The Audit & Advisory Services Newsletter Volume 25 - Navigating Through Change provided the first five Q&A insights from Chris Carroll (Executive Director for Project One) and Paul Raknes (Change Lead, Enterprise Program Management Office) on navigating change, but they have more wisdom to share! Below are three additional Q&A topics on change risks and balancing change.
Q: Can you share examples where the implemented change led to unforeseen risks/problems?
A: In a prior project, senior leaders wanted more view into, and approval of, high dollar purchases so we created approval paths that aligned with existing policy, external regulatory requirements and leadership direction. We did not imagine that in setting our workflows, it would also mean that the same approval path would be involved in any change order against the originally approved PO. Imagine building a multi-billion dollar hospital and every change order would have to go through the approval chain and up to the Chancellor. This would result in senior leaders being overloaded in approvals. We had to look at system capabilities, policies, and leadership directions to see what could be changed to reduce the approval drag. This shows how a well-intended system configuration decision could have the unintended consequence of slowing operations.
Q: Have you seen instances where system changes or personnel reorganizations were exploited?
A: One of the benefits of a modern ERP is that they are designed to help support against fraud and bad actors. For example, Oracle will not allow someone to approve their own transaction. In fact, if you are the only approver in a department for purchases, it will block you from submitting a purchase request against that department. It is not to say that an Approver can go to sleep on it and let the system handle all defenses/controls. In my experience, the bigger challenge is cultural. Approvers have to meaningfully approve – look at, question, and evaluate – rather than just click “approve” without thought. That, paired with system capabilities, will provide the most robust institutional defense against fraud and abuse.
Q: How do we balance change with the need to maintain stability and continuity in operations?
A: With a go-live like Project One, the changes basically happen overnight. You must make sure there is a very high confidence level of things working – can you pay vendors? Can you bill funding agencies for sponsored awards? These are key business processes that have to work when you go live. The cutover checklist and testing should support high confidence in all of the areas viewed as critical to go-live success. Similarly, you need to understand what can be deferred. Evaluating what is truly critical vs. what can wait is incredibly difficult but absolutely necessary. Especially, in a Cloud ERP where the project never really ends, there will always be ongoing enhancements.
For more information on how work will change at UCSF and guiding principles for Project One, check out the following links: https://one.ucsf.edu/ and https://one.ucsf.edu/guiding-principles