The CFO leaned back in his chair, rubbing his temples. "We just failed our SOX audit," he said quietly. "Not because of our systems. Not because of our processes. Because Sarah—our senior accountant who's been here for twelve years—didn't understand the new revenue recognition standards."
It was 2019, and I was sitting in a conference room with the leadership team of a $400 million manufacturing company. They'd invested heavily in technology, upgraded their ERP system, and documented every control imaginable. But they'd forgotten the most critical component of the COSO Internal Control Framework: Commitment to Competence.
That oversight cost them $1.2 million in remediation costs, delayed their financial reporting by six weeks, and triggered a stock price drop of 8%. All because they assumed competence rather than ensuring it.
What COSO Really Means by "Commitment to Competence"
After fifteen years implementing COSO frameworks across organizations of every size, I've learned that most people fundamentally misunderstand what "competence" means in the COSO context.
It's not about hiring smart people. It's not about having impressive credentials on the wall. It's not even about years of experience.
Competence, in COSO's framework, is the knowledge and skills necessary to accomplish tasks that define an individual's job.
Let me break that down with a story that changed how I think about this principle.
The $3 Million Misunderstanding
In 2020, I consulted with a financial services firm that had hired a brilliant IT security manager. Harvard degree, CISSP certified, ten years of experience at major banks. On paper, he was perfect.
Three months in, I noticed something alarming during my control testing. Their access review process—a critical SOX control—was broken. Users had access they shouldn't. Former employees were still in systems. Segregation of duties violations were everywhere.
I sat down with the security manager. "Walk me through how you perform access reviews," I said.
He looked confused. "What do you mean? I check that people can log in."
That's when it hit me. He was technically competent in cybersecurity. He understood firewalls, encryption, and threat detection. But he had no idea what SOX required. Nobody had defined what "competent" meant for his role in their control environment.
We spent the next two weeks defining:
What controls he was responsible for
What regulations applied to those controls
What "effective" looked like for each control
How to document his testing
When to escalate issues
Six months later, they passed their audit with zero findings in his area. Same person. Same skills. Different understanding of what competence required.
"Competence isn't about what you know in general. It's about whether you know what you need to know for the specific job you're doing, in the specific environment you're in."
The COSO Competence Framework: Breaking It Down
COSO's Internal Control Framework identifies Commitment to Competence as a key principle within the Control Environment component. But here's what most audit guides won't tell you: it's actually composed of four distinct elements that all have to work together.
The Four Pillars of Workforce Competence
Pillar | What It Means | Why It Matters | Common Failure Point |
|---|---|---|---|
Define Required Competence | Identifying the specific knowledge and skills needed for each position | You can't build competence if you don't know what "competent" looks like | Vague job descriptions that say "experience required" without defining what experience |
Attract and Retain Competent Individuals | Recruiting, hiring, and keeping people with the right capabilities | Even the best training program can't fix hiring the wrong people | Hiring for credentials instead of actual capability to do the job |
Train and Mentor | Developing workforce capabilities through structured programs | People don't stay competent automatically—skills decay and requirements change | One-time onboarding training with no ongoing development |
Evaluate and Address Gaps | Regular assessment of whether competence levels remain adequate | What was competent last year might not be competent today | Annual reviews that focus on personality instead of capability |
Let me share how I've seen each of these play out in real organizations.
Pillar 1: Defining Required Competence (The Part Everyone Gets Wrong)
Most job descriptions I see look like this:
"Seeking experienced accountant with bachelor's degree and 5+ years experience. Strong communication skills. Detail-oriented. Team player."
That's not a competence definition. That's a wish list.
