RiskIQ

“System Capability Audits” – the necessary next step in management auditing

Compliance auditing is very familiar to most of us.  Useful as far as it goes, the value of compliance auditing is limited.  In a rapidly changing world fixed rules are often out of date and compliance to rules does not mean that an organisation is performing well or that it will perform well in future.

Many of us are also familiar with performance auditing, which focuses on whether agreed outcomes are being met and if not, why not.  Performance audits require skill, experience and high situational awareness but they too have limits to their value.  Not achieving targets may be due more to external forces than to poor management and the achievement of specific targets can be at the cost of performance in other areas.  In a changing world, the ability to achieve targets set 12 months earlier is of limited value when the targets themselves should be moving.

System Capability Audits take the next step, to test the capability of whole business systems in their current and emerging context.  Although existing rules, standards and performance targets are still relevant, systems capability audits go much further by exploring how the dynamics within an organisation enable it to maximise (or otherwise) achievement of its purpose.

To do this System Capability Audits use a process of open inquiry and systemic analysis to discover what happens and why, and how those dynamics contribute to (or detract from) the possible delivery of the purpose.   This is true systems thinking work from first principles.  It can be scary and difficult and because it reveals underlying root causes (cans of worms) it can be a thankless task.

Nonetheless, System Capability Auditing is necessarily the way of the future.  In a world of uncertainty and change, it is the only effective way to validate governance systems and to predict future performance.  It is a powerful tool for those leaders willing to grasp the nettle and take the risk.