Feedback

Anne Taylor: Consulting and Auditing in a Time of Challenge and Change

Anne Taylor is the Global and U.S. Network Economy Leader for Deloitte Touche Tohmatsu, a $12 billion professional services firm employing more than 95,000 people in 140 countries. Prior to assuming this role she was a regional managing director in the firm’s Management Solutions & Services practice. After an undergraduate degree in civil engineering and graduate studies at Princeton University, Taylor joined a New Jersey-based software company where she became a principal. She joined Deloitte & Touche in 1987, when they acquired her company, and was made a principal in 1990. She is a member of the firm’s U.S. board of directors and of the U.S. Management Committee.

Taylor has over 20 years of experience and management responsibility in all aspects of information systems project life cycle and business process redesign. For the past 18 months, her primary focus has been on the development of Deloitte & Touche’s distinctive viewpoint on, and response to, the “Network Economy” and its impact on clients.

◊ ◊ ◊ ◊ ◊

The Impact of 9/11

Ethix: As someone who works in the heart of Manhattan, how did 9/11 affect your business?

Anne Taylor: You can witness part of that firsthand as you see us crowded into this workspace. I wasn’t really sure if all four of us would fit in this little office for the interview. Until 9/11 we had about 3000 people at the World Financial Center. Our immediate reaction was really just one of seeking safety, many people running for their lives. And directly thereafter, we launched a massive effort to ascertain the whereabouts and well-being of our people.

We have also been very concerned for the safety of our business. How do we protect the clients who rely on us? Even our best contingency plans had not foreseen all the issues. Of course we had some thoughts about it because we were actually located in the World Trade Center on floors 94 and upward when it was bombed in 1993. When that happened we had to deal with being out of office space for a period of time. But our business was smaller then and we weren’t relying as heavily on technology.

Today everyone has a personal computer, most of which are laptops that could be grabbed and carried out of the building. Of course, on September 11 that was not the first thing everybody thought about so not even all laptops were carried out. Our department was able to get right back to work in some fashion although we couldn’t use the facilities for months. We couldn’t even have someone go into the facility to retrieve data, backups, and desktop computers for quite some time.

The good news is that our world is so distributed that we can take our computers and work almost anywhere. The bad news is we don’t have centralized data backup like we used to. Each of us is responsible for the backup of our own computer. I think employees and businesses have to think differently now. How do we store and protect client records? Do we protect as individuals or do we protect at the level of the organization? We ought to be doing both but it’s harder to ensure that when in today’s distributed environment.

When you are through with this crowded, temporary, “camping” experience and move back into your office space what lessons will you take with you?

Even a terrible experience like the 9/11 disaster provides some lessons. The first thing we learned is that we don’t really need as much personal office space as we think we do. We can get by on a corner of a desk much better than we think. No one wants to remain in this situation of sharing all our space but we’ve learned that we are a mobile workforce. There is an acceptance of a flexible work environment that we never had before. I think we have also learned a lot about technology safety and protection. The obvious lesson is that we must not centralize everything in a single building, no matter where that building is. Some records, files, computing capability and other essential infrastructure should be taken off site. And we must have redundancy.

Have you created specific new policies?

We are doing so now. One of the first things we realized was that the lessons from New York City should be applied in Detroit, San Francisco, Miami, and every other office. Part of this process is just better implementation of things we already knew. We are also looking at options with our clients. There are trade-offs between what’s affordable and what’s necessary. And with every option, there is risk.

We can never go all the way to total security. If we built a moat around ourselves, we couldn’t do business. We want to be open enough and trusting enough. But it is a tough line.

If you are one of my partners or other colleagues, I can’t require that you name all client files that you store on your computer so that I can retrieve them easily. I can suggest it in a policy and, if I monitor it, I can probably even get reasonable compliance over time. But how expensive is that? Is it something we really need to do? We have to be specific about what is personal information, what is company information, and what is client information. Where does personal responsibility for information begin and end? This isn’t just the usual privacy and confidentiality issues; it’s about appropriate responsibility.

De-Centralization Trade-offs

With the cost of real estate so very high in Manhattan, and in this era of extended enterprise and broad, reliable connectivity, why stay in Manhattan and centralize your operations here?

Our return marks an important milestone for the firm, our clients, and our people. We are looking forward to being part of the revitalization of the downtown area.

