You get what you ask for

Holistic project and change management

A few weeks ago, I had a most refreshing conversation with a global Portfolio Director working for a division with about 40 factories spread over 15 countries. She mentioned they don’t use or have a need for change managers (CM). As Portfolio Director she manages the main stakeholders and during the projects, their Program and Project Managers (PM) focus on stakeholders management and on the people side of a change.

She explained. Their change & implementation list is long. As Portfolio Director she ensures the senior and the main stakeholders are fully committed to the change/project upfront, otherwise the project will not start, not even make it to the plan. If she, and for instance country managers,  cannot bring the added value or necessity of a change across to one of their peers, a PM certainly will not be able to. “If the main stakeholders are not accepting and driving the change, don’t waste the team’s effort, and avoid frustrations. But if the main stakeholders are on board, the project gets on the plan, and the plan is approved: the project will be executed.”

Once upon a time, managing stakeholders and the people side of a change were important tasks of a PM. To limit derailing projects, standard project methodologies were introduced. Followed by a time of enforcing the standard processes, templates, stage-gates, formal updates, etcetera. The direct measurable side of project management was elevated, leaving stakeholder management and managing the people side of a change with too little care and attention. The next frequent reason why changes were not successful occurred.
And see; the CM role/function was born. By now we are used to split jobs/tasks into different roles, and for larger changes, to consider change management a separate expertise and function. A role and function which is maturing and professionalizing over time.

Plaatje Maaike

Let’s make a comparison to risk management. A sales department, where performance is measured by sales volumes KPI’s, will lose to feel the risk of not being paid. Over time, the department’s culture evolves and the clients’ solvency is no longer considered when deals are closed. Organizations faced the financial consequences, and a separate risk management function (the so called 2nd line of defense) was introduced to fix the gap. They support and guide the business (the 1st line of defense) how to identify and manage risks, and they re-build a risk aware culture. As a result, risk management is becoming again the responsibility of the business (the 1st  line of defense) and in a number of companies, the 2nd line of defense, the separated risk management function no longer exists. What about the change management role/function? Will it be an expertise which further matures and is here to stay? Or has change management similarities to risk management, and will their tasks, focus and capabilities over time be re-absorbed by the PMs and will specialist roles like communications and training remain?

Regardless the future developments of the change management role/function, for most projects a strong focus on the people side of change is a pre-condition to reach the end goal, to make the change sustainable, and to reach the intended business benefits. When change management is not fully integrated in the veins of PMs, the projects will benefit from, or will only be successful when, the people side of change is being taken care of by a change specialist, by a CM.

So, why was the conversation with the Portfolio Director so refreshing? Because i) the early and top-down stakeholder management is embedded in the organization, ii) only committed and executable projects are started and iii) people side of change is a fully integrated part of managing a change or project. Management support, resources availability, creating focus/drive of all involved, creating awareness/understanding/the right capability, are all natural components of approaching changes and projects holistically. Not in words like this blog, but because the Portfolio Director was living it as example.


Internal Control: need for focus on future priorities

Internal control and the management agenda

Internal Control is a topic which always is on the agenda of (senior) management. It is common sense that addressing this topic effectively facilitates organizational performance and gives room to focus more on clients and value creation. However, in many cases organizing this effectively is a challenge and opportunity. This is reinforced by the current changing way how digital transformation has evolved in many industries, business models and how this has been embedded in organizational processes, risks and controls that support organizational goals.

While in the past static processes and controls were sufficient, current business and organizational environments demand a different approach and role.

What is Internal Control?

Internal Control can relate to financial and non-financial related areas. In all cases below attributes apply. Internal Control:

  • Is a structured process
  • Supports in realizing organization objectives
  • Assures reliable reporting and related compliance
  • Addresses Risks
  • Applies to every organization!

For illustration purposes, a typical example of areas in scope for internal control when focusing on financial reporting which apply to almost every organization are:

  • Sales and accounts receivable
  • Cash management and banking
  • Inventory and supply chain
  • Purchases and accounts payable
  • Payroll and human resources
  • Financial statement closing and reporting

These are dictated by systems in use, related general IT and application controls, organization structure, roles, responsibilities, processes, analytics focusing on risks/opportunities etc.

