Skip to content

Archive for


Social Network Analysis—Drawing the Right Conclusions

In my last post I discussed some of the basic techniques of social network analysis (“SNA”).  While SNA can be a powerful evaluative tool, the results of SNA should be analyzed closely to ensure that the correct conclusions are drawn from the particular measures and to determine cautionary measures that could be taken to preserve the value and efficiency of the network.  For example, a node may have a high level of degree centrality (i.e., a large number of direct connections); however, the influence of the person occupying that node may be relatively limited if the connections are limited only to other nodes close by in his or her immediate cluster.  Also, the importance of what appears to be a connector or hub really depends on how much information does in fact flow through that node.  Another important feature of SNA is the way in which it can identify nodes that have drifted away from the central network.  SNA usually identifies one or more nodes, or clusters of nodes, with relatively low centrality scores meaning that they are no more than peripheral members of the particular network.  There may be a number of reasons for this such as personality factors, the nature of the activities performed by the persons occupying those nodes and problems with the flow of information within the network.  However, peripheral nodes can be very valuable for the network either by virtue of the skills they represent or the connections that they themselves have to resources and information from outside of the network and it is therefore important for the company to find a way to create higher levels of connectivity with these peripheral nodes.  As for nodes that serve as brokers (i.e., a high level of betweenness centrality), care must be taken to anticipate the consequences of a break down in the flow of information through that node because the occupant leaves the company or becomes disenchanted with management policies to the point where he or she abandons the role of connector.  Finally, a very centralized network with a handful of hubs can be quite dynamic; however, there are clearly risks associated with the possibility that one central node will suddenly become disabled and bring the entire network to a complete standstill.  Put another way, it does not take much for a “connector” to turn into a “bottleneck,” either because the person in the node is simply overworked and unable to push information or along or simply decides that it is in his or her interest to hoard information and dispense it selectively even though it slows down company initiatives.


Mapping the Information Organization—Social Network Analysis

While it is important, and recommended, that emerging companies develop some form of organizational chart to outline the formal reporting and consultative relationships between various business units and the departments include therein, it must also be recognized that all organizations have their own informal network of relationships that can be just as important in getting projects completed, generating new ideas and improving and maintaining overall employee morale.  Almost every company can make its own contribution to the large body of anecdotal evidence regarding the existence and influence of the informal organization—middle managers that have been with a company so long that they are far more effective in getting proposals through and accessing necessary resources than new hires who may be higher on the formal organization chart, bottlenecks in communication between two key departments because of personal conflicts between the department heads and the continuous exchange of information between departments that occurs at the side of the building where smokers congregate.  Informal organizations are not a complete substitute for the fundamental principles underlying the organization chart—task description, supervision and authority; however, informal organizations do provide clues to who within the company are looked to as leaders and senior managers of emerging companies should know and understand some of the tools that are available for gathering knowledge about the informal organization and be prepared to look for ways to use what is known about the informal organization to improve company performance.

A common tool that companies use for identifying the boundaries of their informal organizational structure is “social network analysis” (“SNA”), which is sometimes promoted to companies by management consultants as “organizational network analysis.”  While there are multiple definitions of a “social network,” the consensus seems to be that a network consists of “nodes,” which can be individuals, formal or informal groups or other organizations, that are have developed interdependencies, referred to as “ties,” with one another within the defined network based on certain relationships—friendship, conflicts, values and ideas, or business transactions.  SNA is the art and science of attempt to map and measure the relationships within a network and identify how information and knowledge flows back and forth between the nodes using the ties that are identified during the course of the analysis.  A significant amount of research has been conducted in this area and social networks have been identified on a number of levels—from families to groups of nations—and the general conclusion in the business area has been that these networks can and do play a crucial role in how companies operate and address opportunities and threats and how the employees within those companies conduct their day-to-day activities and develop perceptions about how the company is managed.

