I recently finished an excellent book, “The Code Breaker,” which covers the discoveries that led to gene editing and more. Towards the end of the book, the author discusses how that science was used to build tools and techniques for COVID-19 testing. (There is also a section on the mRNA that is used in several of the vaccines.)
Several labs were working on COVID tests when the CDC declared a health emergency. The tests the labs had come up with couldn’t be used without FDA and CDC approval. It was a major problem as the CDC’s own tests didn’t work properly.
One lab tried to get regulatory approval but was confounded by a mountain of red tape. They had to fill in page after page of detailed forms. Then they were told they would have to do more tests using material that the FDA wouldn’t grant them permission to obtain.
It took intervention by Dr. Fauci to get their and other labs’ tests approved.
The Business Cost of Excessive Red Tape
In my books, I share a couple of real-life incidents where excess red tape hindered the business. In one, the CEO mandated that he had to approve every request for capital expenditures. As a direct result, a modest request to spend $10,000 to reap many times that reward was delayed until after the opportunity had passed. In the other, the Legal team performed the same review on sales contracts for $10,000 as they did on contracts for $10,000,000. In both cases, my internal audit team persuaded management to change.
Related Article: Getting the Most of Internal Audit
Who Benefits From Excess Red Tape?
More recently, I have been affected by unnecessary bureaucracy myself.
As a retiree and occasional speaker or consultant, I have a one-man small business. When I accept an invitation to speak, especially at an event run by a company (as opposed to a professional association), I am often asked to sign a legal agreement.
Signing a contract or other agreement is perfectly fine. What amuses me (most of the time) or frustrates me (sometimes) is the length of the agreement and the time the process takes both for me and for the company. In one case, it took more than three months!
The cost to the company of the process far outweighs my fee let alone any potential risk (if you can find one).
Sadly, when asked why they have so much unnecessary red tape — well beyond what is needed to manage the risk — people often reply that it is because the auditors told them to do it.
Related Article: Is Risk-Based Audit the Best Approach?
Remove the Grit From the Machine
Practitioners need to have the courage to stimulate management to remove controls and other procedures that cost more than they are worth.
Practitioners should consider not only the cost (even if only time spent) of a process, but the time it takes. Is it so long that it puts grit in the machine that is the business? Does it mean that a response to potential harm is delayed or that an opportunity is lost? We can lead them to make appropriate changes and streamlining.
Yes, that means taking more risk.
Practitioners also need to be careful of their own, self-inflicted red tape. Are you auditing at the speed of risk, or the speed of molasses? Are you weighed down by unnecessary review and approval protocols, or the need to document and justify every finding and recommendation — even if management agrees with them?
Can you provide management and the board with the assurance, advice, and insight they need when they need it, without taking more time or spending more money than necessary?
I welcome your thoughts — and please share your success stories.
Norman Marks, CPA, CRMA is an evangelist for “better run business,” focusing on corporate governance, risk management, internal audit, enterprise performance, and the value of information. He is also a mentor to individuals and organizations around the world, the author of World-Class Risk Management and publishes regularly on his own blog.