Requirement for effective internal control

A main requirement to organize Internal Control is to address below building blocks:

Plaatje 1

When addressing above building blocks, aligning with the organizational strategy is a main driver. No value is created by implementing structures and processing related attributes when not fully linking this with strategy, management commitment and systems/automation used.

Secure alignment

To secure alignment with the organizational strategy, Internal control typically can play a key role as presented in below overview:

Plaatje 2Purpose of this governance model is not minimizing risk which would hinder business activities but an optimized risk/return.

Internal control can be the key player in the ‘second line of defense’ and can take the position to lead efficient and effective management focus on risks in realizing organization objectives with focus on reliable financial reporting and related compliance.

A recent study  in the Journal of Accounting Literature (Volume 42, June 2019, Pages 80-103) also provides broad insight in the high relevance of internal control to stakeholders including investors, creditors, managers, auditors and financial analysts. Also evidence concerning the positive association between audit committee characteristics and internal control quality, supports the call for organizing this effectively with clear focus on organizational objectives and faster changing business models.

Future focus and priorities

Focus for organizing effective internal control should be securing continuous streamlined business processes, clear link to data and their (digital) origin, integration with compliance areas to prevent duplication. This will lead to transparency and visibility.

The 3 main priorities for organizing internal control are:

  • Embed digital in organizational processes, risks and controls that support organizational goals.
  • Take the lead in aligning the frameworks to the organizational/business objectives
  • Organize a standardized approach for both financial as non-financial internal control clearly defining empowering roles.

Always with focus on supporting organizational and business goals!

Mario Cornel

Managing Consultant Risk and Compliance

Internal audit maturity levels upside down

A recent dialogue session on Sustainability turned my understanding of the Internal Audit maturity levels upside down.

The roots of Internal Audit lays in providing assurance on the company’s financials, and at later stage including some non-financial KPI’s, which are now embedded in the organization’s governance, culture, systems and processes. Most Internal Auditors/departments added capabilities and grew from assurance provider, through problem solver to insight generator, and some to trusted advisor providing valued added services and proactive strategy advise to the business. For several years, one could find articles and trainings on how Internal Audit could evolve from being a “police agent” to the business’ trusted advisor (often ignoring the question whether that would be the most suitable maturity for their organization).

In the “Knowledge lab Internal Sustainability Audit” organized by RGP and Sustainalize, both Internal Auditors and Sustainability Managers exchanged their experiences and challenges. And yes; auditing a sustainability report, or sustainability elements in an integrated report, is in principle no different than auditing any other non-financial KPI. “In principle” because the many guidelines and standards do add complexity. Also measuring, recording, reporting and auditing sustainability KPI’s require a lot of explaining, discussing, adjusting process and systems, before it becomes business as usual

Internal Audit can support to increase transparency on the organization’s environmental footprint, ratings, and progress on the selected sustainability goals. How? As a start by supporting the management to develop the sustainability strategy. As Internal Audit usually has a deep understanding of the organization’s processes, systems, risks and controls, they can help translate the sustainability strategy in the organization’s daily operating model and define KPI’s. Activities which fit the role of insight generator and trusted advisor.

However, while the organization is still developing and learning to uniformly measure, report and consolidate these new type of data, while an audit trail might be missing, while manual activities are high or systems not yet robust, auditing the sustainability or integrated report definitely differs from providing assurance on financial or established non-financial information. To be able provide limited or reasonable assurance on sustainability information, a next level of Internal Audit capability and maturity is needed.

So the Internal Audit maturity levels have changed over time. From trusted advisor and insight generator, to assurance provider as a next level.










Agility is not a buzzword. It was always needed.

Foto tennis

In times of social and economical change, agility-adaptability is the key to survival. That’s what the majority of companies realize each and every day.

Some of them in a soft manner -adapting on time-, and thus, remaining a player of this infinite game called market.

Some others in a hard way -adapting too late-, and going out of business (or in the happy scenario, being acquired by a third company)

Implementing a Digital Transformation project is a good example where a company’s agility is really tested. The whole organization needs to operate within the same frequencies. Understand what needs to change, how to change it, and move forward as one entity.