In order to understand how a social network operates, analysts perform certain tests to determine the “location” of each node, measured by its level of “centrality,” and its relationships to other parts of the network.  Social network analysts produce maps of the network that show how all the nodes are tied together (“connected”) and identify who is in the core of the network, who is on the periphery of the network, groupings of nodes and their members, and the roles that certain nodes play in the operation of the network (e.g., leaders, connectors, etc.).  The first step in creating the map is to chart the connections between nodes, which exist whenever two nodes regularly communicate or interact in some meaningful way.  This information is then used to generate various measures, or metrics, that track the centrality of each node and the strength and importance of the connections between the various nodes.  The most commonly cited measures of the individual centrality of a node are as follows:

  • The level of “degree centrality” refers to the number of direct connections associated with a node.  Nodes with the most connections are referred to as a “connector” or “hub” in a network; however, the number of connections is just one part of the story and role and importance of the node in the network is also heavily influenced by which nodes are at the other end of these connections and how those nodes are connected to other parts of the network.
  • The level of “betweenness centrality” focuses on connections with different groups within the network.  A node may have a relatively low level of degree centrality due to a small number of direct connections; however, if the node is the sole link between two important groups that are not otherwise directly connection with one another it can play a powerful role as a “broker” of relations between the groups and a conduit of information and knowledge between different parts of the network that otherwise would not communicate. 
  • The level of “closeness centrality” measures the relative distance of a node from all other parts of the network based on the node’s direct and indirect connections.  Nodes with high closeness centrality are best positioned to monitor information from all parts of the network through their “grapevine”.

After the data regarding the network is collected and categorized, social network analysts can determine the relative importance of each node in a network by aggregating those measures taken of the node with respect to the number and strength of connections, the degree to which the node connects groups that are not otherwise linked to one another, and the amount and quality of information that actually flows through the node to other parts of the network.  In addition, SNA facilitates the development of various conclusions regarding the characteristics of the network as a whole and various clusters of nodes within the network.  For example, networks can be characterized as centralized or decentralized depending on the degree to which key links are associated with a relatively few number of nodes (i.e., hubs that have high levels of both degree and betweeness centrality).  In addition, the relative cohesiveness of groups of connected nodes can be determined and nodes that are closely linked to one another at the expense of less direct ties to other nodes can be classified as “cliques.” Group cohesiveness is also important in determining the effect that removing members would have on the connectivity within the group—for example, removing one key node may cause communication among the other members to collapse completely due to the unique role that the node played in ensuring that information flowed to each member.


Establishing a Foreign Corrupt Practices Act Compliance Program

In a recent post I discussed enforcement actions taken by US government regulators under the anti-bribery provisions of the Foreign Corrupt Practices Act (FCPA) with respect to certain improper payments made by (or on behalf of) US companies to secure government licenses, permits or certifications in a foreign country that may be necessary to launch or continue business operations in that country.  I suggested that company compliance programs designed to prevent and detect any improper payments by employees and agents that would violate the FCPA must be carefully reviewed to ensure that the appropriate level of scrutiny is applied whenever the company, or one of its affiliates, discovers that a license, permit or certificate must be obtained from a foreign government to launch or continue business activities in that government’s country.  In this post I wanted to highlight the following key steps that companies can and should take to bolster their FCPA compliance profile:

  • The first step is preparation and adoption of a written corporate policy on FCPA compliance applicable to all employees, agents and consultants of the company and distribution of the policy to all covered parties, particularly persons working in foreign countries.  The policy should be customized to the specific business operations of the particular company and should include illustrations of payments and activities that might run afoul of the FCPA based on scenarios that typically occur in the course of the company’s business activities. 
  • Formal acknowledgement of the company’s responsibilities in this area should be obtained through presentations to the board of directors and other senior managers.  The policy referred to above should be approved by the board of directors or an appropriate committee of the board and dissemination of the policy to employees should be accompanied by a letter from the company’s chief executive officer that admonishes employees to take the policy seriously and adhere to its requirements. 
  • One member of the company’s in-house legal department should be given the responsibility of regularly monitoring developments in this area, including U.S.enforcement actions, progress with adoption of multilateral codes of conduct such as the OECD Convention on Combating Bribery and changes in anti-bribery laws in foreign countries.  If the company lacks the in-house resources to do this job, outside counsel with appropriate expertise should be selected and tasked with keeping the company updated.
  • The board of directors or the chief executive officer should establish a formal institutional solution for handling FCPA issues.  In many cases, an FCPA review or compliance committee will be assembled to deal with FCPA matters and will include an FCPA Compliance Officer with responsibility for overseeing the activities of the committee and representatives from other departments as well as the authority to engage outside counsel and consultants to conduct audits and investigations.  It is also probably a good idea to designate an ombudsman who can serve as the contact for employees wishing to report potential violations of the FCPA on a confidential basis.
  • Various departments should be enlisted to standardize certain business tools and practices that can be disseminated throughout the company in order to ensure that FCPA compliance is smoothly and efficiently integrated into the company’s normal business operations.  For example, screening methods, questionnaires and checklists can be created so properly trained employees can isolate FCPA issues early on in relationships with third parties.  Particular attention should be paid to due diligence on foreign agents retained for business development purposes in their jurisdictions.
  • Counsel should draft contract language that addresses FCPA concerns for inclusion as a standard practice in all relevant company agreements.  For example, agents and contractors in foreign countries engaged in local business development efforts on behalf of the company should be required to warrant that no payments of money or anything else of value will be made or offered to any local government official to induce the official to use his influence with the government to obtain an improper business advantage for the company.  Such agents and contractors should also be prohibited from retaining sub-agents without the consent of the company, thereby allowing the company to perform its own due diligence on the proposed sub-agent.
  • All employees likely to come into contact with FCPA compliance issues should be provided with adequate training regarding the policies and procedures developed by the company.  An executive summary of FCPA compliance issues should also be prepared and distributed to employees and posted on the company’s intranet. 
  • The designated compliance officer should make regular reports on the compliance program to the board of directors, including policy violations and disciplinary actions taken against employees.  Based on the requirements imposed by regulators in recent enforcement actions, it also appears that companies should seriously consider engaging independent consultants to audit the effectiveness of their FCPA policy and procedures.

Fundamental Organizational Design Principles

In their book “Organization by Design: Theory and Practice,” Jelinek, Litterer and Miles identified four issues as key concerns that should be addressed when designing any organization, including an emerging company.  First, the structure should relate well to the strategic plan of the organization.  Second, the structure should facilitate the technology on which the organization who relies.  Third, jobs should be designed in a way that not only achieves the goals of the organization but which also motivates the employees.  Fourth, the design should fit well with the overall environment of the organization including competitors, suppliers, government agencies and the like.  One of the main responsibilities of top management of an emerging company is to continuously monitor how the organizational structure of the company is addressing each of these concerns and make sure that all necessary changes to the structure are carefully designed and implemented on a timely basis. 

During the start up stage it is common for companies to organize themselves along functional lines.  The main advantage of this approach is that it allows the company to develop the specialized functional skills and resources that are essential for the development of any business.  In addition, a function-based structure is probably the easiest way for the CEO to retain an overall picture of the business and thus effectively exercise his or her role as the primary decision maker.  There are, however, disadvantages to a function-based structure that ultimately lead to changes as the company grows.  For example, departments organized by function tend to focus on internal goals as opposed to the broader goals and objectives of the company7.  This “tunnel vision” is fostered by a lack of communication with other business units and establishment of reward systems that are based on functional objectives and achievements as opposed to collaboration with groups in other parts of the company.  As a result, conflicts begin to arise when coordination among business units is required and it becomes necessary for senior management to devote a significant amount of time and effort to making sure that the various functions learn to work together for common goals.