We have had quite a bit of discussion about whether any business should ever have a single heavily concentrated site. Should we ever have 2500 people in one place rather than 500 in five places? Actually, it’s the same debate we have had for years around centralization and decentralization. The pendulum swings back and forth on this. The good news is that with technology and distributed connectivity, we can really be very decentralized without suffering some of the real drawbacks that used to go with it. We used to need to be physically in the same place to manage people effectively and share information. No more, but some of the cultural issues keep coming up though. With our people now scattered about we’ve learned that people want to connect with other people We are in a collaborative business and our people are more effective if they can collaborate. Collaborating over the telephone is not the same as seeing each other face-to-face. We tried for months to deal with no traveling. We got heavily into web meetings and many people think that that changed our life forever and we’ll never go back. But we have evaluated which kinds of meetings are effective in person and which are not. We have learned as much about those we have to do in person as we have about the ones we don’t have to do in person.

There is a certain trust element that happens face-to-face. Unless you actually have some physical face-to-face meetings, these other things start deteriorating in terms of quality. A lot of things that happen at a meeting occur in the hall after the formal meeting and you won’t get that electronically. Some of the serendipity is missing.

A different kind of link exists once people have seen each other. Video conferencing offers a slight visual connection but until the technology becomes essentially seamless, it’s not going to be as effective as face-to-face contact.

Frankly, though, I think a bigger challenge than trust may be focus. One advantage of web conferences is that you can e-mail a document to everyone for advance review. But with that advance copy in front of them, participants often skip to the last page, read your conclusion before you get there, and then do something else while you’re actually talking! So we became really clever and controlled which page was on the screen. The best time to use this technology is when you want to control the flow and keep people focused point by point. Otherwise people will minimize the screen and work on their e-mail or other tasks.

So you save on travel but people end up doing other things during the meeting.

Some people actually plan to complete other work during non-video electronic meetings. It is an opportunity to multi-task. If I have multiple internal tasks that can be accomplished simultaneously, it is hard to resist. From my perspective, though, it is not ethical to bill a client for a meeting while simultaneously giving half your attention to another document you are reviewing. This may have been a problem ever since the telephone came along but it is even more tempting now. When too much multitasking occurs, however, a meeting can deteriorate pretty quickly. You don’t get good, focused participation or real, effective collaboration.

Andersen & Ethical Accounting

Over the years, the accounting profession has been widely viewed as an ethically exemplary business specialty. How has the Arthur Andersen side of the Enron debacle challenged Deloitte’s operation?

Something this radical has to cause some serious evaluation. Could anyone have imagined a year ago that Andersen, a firm of 85,000 people with a very high reputation, could be close to gone in less than one year? This has taken a terrible toll on all the people of Andersen, even though, at worst, let’s say, maybe only a hundred or so of their people engaged in questionable or wrongful activity. And because of this thousands of Andersen people with high integrity, who have been serving their clients every day in outstanding fashion, will now be out of work.

Our quality record is extraordinarily high. We have always carefully evaluated which clients we will serve. We also take great care in evaluating the people who come into our firm. And in our model, the people who engage in direct sales to the client are different from those who deliver the technical review.

The Enron /Andersen Impact

Which would you say had a bigger impact on you, 9/11 or Enron/Andersen? This one-two punch came pretty close together.

Nothing could compare to 9/11 in terms of the personal impact on those who live and work in New York. But our people got back to work amazingly quickly. So, from a business point of view, I think we’ll see a much greater effect from the Enron collapse. No one foresaw that one of our primary competitors, one out of only five major firms, would suddenly vanish.

How are you dealing with this fallout, for example, the split-up between consulting and auditing?

It is a shame that people are focusing the ethical critique on pretty reasonable business practices when it is a matter of individuals who may have acted unethically. It seems a little narrow and simplistic to jump to the conclusion that what caused the collapse of Enron was Andersen alone or that everything went wrong because they happen to have consulting projects with the company. In our case, Deloitte Consulting’s separation from Deloitte & Touche does deal with perception issues that our clients are facing. Regardless of the quality of our work or our commitment to maintaining professional independence, we realized that some clients might not be comfortable having their auditor implement a large-scale information system.

Has there ever been much actual overlap between the two sides?

Even when Deloitte Consulting and Deloitte & Touche serve the same client, both specific tasks and entire projects are performed under a high standard of independence.

Nevertheless it is not hard to imagine that a company with a cozy, lucrative consulting relationship might be less inclined to risk alienating that client with a severely critical audit of their financial systems and practices. It is a classic potential conflict of interest.

But no firm would risk its hard-earned reputation for the sake of revenues from consulting projects. In 1933, Congress decided to have public companies’ auditors in the private sector and allow them to charge for their audit work. Once you have done that, anyone who wants to be cynical could say that, with or without consulting fees, firms dependent on audit fees might not perform as professionally as might be required. But we know that is not the case. The only solution here would be to have the government audit public companies, and no one would suggest that as an ideal solution.