Here's what happened when I worked with a healthcare company to actually define competence for their billing department:
Before: Generic Description
Bachelor's degree in accounting
3+ years healthcare billing experience
Knowledge of Medicare/Medicaid
Proficient in Excel
After: Competence-Based Definition
Revenue Recognition Controls:
Ability to identify and apply correct revenue recognition timing per ASC 606
Understanding of healthcare-specific revenue recognition complexities (denied claims, adjustments, appeals)
Capability to document revenue transactions with supporting evidence per SOX requirements
Regulatory Compliance:
Working knowledge of Medicare Part A and Part B billing requirements
Understanding of HIPAA privacy rules as they apply to billing documentation
Ability to identify and report potential compliance issues to management
System Competencies:
Proficiency in [Specific ERP System] revenue module, including month-end close procedures
Ability to reconcile sub-ledger to general ledger and investigate variances >$5,000
Understanding of system access controls and segregation of duties requirements
Documentation and Communication:
Ability to create clear, concise documentation that supports control effectiveness
Capability to explain complex billing issues to non-finance stakeholders
Understanding of when to escalate issues and to whom
See the difference? The second version tells you exactly what competence looks like. More importantly, it tells the employee what they need to be good at.
When we implemented this at the healthcare company, something remarkable happened. Within three months:
Training programs became focused and effective (we knew exactly what to teach)
Performance reviews became objective (we measured actual capabilities)
Hiring became easier (candidates could self-select based on real requirements)
Audit findings dropped by 67% (people knew what they were supposed to be competent at)
"If you can't define what competence looks like, you can't hire for it, train for it, or measure it. You're just hoping people figure it out."
Pillar 2: Attracting and Retaining Competent People (Beyond the Resume)
I'll never forget the controller who told me: "We keep hiring people with great resumes, and they keep failing at the job. What are we doing wrong?"
The answer was simple: they were hiring credentials, not competence.
The Resume Trap
Here's a real example from 2021. A company needed someone to manage their SOX program. They received two candidates:
Candidate A:
Big Four accounting firm experience
CPA certified
MBA from top-tier school
Ten years experience
Candidate B:
Regional accounting firm background
CPA certified
State university degree
Seven years experience, including two years as SOX coordinator at similar-sized company
They hired Candidate A. Six months later, the SOX program was in shambles. Candidate A had never actually managed a SOX program—they'd been part of audit teams testing other companies' controls. They had the credentials but not the competence.
Candidate B, meanwhile, took a job at their competitor and built an exemplary SOX program.
What Actually Predicts Success
After helping dozens of organizations improve their hiring for control-critical roles, I've identified what actually matters:
Traditional Screening | Competence-Based Screening |
|---|---|
Years of experience | Specific achievements in similar control environments |
Educational credentials | Demonstrated ability to apply knowledge to real situations |
Technical certifications | Understanding of the regulatory and control context |
Generic "problem-solving skills" | Actual examples of identifying and resolving control deficiencies |
Culture fit | Alignment with control-conscious culture and risk awareness |
Here's my screening framework that's worked across multiple implementations:
Phase 1: Technical Screening
Present real control scenarios from your environment
Ask candidates to identify risks, propose controls, and explain their testing approach
Evaluate their understanding of the "why" behind controls, not just the "what"
Phase 2: Practical Assessment
Give them a sample of your documentation
Ask them to identify gaps or improvements
See if they think in terms of control effectiveness or just compliance
Phase 3: Cultural Assessment
Discuss situations where controls and business efficiency conflicted
Evaluate their judgment in balancing risk and operations
Assess their comfort with speaking up about control deficiencies
The Retention Reality
Here's something nobody wants to admit: your best controls people will get poached.
I worked with a company that invested heavily in developing their SOX team. Within two years, they'd lost 40% of their trained staff to competitors offering 20-30% salary increases.
Their initial reaction: "Why should we invest in training if people just leave?"
My response changed their thinking: "What if they stay and aren't competent?"
We implemented a competence-focused retention strategy:
Retention Element | Implementation | Result |
|---|---|---|
Market Compensation | Annual benchmarking against 75th percentile for control roles | Voluntary turnover dropped from 40% to 12% |
Career Pathing | Clear progression: Staff → Senior → Manager → Director with competency requirements at each level | 85% of promotions came from within |
Continuous Learning | $5,000 annual training budget per person + time to pursue certifications | Team obtained 14 new certifications in 18 months |
Recognition Program | Quarterly awards for control improvements and issue identification | Control self-reporting increased 340% |
Challenging Work | Rotation through different control areas and special projects | Employee engagement scores increased from 6.2 to 8.7 (out of 10) |
The investment in retention paid off dramatically. Their three-year total cost of maintaining competence (including salaries, training, and retention programs) was $2.4 million. The estimated cost of turnover and hiring (recruiting fees, training time, productivity loss, audit findings during transition) would have been $4.8 million.