Eventually, the problems with a functional-based structure lead to emerging company toward a new structure built around products or markets as the primary axis.  This has the immediate advantage of dividing the business into organizational units that are more closely related to its competitive environment and also makes it easier for the company to align its rewards and incentives with the overall performance goals established by senior management for the company as a whole.  In addition, a product- or market-focus organizational structure reduces the problems that arise when attempts are made to coordinate activities across functions and CEO is able to delegate decision-making responsibility to senior product or market managers and then evaluate their performance using objective criteria.  Of course, there are certain disadvantages associated with the new structure that must be considered.  The most important is probably the danger that the specialist skills of the company will be eroded which may adversely impacted what had previously been a competitive advantage of the company.  In addition, launching and maintaining separate organizational units for each product and/or market may result in duplication of functional resources in each unit, a problem that is sometime eventually addressed by creation of central resource units that offer certain functional services to two or more business units within the company.  Also, while not necessarily a disadvantage, the transition to a new structure means that the CEO must adapt to new ways of tracking the progress of the organization.  The former CEO habit of relying on direct knowledge based on detailed involvement in day-to-day decisions must give way to the use of written reports and trust in the judgment, skills and abilities of other managers.  In order for the structure to be effective, it must be understood and operated by managers that are highly skilled and committed to the goals and objectives set by the CEO.


Essential Elements of Internal Control

A basic system of internal control begins with simple processes, records and reports that are easy to implement and maintain.  However, as emerging companies grow and add employees, and involve outside stakeholders such as investors and banks in their activities, they will need to take a more sophisticated approach to internal control.  Before deciding on an overall system of internal control the management team must understand that the essential elements of internal control, which are interrelated, are the control environment; risk assessment; control activities; accounting, information and communication systems; and self-assessment or monitoring.  In this post we provide an introduction to each of these elements. 

The control environment sets the tone within the company, influences the control consciousness of its managers and employees, and establishes the foundation for all of the other elements of internal control. The control environment includes integrity and ethical values of the executives, managers and employees; an organizational commitment to competence and fair and honest business practices; active involvement and participation by the board of directors and/or audit committee; the overall influence of management’s philosophy and operating style; an appropriate and effective organizational structure that incorporates clear assignment of authority and responsibility; and effective human resource policies and practices. 

Risk assessment is the company’s ability to identify and analyze the relevant risks to achievement of its objectives and forms the basis for determining how the risks should be managed and what controls are actually needed.  Risks can arise from a number of events including changes in the operating environment of the company; new technology; rapid growth, or new or expanding lines of business. 

Control activities are the policies, procedures and that help ensure that the directives issued by the board of directors and management of the company are carried out.  Examples of control activities include operational performance reviews (e.g., risk assessments and budget performance reviews); information systems controls to verify the accuracy and completeness of transactions; physical controls and security measures; and segregation of duties.

Every business needs accounting, information and communications systems to support the identification, capture, and exchange of information in a form and time frame that allow personnel within the company to complete their responsibilities and update the organizational database to reflect the outcome of their activities.  Accounting systems include methods and records that identify, assemble, analyze, classify, record, and report the transactions of the company.  Information systems produce reports on operations, finance, risk management, and compliance that allow the board of directors and senior managers to manage the company. Communication systems impart information throughout the company and to external parties such as regulators, auditors, shareholders, and customers. 

Monitoring refers to the processes implemented and maintained to continuously assess the quality of internal control performance by the company over time and, if necessary, make appropriate modifications to internal controls as dictated by changes in the environmental conditions in which the company operates.  A focused internal audit program is one way that companies can fulfill their monitoring and self-assessment duties.

It is recognized and accepted that the methods and tools used to achieve the objectives of internal control will vary depending on the size and complexity of the company and its business activities and small and mid-sized companies will typically use less formal means to ensure that these objectives are achieved.  For example, since it is more likely that the founders of a fledgling emerging company will be actively involved in all operational aspects of the business and in the financial reporting process such a company will usually dispense with, or defer creation and use of, detailed descriptions of accounting procedures, sophisticated information systems, or written policies.  However, if a small company is involved in complex transactions or subject to the same legal and regulatory requirements imposed on larger companies engaged in similar activities (e.g., pharmaceuticals), one may find that the small company has been forced from the very beginning of its existence to implement the same types of formal methods and tools for internal controls as might be found in the larger company.  Smaller companies may also be able to implement and manage formal and comprehensive reporting systems with the assistance of sophisticated software embedded in its information systems.