Below is an illustration of how Agility looks like in a Digital Transformation project.

Step 1: Connect all your business units

Make sure you create one voice. Having a sponsor from/to every layer of the organization assures higher percentage of uniformity in the message delivered across the organization.

Don’t forget, confusion is the last thing you want to create in times of change.

Foto 2

Step 2: Build your architecture incrementally

 Time is money. But when it comes to establishing your architecture, speed can be the enemy which can destroy everything.

Hence, make sure to build good communication channels where modeling – feedback – testing will be integral part of your architectural build-up.

It may take time, especially if the company is large enough, or has complex business processes. But, its ROI is countless. It will significantly increase the possibility of building an architecture which can withstand change and scale-up.

The two constants which hardly ever change.

Foto 3

Step 3: Execute the project in a Disciplined Agile Delivery approach.

Be agile on the way you incorporate agile methodologies. Allow your teams to work in Kanban, Scrum, XP, or even in Agile Modeling approach.

In the meantime, make sure you create one funnel of incoming requests where all functional and technical requirements are gathered in.

From this point onward is pretty much a known journey.

Apply what fits best for your team, in that specific moment in the project. If that is a Kanban approach for few weeks, and then a shift to Scrum, let it be. Allow the “Development Team” together with the Scrum Master decide what is best for creating a working outcome.

Foto 4


Agility throughout the whole delivery. Remember, agility is not a buzzword. It was always needed. Just in different amounts.

Foto weegschaal

Integrated Reporting, duurzaamheid verankerd

Duurzame productie, circulaire economie, terugdringen CO2 footprint, maatschappelijk verantwoord ondernemen, diversiteit, allemaal topics in menig boardroom. Of zouden dat moeten zijn. Met de akkoorden van Parijs en Kyoto staat duurzaamheid en het terugdringen van de eigen ecologische footprint hoog op de agenda. Het belang is evident: we hebben maar één aarde en daar moeten we het mee doen. Steeds meer stakeholders, of het nu afnemers, personeel, toeleveranciers, maatschappelijke organisaties of vermogensverstrekkers zijn, zijn geïnteresseerd in de visie op en de ontwikkelingen van een duurzame waardecreatie van ondernemingen. Ondernemingen die hierover transparant zijn hebben een streep voor op ondernemingen die dit (bewust of onbewust) niet zijn. Dat levert onder meer concurrentievoordeel op en geeft een betere kans op het aantrekken van personeel en kapitaal. Maar hoe maak je de verkleining van de ecologische footprint en de verduurzaming van de onderneming meetbaar en zichtbaar? Het invoeren van een Integrated Report is één van de mogelijke antwoorden.

In een Integrated Report worden financiële en niet-financiële informatie gecombineerd. Een combinatie van het jaarverslag, de jaarrekening en het duurzaamheidsverslag derhalve. Dit is geen nieuwe Zuidas hype, maar een goed instrument om structureel met stakeholders te communiceren.

Een traject om te komen tot een Integrated Report begint met het eigen waardecreatie proces. Wat is de impact van de onderneming op duurzaamheidsvraagstukken? Wat is belangrijk voor de stakeholders en waar wil je als onderneming een positief verschil maken? Een volgende stap is het maken van een foto van je huidige footprint en het stellen van concrete doelen op korte en middellange termijn. Een koppeling van de eigen duurzaamheidsdoelen aan de Sustainable Development Goals (SDG’s) van de UN wordt door de EU en de AFM aanbevolen.

Een vertaling van de duurzaamheidsdoelstellingen van de onderneming naar KPI’s en vervolgens het doorlopend meten van die KPI’s maakt het effect zichtbaar en geeft indicatoren voor bijsturen. Voor het verder ontsluiten van informatie kan BI tooling worden ingezet. Meten is weten. Voor veel KPI’s zijn algemene standaarden ontwikkeld (bijvoorbeeld de GRI) zodat een organisatie én niet het wiel hoeft uit te vinden én zich kan vergelijken met anderen. Daar waar algemene standaarden niet voorhanden zijn zal je die intern moeten definiëren.