An intermediate possibility might be the professional model of an association of practitioners in the same field which holds its members accountable. But, as a company, how do you run herd on these things? You say you are very careful about the people that you hire. How does one screen for ethics? After the hire, do you do ethics training?

Unethical people can do unethical things. Absolutely. But that doesn’t mean all people of the same profession are unethical. There’s no real advantage, at least in our firm, for someone to provide bad advice to a client. That doesn’t worry me. Screening for ethics is difficult. We do background checks and those kinds of things but you can’t know about someone’s heart and intent. I think what you look at is rigorous training. Training can minimize preventable errors.

Deloitte CEO Jim Copeland recently warned that turning the accounting side into an audit-only shop could be damaging to the firm and its clients because you would have a less capable team doing the auditing.

I’m not an auditor so I can’t speak to our auditing quality standards. But I can offer a consultant’s perspective. The reason that consultants consult is to work on challenging projects and keep their skills current. Auditors can be similarly motivated but the core competency in auditing is standardization and repetition. You need good people to do that but, in order to keep good people, we need to offer them opportunities to sharpen their skills. I don’t think the best and the brightest will stay to do only routine audit support projects, no matter how well they are paid.

Can’t you hire them back on a project-by-project basis?

Yes, but if you hire them back, they will return as subcontractors who no longer have to abide by the firm’s training or independence rules. Will that make your audit more independent? The firm couldn’t control the risk for you because it wouldn’t own these people. Of course, you can keep replacing people and try to get the next bright university graduate. But how do you keep a workable succession model with effective, well-trained and managed people in place? You might be able to get really great junior people. But how do you keep the senior people you need to manage them? How do you develop their skills?

This shake-out isn’t yet complete. When will the new regulations be out?

I’m not sure whether we’ll end up with regulation or legislation or marketplace constraints. In any case there will be unintended, unanticipated consequences. I’m sure that any regulatory legislation, when presented to a commission, will appear to create a better, more independent situation. But we need to be careful of unintended consequences of hastily produced legislation.

We’re not very good at anticipating such consequences. And they are very real in all technology projects.

I agree. So the impact of Enron and Andersen isn’t just the loss of a competitor. It is a redefinition of our business model. To some, the audit may start to seem like more of a commodity. We have to get our value proposition across to clients. Clients are going to be a lot more interested in value and quality and how we differentiate ourselves. I think clients are going to need to pay for that kind of quality and for the risk involved. That’s going to change the business dynamic as well.

24/7 Connectivity

How has information technology changed Deloitte & Touche in recent years?

My position as Deloitte’s global Network Economy leader is founded in the fact that the Internet has created pervasive connectivity which is changing our lives forever. The changes are not always pleasant or easy, of course. Just as you finish your pile of e-mail, more comes in … the next one, the next one. I remember when I cleaned my desk at the end of the day and that meant I was done. There’s no such concept as having a clean desk when you go home because the desk isn’t physical.

And there’s no such concept as being done.

It’s never done. So this has changed us personally. It has helped me to balance my life because I can work anytime, anywhere. At the same time, it is terrible because I feel like I must work anytime, anywhere. You’re scrolling and you’re driving and you’re scrolling. How do you ever give someone your full attention when you’ve got your blackberry beeping? I take mine to the Little League games so that between innings I can clear a few more e-mails. Is that good? Does anyone ever get our full attention any more? How has this changed the quality of our work or the quality of our relationships? Many of us can’t disengage.

It’s been fabulous for business. Opportunities increase with a dynamic workforce. With people in different time zones, a project can continue around the clock. We can use different labor markets. Connectivity eliminates barriers of time, space, time zones, geography, and national boundaries. Every company is instantly global. But if you can be open 24/7 it also increases the expectations and demands on you. Have you gone to a web site at 11 o’clock at night and found it down for maintenance or unavailable? I don’t return. The expectations now are that you will be available 24/7.

These things are great for business but do you ever worry about whether this connectivity is great for human beings? For people who need encouragement to set some boundaries?

Yes, I do think about it. We haven’t figured out yet how to manage in a 24/7 environment. It just got thrust upon us. What is appropriate to send by e-mail? When? Who should be copied? How do I tell people not to copy me? Should we have times that are completely “off-line”? It should be bad form to e-mail someone who is on vacation if it is not really urgent. People will say “well I just want to get it out of my box.” But if you’re on the receiving end, you want to get to the urgent without being buried by the not so urgent. How do we target our information distribution? We’re trying to get more targeted but we still haven’t figured out the protocol.