The size of the company may also impact the way in which it aspires to achieve the essential elements of internal control.  For example, smaller companies, particularly those that have just been launched, generally do not have written codes of conduct and that may rely on the development and maintenance of a culture that emphasizes the importance of integrity and ethical behavior.  This is more often achieved through oral communication and by the examples set by the founders and other senior managers in the day-to-day actions.  In the same vein, smaller companies may not have independent members on their board of directors.


FedEx Case Focuses on Control of Work Performed by Independent Contractors

In Estrada v. FedEx Ground Package System, Inc., the California Court of Appeal considered whether Federal Express (“FedEx”) was required under Labor Code § 2802, which provides that an employer must indemnify his or her employees for all necessary expenditures or losses incurred by the employee in direct consequence of the discharge of his or her duties, to reimburse expenses incurred by drivers that that FedEx had attempted to classify as independent contractors.  FedEx attempted to rely on the express wording in an Operating Agreement executed by each driver that provided that identified each driver as an “independent contractor, and not as an employee . . . for any purpose,” and noted that “the manner and meaning of reaching the [parties’ mutual business objectives] are within the discretion of the [driver]”; however, the court concluded that the FedEx actually exercised sufficient control over the details of how the drivers performed their jobs so as to properly classify them as employees for purposes of  Labor Code § 2802. The Court of Appeal recited a number of indicators of control including the following:

  • Under the terms of the Operating Agreement, drivers were required to purchase or lease a truck (usually obtained from FedEx preferred vendors) meeting FedEx’s specifications, mark the truck with the FedEx logo, pay all costs of operating and maintaining the truck (including repairs, cleaning, fuel, tires, taxes, licenses and insurance), and use the truck exclusively in the service of FedEx (or mask the logo if the truck is used for any other purpose). To pay for the truck and other costs, drivers may obtain loans through FedEx’s business support programs (with repayment through pay deductions).
  • Drivers were required to provide “fully competitive” service to a “primary service area” assigned by FedEx, and the Operating Agreement acknowledged the driver’s “proprietary interest” in his/her primary service area’s customer accounts; however, FedEx also had the right to reconfigure primary service areas based on volume of business considerations and a driver who has his/her primary service area impacted by reconfiguration had a right “to receive payment” from FedEx or the benefited driver.  Customers were billed by FedEx, not the drivers.
  • Drivers were required to wear a FedEx-approved uniform and maintain his/her appearance “consistent with reasonable standards of good order,” his/her uniform “in good condition,” and his/her truck in a “clean and presentable fashion.”
  • FedEx regional managers supervised terminal managers and had weekly discussions about goals and procedures. Terminal managers, in turn, supervised and trained drivers.  FedEx reserved the right to have its management employees travel with the driver four times each year to verify that the driver was meeting FedEx’s standards, and agreed to train or familiarize the driver with its quality service procedures.
  • As was true of all FedEx employees, drivers were paid weekly at rates set by FedEx without negotiation (the drivers’ rate was based on a daily rate, a piece rate for packages handled, and bonuses for length and quality of service), and offered a “business support package” to help him/her obtain and maintain a truck, a scanner, clean uniforms, and other similar items, the cost of which was paid by the driver by deductions from his/her weekly settlements.
  • The duration of assignment was not limited to a specific job or project and instead drivers were allowed to elect the initial term of his/her Operating Agreement (from one to five years), with automatic yearly renewals unless, 30 days before expiration of the term, one party gave the other written notice of termination.
  • Several times each year, terminal managers evaluated each driver’s performance by means of a “customer service ride” and there were covert checks and security audits conducted in the field. Each driver received an annual progress review.  Terminal managers decide which “failures to service” or alleged breaches of the Operating Agreement to document, and they have discretion (subject to the regional managers’ and upper management’s approval) to recommend termination or non-renewal.
  • Each driver was required to use a scanner, which was leased from FedEx, to obtain signatures when packages are delivered. Every driver’s truck had a computer, and the driver was required to insert the scanner into the computer after each delivery so that customers had immediate access to delivery information via the FedEx website.  As was the case with trucks, drivers could obtain loans to pay for scanners through FedEx’s business support programs (with repayment through pay deductions).
  • The Operating Agreement recited that it and its attachments constituted the “entire agreement and understanding between the parties,” and that it could be modified only by a writing signed by both parties.  However, notwithstanding this merger clause, the drivers’ relationship to FedEx was actually defined by a number of other sources, including the FedEx “Ground Manual” and “Operations Management Handbook,” which set forth “policies and procedures” in great detail to ensure the uniform operation of FedEx terminals throughout California, as well as by recruiting materials, welcome packets, memoranda, training videos, bulletin board posters, round-table presentations, and similar means of communication.
  • FedEx offered its drivers a deferred compensation or retirement plan (the record is ambiguous on this point) and other “employee benefits” (including direct deposit, a seniority-based “time-off program” for unpaid leave, and a scholarship program for the drivers’ children).
  • Drivers worked full time (during work hours set by FedEx) and exclusively for FedEx, and were required to work every day FedEx provided service unless they had pre-approved replacements.
  • The drivers and their trucks were subject to inspection every day (the trucks had to be clean, the drivers in uniform and well groomed), and if either failed inspection, the driver could be barred from service.