Integrated Reporting is niet nieuw. Veel beursgenoteerde ondernemingen publiceren hun strategie en financiële en niet-financiële doelstellingen en resultaten al gecombineerd. Weldra zullen andere ondernemingen (willen) volgen, enerzijds omdat ze als toeleverancier gevraagd worden naar hun prestaties, anderzijds ook uit eigen overtuiging en kracht.

Wij zien dat het uitbrengen van een Integrated Report ook een intern effect heeft. Het proces rondom het Integrated Report leidt tot het meten van niet-financiële KPI’s. Het door middel van dashboards ook intern de voortgang van de KPI’s zichtbaar maken, helpt de interne betrokkenheid te vergroten.

In onze praktijk zien we dat een Integrated Report traject naast visie ook doorzettingsvermogen nodig heeft. Het vraagt om een projectmatige aanpak, waar we graag bij helpen.

Harry van Eck

“Managing change/managing projects in an agile environment”

foto blog

More and more organizations are working agile or are going to work agile. This impacts how changes and/or projects are done: the processes, tools, terminology, the roles and the governance, and last but not least: how people have to behave. Many different agile frameworks & methods can be used, but in general they share these characteristics: working in small, autonomous, cross-functional teams, short cycle time, and focusing on customer value.

Different frameworks and methods are suitable for different types of changes. Creating a user-friendly interface for a new system fits very well with an agile way of working. While a waterfall approach could fit better for building an (offshore) data warehouse. All kinds of tools (complex and simple) are available to help choose a suitable method.

RGP organized two dialogues on “Managing change/managing projects in an agile environment”. In these interactive sessions RGP’s associate consultants Diane Blake and Remco Hogenbirk, both experienced agile implementors and agile coaches, shared their knowledge and hands-on experiences. Most project managers, scrum masters and product owners have experience with at least one of the agile methods and are well equipped to mitigate risks of agile changes and/or to intervene when agile change gets stuck. Working in an agile environment requires not only a different way of working, but also a different mindset and the ability to experiment when things don’t work well.

Diane and Remco shared several dilemmas they faced when working in agile environments. For instance:

  • How to improve team results for an immature team who are not yet used to work autonomously? Remember; autonomous teams are not free from working with discipline or according to high standards.
  • How to act when parts of an organization are working agile, while other parts of the organization are not yet used to this and require non-agile deliverable such as long-term plans for cost, benefits, communication and resources?
  • If an organization uses only one change/project method, how to work within this method in case the nature of required change does not fit with this?

The agile principles can bring major benefits. Also waterfall projects can adopt some of the agile principles and elements for better results. In the dialogues, working in short cycles was most recognized as a good instrument to decrease risks in waterfall projects.

To share knowledge between colleagues, like in these dialogues, help us to recognize issues, to use agile’s strong points, avoid its pitfalls and to gain possible ways to manage these.


Oude liefde roest niet, maar schuurt wel

Oude liefde roest niet, maar schuurt wel

Risicomanagement (RM) is een oude liefde van mij. En dan bedoel ik niet het dichttimmeren van alle risico’s of het dogmatisch volgen van een periodiek RM-proces. Dan bedoel ik het vanuit de strategie bewust afwegen welke risico’s je als organisatie wel en welke je niet wilt lopen en kunt dragen.

Laatst bezocht ik een gratis concert in een open bos met een drijvend podium in een kleine vijver. De tribunes boden niet genoeg plaats, maar er was ruimte genoeg om voor en naast de tribunes in het gras te zitten. Actieve heren met de woorden “crowd controller” op hun T-shirts hielden echter, zij het met moeite, alle grassprieten keurig recht. Er mocht daar niet gezeten worden “van de brandweer”. Dus stond een deel van de toehoorders achter de tribunes, dicht op elkaar op het doorgaande pad, van de muziek te genieten.

Bij het aanschouwen van dit tafereel gingen mijn gedachtes richting risicomanagement. Welk risico wordt beperkt als er geen mensen in het gras zitten? Is dat, het veilig kunnen wegkomen bij een bosbrand, blikseminslag of bij instortende tribunes? Of verdrinking in de ondiepe vijver, of juist onwel wordende bezoekers? Is het niet-in-het-gras-zitten de beste maatregel om de kans of impact van het betreffende risico te beperken? Wat zijn de alternatieve mitigerende maatregelen voor dit risico en welke nieuwe risico’s worden gecreëerd door de mogelijk alternatieven1?