Pillar 3: Training and Mentoring (The Never-Ending Journey)
In 2018, I audited a company that had immaculate training records. Every employee had completed onboarding. Annual compliance training was at 100%. They had certificates and sign-off sheets for everything.
They also had 23 significant control deficiencies.
The problem? Their training was generic, boring, and completely disconnected from what people actually did.
What Makes Training Effective
I've evaluated hundreds of training programs. Here's what separates effective programs from compliance theater:
Ineffective Training Characteristics:
Generic e-learning modules purchased from vendors
Annual "death by PowerPoint" compliance sessions
Training that explains what controls are, not why they matter
No connection between training and actual job responsibilities
No testing of whether learning actually occurred
Effective Training Characteristics:
Role-specific scenarios based on actual control activities
Regular, bite-sized sessions instead of annual marathons
Clear connection between controls and business outcomes
Hands-on practice with immediate feedback
Assessment of actual capability improvement
The Training Framework That Actually Works
Here's the structured approach I've implemented successfully across multiple organizations:
Training Level | Frequency | Content Focus | Delivery Method | Success Metric |
|---|---|---|---|---|
Initial Onboarding | Upon hire | Organization's control environment, specific role responsibilities, regulatory context | 2-week structured program with shadowing | Can independently perform 80% of control activities within 30 days |
Ongoing Role Training | Quarterly | Updates to controls, new regulations, lessons learned from issues | 90-minute workshops with case studies | Can identify changes relevant to their controls |
Deep Dive Sessions | Semi-annual | Complex scenarios, emerging risks, cross-functional impacts | Half-day sessions with peer discussion | Can explain control implications of business changes |
Leadership Training | Annual | Risk oversight, tone at the top, control culture | Executive sessions with board involvement | Can articulate control philosophy and expectations |
Incident-Based Training | As needed | Specific issues, root causes, preventive measures | Post-incident reviews with affected teams | Recurrence rate of similar issues decreases |
Real Example: Transforming Training at a Tech Company
A software company I worked with had SOX training that was essentially: "Here are the controls you need to do. Please do them."
We rebuilt their program from the ground up:
Month 1-2: Assessment
Surveyed employees about what they didn't understand
Analyzed where control failures actually occurred
Identified competency gaps in specific areas
Month 3-4: Development
Created role-specific training modules
Developed real scenarios from their environment
Built assessment tools that tested actual capability
Month 5-6: Rollout
Launched pilot with 20% of staff
Gathered feedback and refined
Created train-the-trainer program for managers
Results After One Year:
Metric | Before | After | Improvement |
|---|---|---|---|
Control deficiencies identified in testing | 47 | 12 | 74% reduction |
Employee confidence in performing controls | 5.2/10 | 8.9/10 | 71% increase |
Time to onboard new control owners | 6 weeks | 2 weeks | 67% reduction |
Questions to control team about procedures | 340/month | 85/month | 75% reduction |
Training satisfaction scores | 4.1/10 | 9.2/10 | 124% increase |
The kicker? The new training program actually took less total time (16 hours/year vs. 24 hours/year) but was far more effective because it was relevant and practical.
"Training doesn't create competence when it's divorced from reality. People need to see themselves in the scenarios, understand the consequences of failure, and practice in safe environments before they're tested in real ones."
Pillar 4: Evaluating and Addressing Gaps (The Continuous Cycle)
Here's an uncomfortable truth: people forget, regulations change, and competence degrades over time.
I learned this lesson the hard way in 2017 working with a manufacturing company. They had a brilliant accounts payable manager who'd been with the company for fifteen years. She knew every process, every control, every exception.
Then new lease accounting standards (ASC 842) took effect. Suddenly, her fifteen years of experience were partially obsolete. She needed new competencies, but nobody identified the gap until we found significant lease accounting errors during internal audit.