The court concluded that, in practice, the work performed by the drivers was wholly integrated into FedEx’s operation and noted that the drivers looked like FedEx employees, acted like FedEx employees, were paid like FedEx employees, and received many employee benefits.  In addition, the court concluded that the drivers were totally integrated into the FedEx operation, performed work essential to FedEx’s core business, and had jobs with little or no entrepreneurial opportunities.  As a result, FedEx was not only liable for expense reimbursement it was also subject to a number of other employment obligations including break time requirements, overtime payment, payroll withholdings and taxes, workers’ compensation insurance and benefits paid to other employees.


Basic Records and Reports for Start-Up Companies

Earlier this week we discussed some of the basic internal controls for a start-up company.  In addition, it is important for the founders and senior managers to set aside the resources necessary for the creation of certain key records and reports that have proven to be especially useful for small companies.  Specific items include the following:

  • A daily cash report would reflect the opening cash balance plus any receipts and less all disbursements and should be reviewed to identify large and/or unusual entries.  The report provides notice of dangerous erosion in the cash position as well as the availability of excess cash that is not needed for current operations and is best transferred to short-term, income producing reducing. 
  • A monthly aged trial balance of receivables shows trends in the aging of accounts in comparison to the same report for the prior month.  The report also provides management with information on the average number of days’ sales expressed in receivables.
  • An analysis of returns and allowances provides information to management regarding potential products and sales problems.
  • A weekly report of overdue receivables should be obtained in order to alert management to collection problems that could ultimately lead to cash shortages.  With the information included in this type of report management can make decisions about what actions should be taken including personal phone calls, threats of legal action and/or suspension of future orders.
  • A periodic inventory report would include a reconciliation of changes in the total inventory since the last report.  Purchases or production of finished programs would be added to the beginning balance and shipments and other removals would be subtracted.  If possible, changes should be compared to previously established budgets or goals and to comparable periods in prior years.
  • Production summaries should be prepared on daily, weekly and monthly basis so that managers have current information regarding the quantity and quality of production activities.
  • A monthly product or process cost analysis should be undertaken in order to provide management with an objective measurement of manufacturing efficiency.
  • Sales backlog reports list all unfilled orders that have been outstanding over a specified number of days.  The reports should break down the information by quantities, dollar values and in terms of number of days’ sales or production.
  • Sales summaries should be prepared daily, weekly or bi-weekly and should provide details relating to sales activities broken out by salesperson, product and/or location.