Connectivity is forcing us to refine our definition of proper behavior and good management. We never thought about electronic clutter before. We love to communicate in our environment but now we sometimes over-communicate. There are people in our environment who spend multiple hours a day just reacting to communication. When we get so much push communication, there’s no time for the pull. If we could spend that time serving clients, think how our productivity profile would change.

Connectivity gives us flexibility and flexibility is always good for business. Change is good for business. Now, we just need to sort it out and learn to use it effectively. What does connectivity do to the corporate environment as companies work with other companies in an extended, integrated fashion? Every enterprise has been extended, so there are shake-ups in our business models — from the competitor model to the partner model. More out-sourcing of parts of a business is possible because turn-around can be faster.

What is the future of e-business? Some people have said that the dot.com meltdown means that it’s not that good. Others say that it just wasn’t applied very well. What do you say?

I say it’s way too soon to tell. While some businesses failed, the technology usually didn’t. The Internet didn’t die. We haven’t yet figured out which business propositions are long-lived. We haven’t figured out how to change the behavior of buyers, consumers, and partners. The issue has more to do with behavioral and business change than with the technology itself.

Someone gave me a chart that shows how long it took from the invention of a technology to when it became pervasive in the marketplace. The VCR was invented in ’52 and became prominent in ’82. The zipper took thirty-two years! No wonder that a lot of today’s technology requires careful sorting out.

I hate to be the eternal optimist, but the dot.com bubble wasn’t all bad. The way the market was affected when the bubble burst is viewed negatively, of course. But it also created an intense interest in an amazing set of technologies. Now we just have to figure out how to use them. We’ll never adapt to some. Others will morph into new and different creations and we’ll wonder how we lived without them.

Does it have to take us thirty years? Could a company be very creative, find a business opportunity, and shorten that cycle?

Part of the reason for the thirty year lag between invention and pervasive adoption is infrastructure weaknesses or omissions — the Internet needed to wait for the browser and a few other things. Second, the technology takes a while to be perfected or to become sufficiently reliable. Third, human behavior and culture are always issues; it is not just about the technology itself. Culture changes might be hard to speed up. What business could perhaps speed up is infrastructure development. But even if you could speed up the infrastructure you still have to develop the right business models and wait for society to catch up.

Is e-business such a fact of life today that we should drop the term? Is all business e-business?

I suspect that the “e” prefix will gradually fade in the coming years. In our firm we have adopted the concept of living in the “Network Economy.”

Has all this change led to any new policies for you? The computer used to be for company use only. But when the company invades your personal time, can personal time invade the company time? How do you think about these boundaries?

In a professional services environment, the boundaries have always extended beyond the fixed work-day concept because we must respond when our clients need us. So I never really thought about a defined workday. But certainly it had more definition than it does today. The equipment at work belonged to the company, to be used only for the company. I remember when we tried to prohibit people from making personal phone calls on “company time.” We stopped doing it because the cost to monitor was inhibiting and there was no return on it. The telephone has become so pervasive in our business life that it is not worth monitoring the purpose of each call. It would actually make us less efficient to try to track this. I think the PC is now an equally-pervasive tool. It would be counterproductive for us to now say you can’t send any personal e-mail during business hours (whatever those are).

One company I talked to actually encourages employees to use their PCs for personal matters because, for example, keeping the scores for their bowling team on a spreadsheet may help them learn a skill they can apply at work! They see it as good business.

It also has to do with sheer convenience. An e-mail coming to me at work about a change in my child’s soccer schedule may save me the time and disruption of a phone call. If I only receive personal messages at home I’ll probably do less work on my business computer. Of course, we have policies about inappropriate content — pornography, harassment, tasteless jokes. We expect people to follow protocol and behave themselves. Just as we had to learn telephone etiquette, so with the computer. Over time we will settle on what makes business sense.

So we’re not there quite yet?

Particularly in the last year, there have been higher items in our agenda than creating such policies. Initially, when personal computers became widespread, businesses created all kinds of policies about how you can and can’t use them but it didn’t take long to realize that this was counterproductive. We worried about people playing Solitaire on their office computer — but if we managed more effectively against goals and expected results, we wouldn’t be worried about whether they were playing cards.

The employees might play cards less if they were challenged and inspired by more interesting work projects. This is like the contrast between “damage control” ethics which tries to wall off problems as they come up and “mission control” ethics which tries to engage people in an inspiring core mission and values set.

We should worry less about the policy and more about good human behavior management.

Share Your Thoughts