The Competence Assessment Framework
Here's how I help organizations systematically evaluate competence:
Quarterly: Manager-Led Assessments
Assessment Area | Evaluation Method | Red Flags |
|---|---|---|
Control Execution | Review of control evidence for completeness and quality | Missing documentation, late completion, inconsistent application |
Issue Identification | Tracking of self-reported issues and concerns | Employee isn't identifying obvious problems others catch |
Judgment Decisions | Review of escalations and decision-making | Unnecessary escalations (lack of confidence) or missed escalations (lack of awareness) |
Adaptability | Response to process or requirement changes | Resistance to change, inability to apply existing knowledge to new situations |
Semi-Annual: Formal Competency Reviews
These aren't performance reviews—they're capability assessments:
Self-Assessment: Employee evaluates their own competence against defined requirements
Manager Assessment: Manager evaluates same areas independently
Gap Analysis: Identify differences and discuss objectively
Development Plan: Create specific actions to address gaps
Follow-Up: Track progress on development activities
Annual: Role Competency Validation
Once a year, I recommend organizations ask:
Do the competency definitions still match current requirements?
Have regulations or business processes changed?
Are there new risks requiring new capabilities?
Do competency levels still align with organizational needs?
A Real Gap Analysis That Saved Millions
In 2020, I conducted a competency assessment for a financial services company's compliance team. We discovered something alarming: 40% of their team didn't understand how to apply the new CECL (Current Expected Credit Loss) standard to their loan portfolio controls.
This wasn't their fault—the standard was new and complex. But it represented a massive competency gap that could have led to material misstatements.
We developed an emergency competency building program:
Week 1-2: Assessment
Tested current understanding across the team
Identified specific knowledge gaps
Categorized employees by competency level
Week 3-4: Targeted Training
Group 1 (Strong foundation): Advanced scenarios and edge cases
Group 2 (Basic understanding): Core concepts with practical application
Group 3 (Limited knowledge): Fundamentals with heavy mentoring
Week 5-8: Application with Oversight
Assigned real work with senior review
Created peer learning groups
Developed job aids and quick reference guides
Week 9-12: Validation and Refinement
Tested competency improvement
Refined training based on ongoing questions
Certified employees as competent in CECL controls
The result? When their external auditors tested the CECL controls six months later, they found zero deficiencies. The auditors specifically noted the "exceptional competence of the control owners" in their management letter.
The CFO told me later: "That competency program saved us from what could have been a material weakness. The cost of the program was $180,000. The cost of a material weakness—in audit fees, stock impact, and regulatory attention—would have been millions."
The Hidden Costs of Incompetence
Let me share some real numbers from organizations I've worked with:
Case Study 1: The Undertrained Accounts Payable Team
Situation: $200M manufacturing company with high turnover in AP department. Minimal training program. "Learning by doing" culture.
Consequences Over 18 Months:
14 duplicate payments totaling $340,000 (12 eventually recovered)
8 payments to fraudulent vendors: $89,000 (3 recovered)
Failed segregation of duties allowing employee fraud: $156,000 (partially recovered)
23 SOX control deficiencies requiring remediation
400+ hours of management time investigating and fixing issues
External audit fees increased $75,000 due to extended testing
Total Cost: Approximately $750,000
Cost of Proper Training Program: $120,000/year
They decided to save $120,000 and it cost them $750,000.
Case Study 2: The Technically Brilliant But Control-Ignorant IT Team
Situation: Technology company with expert developers who didn't understand change management controls.
Consequences Over 12 Months:
6 production releases without proper approval: SOX deficiency
3 emergency changes that broke segregation of duties: Significant deficiency
Financial system downtime during month-end close: 14 hours
Data corruption requiring restoration from backup: 8 hours
Delayed financial reporting by 5 days
Stock price drop of 3% due to late filing
Total Impact: Estimated $4.2M (mostly stock market value loss)
Cost of Proper IT Control Training: $40,000/year
Case Study 3: The Competent-Yesterday Problem
Situation: Retail company with experienced finance team. New revenue recognition standard (ASC 606) implemented. No systematic competency assessment for the new standard.