Hoe is de maatregel niet-in-het-gras-zitten tot stand gekomen? Moest het gras ongeschonden blijven voor mooie filmopnames en vonden de crowd controllers “mag niet van de brandweer” een handige middel om hun opdracht uit te voeren? Is het een standaard vergunningsvoorwaarde? Heeft de brandweer in de voorbereiding ter plekke een risico-afweging gemaakt of is een standaard protocol voor festiviteiten-met-tribune gebruikt?

Vaak worden risicos beperkt met normen, protocollen of processen voor vergelijkbare situaties. Als de feitelijke situatie (festiviteit-met-tribune in een open bos) afwijkt van de situatie waarop de norm, protocol of proces is bepaald (festiviteiten-met-tribune), of wanneer de omstandigheden ter plekke wijzigen (mensen gaan op het pad staan) kunnen bij het gebruik van dergelijke normen, protocollen of processen de risicos juist worden vergroot of kunnen nieuwe risicos ontstaan. Zonder de bij dit concert gemaakte afwegingen te kennen, lijkt de kans dat mensen gewond raken doordat bezoekers op het pad staan groter, dan wanneer dezelfde bezoekers in het gras zitten2.

Natuurlijk moeten risico-mitigerende maatregelen worden nageleefd. Daar zijn ze voor bedoeld. Maar wat als deze maatregelen in een bepaalde situatie contraproductief zijn? Wie ter plekke constateert dit én durft dan af te wijken van betreffende maatregel3? Wanneer het managen van risico’s verandert in het gedachteloos opvolgen van normen, protocollen en/of processen gaat het schuren en schiet het zijn doel voorbij.

Hoe groot is de kennis van en ervaring met het beheersen van risico’s op het uitvoerende niveau in uw organisatie?

1 Veel risico mitigerend maatregelen kosten tijd of geld, of creëren een nieuw risico. Het nieuwe risico (kans en/of impact) moet dan kleiner zijn dan het oorspronkelijke risico wat men wil afdichten. Of het nieuwe risico moet een soort/type risico wat men wel wil lopen (risk appetite) en/of kan lopen, in tegenstelling tot het oorspronkelijke risico.
2 De natuurlijke vluchtroute van veel mensen is de weg die ze gekomen zijn, ook als er andere vluchtroutes zijn.
3 Het afwijken van regels creëert vaak allerlei nieuwe risico’s.

YOU need to change!

Despite all efforts various surveys still support Kotter’s claim that around 70% of all change efforts fails. Several articles backed this up, with larger projects more likely to not completely meeting the objectives as planned.[*] Recently I was presented one of these surveys which showed that, – according to CIO’s-, “resistance by employees” was the number one reason for change efforts to fail during implementation.[†]Change blog1 - Steven
Lees verder

Artifical Intelligence and Workforce Adoption in Finance

Latest developments in the area of Robotics, Machine learning and Natural Language Processing can be considered as “narrow AI” compared to “general AI”.  General AI refers to computers/machines which are able to solve many different types of problems like humans can, for example a machine playing Go cannot play chess at all and vice versa. Narrow AI is defined as “a machine-based system designed to address a specific problem (such as playing Go or chess)” (Kiron 2017). General AI applications do currently not yet assist, or are not publicly known. It is expected that general AI will not be realized in the near future.

Lees verder

Automatisering DC in de Food Retail: Waarom interessant en wie helpt hierbij?

Kijk naar buiten door je autoraam op de snelweg en de kans is groot dat je een bouwdepot ziet voor de aanleg van een nieuw DC. Reden is dat er flink geïnvesteerd wordt in ontwikkeling van nieuwe DC’s. Vastgoedverlener Savills laat dit ook zien in een onlangs gepubliceerd rapport over investeringen in nieuwe DC’s in Nederland. 2017 laat een groei zien van 20% – 25% in vergelijking met 2016. Daarnaast is de groei in oppervlakte (m2) ook significant hoger ten opzichte van afgelopen jaren.

Lees verder