The Need to Implement and Respect Basic Internal Controls

The founders and other senior executives of emerging companies often think that implementation of a comprehensive system of internal controls is a luxury they cannot afford and instead focus their time and money on initiatives of more immediacy to the survival of the company such as new product development, marketing and advertising programs and improvement of manufacturing facilities.  Internal controls are deferred under the rationale that they are only necessary when the company reaches the size and sophistication of more established competitors.  Unfortunately, experience shows this attitude to be shortsighted and surveys find that a significant percentage of the failure rate for small companies, regardless of the talent and management experience of their founders and senior executives, can be attributed to inadequate internal controls.

There are a number of different definitions of internal controls and the concept has changed dramatically over the years in response to various events such as Enron.  For our purposes, however, it is useful to define internal control as a process—implemented by the company’s board of directors, management, and other trained personnel—designed to provide reasonable assurance regarding the achievement of objectives with respect to reliability of financial reporting; effectiveness and efficiency of operations; and compliance with applicable laws and regulations.  For start up companies, the biggest concern for the founders is simply making sure that adding new employees does not cause them to lose touch with the details of how scarce resources, including cash, are used.  In fact, when the company is first launched the most important control may well be signature approvals and it is recommended that founders and/or designated senior managers maintain the right to review and approve all key documents such as checks, credit memos, payroll journals, bank reconciliations, other journal entries, and contracts.  In addition, smaller companies can deploy simple rules to segregate responsibilities for day-to-day activities that may be sensitive from an internal controls perspective.  For example, a receptionist may be tasked with opening the mail, making a list of checks received and restrictively endorsing those checks while another employee has responsibility for preparing the daily deposit slip.  The totals on the list and deposit slip should then be reviewed and compared by a senior manager before a deposit is made.

Other controls which are basic to most businesses include:

  • Direct receipt of bank statements so that they can be reviewed for unusual transactions that might indicate that funds have been misappropriated or that account balances have been manipulated;
  • Periodic count and reconciliation of the petty cash fund
  • Comparison of amounts reflect in the financial statements to cash balance on the bank reconciliation, total accounts receivable listing, and total accounts payable listing;
  • Approval of pricing policy and each exception to the policy;
  • Approval of credit policy and each exception to the policy;
  • If perpetual inventory records are maintained, periodic test counts;
  • Review of recorded scrap sales for reasonableness;
  • Accounting for numbers of pre-numbered documents such as purchase orders, receiving tickets, sales invoices and checks;
  • Review of salesperson’s commission accounts;
  • Review of purchase orders to verify that purchases are being made only from approved vendors;
  • Occasional inspections of shipping and receiving areas in search of unauthorized goods;
  • Periodic review of paid vendors’ invoices to determine whether they been properly mutilated to avoid reprocessing;
  • Review of miscellaneous income and expense;
  • Periodic review of employees’ expense reports;
  • Review of computations of gross and net pay for select employees; and
  • Distribution of all payroll checks.

In our next post we will discuss the basic records and reports that should be created and maintained for start-up companies.


Layers of Protection Analysis for Business Ethics Risk Management

One of the principal responsibilities of the Legal function is participating in the establishment, administration and review of the company’s compliance and business ethics risk management program.  There are a number of quantitative and qualitative tools available for identifying, assessing, analyzing and measuring specific risks; however, emerging companies typically lack the resources and patience to implement a complex risk management system.  It is feasible though, and highly recommended, that emerging companies perform a “layers of protection analysis,” or “LOPA,” to determine whether the company has taken sufficient action to protect itself against adverse consequences of certain events.

The process for a LOPA depends on the particular risk, hazard or accident of concern to the company and the level of detail that the company is willing to commit to in carrying out the initial LOLA and subsequent assessments.  A good example, which is certainly relevant to emerging companies from the time that they begin to expand their number of employees, is the LOLA that might be used in order to reduce the likelihood that the company will be harmed by illegal or unethical employee behavior.  In that situation, a company may set a goal of establishing a reliable system for preventing, detecting and correcting employee behavior that is illegal, unethical or otherwise incompatible with the values that the company wishes to project to its stakeholders.  In order to achieve this goal the company may establish three layers of protection which can be regularly evaluated under LOLA—prevention, which focuses on the initial selection and ongoing training of employees; internal detection and correction, which includes procedures designed to uncover and resolve problems at an early stage; and external detection and correction, which includes information obtained from outside of the company that identifies potential or actual legal or ethical problems that may eventually cause material damage to the company.

