracts with required performance criteria are the core of business and an essential for CEO oversight. Too often a Board can assume that activity based reporting is sufficient to satisfy the requirements of program oversight: when the critical process of KPI achievement is not being reported. In the same way, it is critical for a NFP Board to see beyond the contract and the KPIs, to ensure that community value is being delivered. In a commercial contract the activity of building a structure is not only about completion on time but also about the correct material specification and how this is reported and tracked.
Risks abound in the workplace- from drums without labels, maintenance shortcuts to operational reports based on untested data sourcing. The CEO cannot be left with this mammoth task, it is a collective responsibility. Evidence is the testing and questioning of group think, historic routines, policy and standard compliance automations; and this process must be encouraged across the whole organisation. Spend a day opening or closing safety valves, hacking your computer, testing for bacteria, externally testing diesel engine emissions or surveying the height of levee banks. Prepare an audit of safety backup systems or risk provisions like cyclone-rated building readiness or that staff are working within their credentialed authority. Bad assumptions can lead to corporate failure. However, the healthy permission to test assumptions protects the organisation against foreseeable risk and is a core part of the CEO role and fundamental to the work of senior managers and company directors.
A good ‘CEO Assumption’ is an essential part of the job and should be challenged when relied upon too quickly. Assumptions must be tested, validated and based on evidence. That is why we test fire alarms and have fire drills.
Ian Hook is Principal Consultant
Cogent Business Solutions
Not-for-Profit Division – Community Sector Specialists
Phone: 0455165508: Office: 02 6152 9222
Download the Division’s Capability Document here