Consequences:
Material misstatement of revenue: $8.7M overstatement
Financial statement restatement required
Audit fees increased $240,000
Class action lawsuit filed (eventually settled for $3.2M)
CFO and controller both left the company
Stock price dropped 12%
Total Cost: Over $15M when all factors considered
Cost of Proper Competency Assessment and Training: $200,000
The pattern is clear: the cost of incompetence is always higher than the cost of ensuring competence.
Building a Culture of Competence: Beyond Policies
Here's what I've learned after fifteen years: you can have perfect policies about competence and still fail if you don't build the right culture.
What a Competence Culture Looks Like
Ineffective Culture | Competence-Focused Culture |
|---|---|
"Fake it till you make it" is acceptable | Admitting knowledge gaps is encouraged and respected |
Asking questions is seen as weakness | Questions are viewed as signs of engagement and thoroughness |
Training is a checkbox exercise | Learning is continuous and valued |
Mistakes are hidden or blamed | Mistakes are analyzed for learning opportunities |
Tenure equals competence | Competence is demonstrated and validated regularly |
Managers assume their teams know what to do | Managers actively verify understanding and capability |
Creating the Culture: The Leadership Commitment
In 2019, I worked with a CEO who fundamentally transformed his organization's approach to competence. Here's what he did:
1. Made Competence Personal
At every all-hands meeting, he shared a story about something he'd recently learned or a mistake he'd made because of a knowledge gap. This signaled from the top that continuous learning was expected, not optional.
2. Resourced Training Properly
When the CFO said "We can't afford training right now," he responded: "We can't afford NOT to train. Show me what you need, and I'll find the money." Training budget increased from 0.5% to 2.5% of payroll.
3. Measured What Mattered
He added competency metrics to executive dashboards:
Percentage of employees current on role-specific training
Number of competency gaps identified and closed
Time to competency for new hires
Control deficiency rates by team
4. Rewarded the Right Behaviors
He created "Competence Champion" awards recognizing employees who:
Identified their own knowledge gaps and sought training
Helped others develop capabilities
Raised concerns about potential competency issues
Contributed to training programs
The results were dramatic:
Metric | Year 1 | Year 3 | Change |
|---|---|---|---|
Internal control deficiencies | 89 | 23 | 74% reduction |
Time to productivity for new hires | 16 weeks | 6 weeks | 63% improvement |
Employee engagement (control roles) | 6.1/10 | 8.9/10 | 46% improvement |
Voluntary turnover (control roles) | 28% | 11% | 61% reduction |
External audit findings | 12 | 2 | 83% reduction |
"Culture eats competency frameworks for breakfast. You can have the best policies in the world, but if your culture doesn't value and support continuous learning, competence will always be an uphill battle."
Practical Implementation: Your 90-Day Competence Plan
Based on my experience implementing this across dozens of organizations, here's a realistic roadmap:
Days 1-30: Assessment and Foundation
Week 1: Leadership Alignment
Present COSO competence requirements to leadership
Gain commitment for investment in competence programs
Establish competence as a strategic priority
Week 2-3: Current State Assessment
Review existing job descriptions and competency definitions
Analyze recent control deficiencies for competency-related root causes
Survey managers and employees about competency gaps
Document current training and development programs
Week 4: Gap Analysis
Compare current state to COSO requirements
Identify high-priority competency gaps
Estimate investment needed for remediation
Create business case for competency program
Days 31-60: Program Design
Week 5-6: Competency Definition
Rewrite job descriptions with specific competency requirements
Define technical, regulatory, and soft skill competencies
Create competency matrices for different role levels
Establish minimum competency standards
Week 7: Training Program Design
Develop role-specific training curricula
Create assessment methods and success criteria
Design mentoring and coaching programs
Build competency tracking systems
Week 8: Evaluation Framework
Establish competency assessment procedures
Create manager evaluation tools and training
Define competency gap remediation processes
Set up metrics and reporting
Days 61-90: Initial Implementation
Week 9-10: Pilot Launch
Select 2-3 critical control areas for pilot
Train managers on competency assessment
Launch pilot training programs
Begin competency evaluations with pilot groups
Week 11: Refinement
Gather feedback from pilot participants
Adjust training content and methods
Refine assessment approaches
Document lessons learned
Week 12: Full Rollout Planning
Create phased rollout plan for remaining areas
Secure additional resources as needed
Communicate program to broader organization
Set milestones and accountability
Common Pitfalls (And How to Avoid Them)
After watching organizations implement competency programs, I've seen these mistakes repeatedly:
Pitfall 1: Confusing Activity with Outcome
The Mistake: Tracking that people completed training without measuring if they actually became competent.