The first layer, referred to as “prevention,” attempts to reduce the likelihood of employee behavior problems by making sure that employees are carefully selected and properly trained and that incentives are provided to employees to increase the likelihood that they will performed in the manner expected.  Among the elements that should be included in this layer are the following: background checks; comprehensive interview and pre-employment assessment procedures; new employee orientation programs; compliance training and awareness programs; policies, procedures and employee codes of conduct; control systems; performance evaluation procedures and reward systems tied to compliant behavior; and consistent communication from top management regarding the importance of legal and ethical behavior coupled with appropriate behavior by top management.  The second layer, referred to as “internal detection and correction,” includes various tools and procedures for continuous internal monitoring of employee behavior to identify, and quickly resolve, potential issues before they escalate.  Among the elements in this layer are the following: compliance monitoring; internal audits; risk assessments; employee questionnaires; ethics hotlines; and prompt and thorough investigation of potential issues followed by clear and effective corrective actions, including necessary modifications to prevention strategies in the first layer.  Finally, the last layer, “external detection and correction,” relies on information from external sources to identify issues that may have not been picked up internally.  In some cases the information is voluntarily solicited by the company, as is the case when external consultants are brought in to audit the company’s compliance procedures.  In other cases the information comes in the form of queries from governmental agencies or complaints received from customers, business partners, investors, or public interest groups.

The ideal situation for any company is to strengthen the first layer—prevention—to the point where a minimal amount of resources will need to be invested in the other two layers and the risk associated with a major problem is substantially reduced.  The efficacy of the prevention layer can, and should, be constantly measured by reference to how much time and effort is expended on correction in the second and third layers and lessons learned from dealing with problems that arise should be integrated into the preventive element in the form of training and modifications to reward systems.  Not covered here, yet also important, is the implementation of crisis management procedures that can be used in the event that prevention, detection and correction are not sufficient to avert a major incident.


Preparing The Business Plan – Putting It All Together

The suggested analyses of products, competition, financial matters, risks and environmental factors are some of the most important elements of the broader exercise of preparing a business plan for an emerging company.  A business plan is the first step toward creating the discipline necessary in order to launch, operate, and grow a successful business.  Some entrepreneurs are so excited about the technology or the product that they simply want to press forward without deliberation.  When told that they need to do a business plan for potential investors and lenders, the first attempt is often quite rushed and incomplete.  The consequences, however, of failing to take the planning process seriously can be dire.  Not only is an opportunity lost to demonstrate the credentials of the proposed venture to potential business partners, the momentum of the enterprise itself will soon begin to diminish due to the lack of interim goals and milestones that keep the business and the founders moving in the right direction. 

There are a variety of methods that might be used to put together a solid business plan; however, most formal business plans cover the following areas:

  • A description of the proposed business activities, including the products and services the company will be offering;
  • A description of the target markets for the company’s products and services and an explanation of how the company intends to reach those markets, including an analysis of competitive factors;
  • A detailed analysis of the costs associated with launching and operating the business and a strategy of how the business will obtain the capital to pay these costs (including initial capital contributions and long-term financing requirements);
  • A description of the operating plan for the business, including an analysis of how the company will manage the core functions of the business (e.g., manufacturing, human resources, sales, accounting, etc.);
  • A description of the managerial infrastructure of the business, including the mechanisms to be used for management and control of the business, and each of the persons who will be filling management positions within the business;
  • A description of the plans and strategies for recruiting non-executive employees, including cash and equity incentive arrangements;
  • A description of the company’s property and facilities requirements, including any specific leasing arrangements;
  • A description of the legal and regulatory environment for the company’s business, including strategies for perfecting and maintaining intellectual property rights and business permits;
  • A summary of any plans for acquiring any needed resources or further capabilities; and
  • Detailed budget and projected cash flow statements.