Real Example: A company had 100% training completion but still had 34 control deficiencies related to improper control execution.
The Fix: Measure competence through:
Practical assessments of actual capability
Quality review of control execution
Reduction in errors and deficiencies
Employee confidence in their abilities
Pitfall 2: One-Size-Fits-All Approach
The Mistake: Giving everyone the same training regardless of their role, experience, or existing competencies.
Real Example: New hires and 10-year veterans sat through identical training, frustrating both groups.
The Fix: Create tiered training:
Foundation level for new or unfamiliar people
Intermediate for those with basic understanding
Advanced for experienced individuals needing updates
Specialized for unique roles or situations
Pitfall 3: Treating Competence as Static
The Mistake: Assuming once someone is competent, they stay competent forever.
Real Example: An employee who was highly competent in 2018 didn't receive updated training on 2020 regulation changes and made significant errors.
The Fix: Regular competency revalidation:
Annual refresher training on core concepts
Immediate training on regulation or process changes
Periodic practical assessments
Continuous monitoring of work quality
Pitfall 4: Ignoring Soft Skills
The Mistake: Focusing solely on technical competencies while ignoring judgment, communication, and critical thinking.
Real Example: A technically brilliant accountant couldn't identify when to escalate unusual situations, leading to missed fraud indicators.
The Fix: Define and assess soft skills:
Professional skepticism and critical thinking
Judgment and decision-making under uncertainty
Communication and escalation capabilities
Adaptability and learning agility
Measuring Success: The Competence Scorecard
Here's the dashboard I recommend organizations maintain:
Category | Metric | Target | Frequency |
|---|---|---|---|
Competency Coverage | % of positions with defined competency requirements | 100% | Quarterly |
Training Completion | % of employees current on required training | 95% | Monthly |
Competency Validation | % of employees assessed as competent in their roles | 90% | Quarterly |
Gap Closure | Average time to close identified competency gaps | <60 days | Monthly |
New Hire Readiness | Time to full competency for new employees | <90 days | Quarterly |
Control Quality | Control deficiencies attributed to competency issues | <10% of total | Quarterly |
Employee Confidence | Self-reported confidence in performing controls | >8/10 | Semi-annual |
Retention | Turnover rate for control-critical roles | <15% | Quarterly |
The ROI of Competence: Making the Business Case
When I present competency programs to CFOs and CEOs, they always ask: "What's the return on investment?"
Here's the framework I use, with real numbers from implementations:
Investment Required (Annual, for 500-employee organization)
Investment Area | Cost Range |
|---|---|
Competency definition and documentation | $40,000 - $80,000 (first year only) |
Training program development | $60,000 - $120,000 (first year), $30,000 - $60,000 (ongoing) |
Training delivery and facilitation | $100,000 - $200,000 |
Assessment and evaluation programs | $40,000 - $80,000 |
Technology and tools | $20,000 - $50,000 |
Program management and administration | $80,000 - $150,000 |
Total First Year | $340,000 - $680,000 |
Ongoing Annual | $270,000 - $540,000 |
Expected Returns (Annual)
Benefit Category | Value Range | Source |
|---|---|---|
Reduced control deficiencies | $200,000 - $500,000 | Avoided remediation costs, reduced audit fees |
Prevented errors and fraud | $300,000 - $1,000,000 | Based on historical error rates |
Improved efficiency | $150,000 - $400,000 | Reduced time fixing mistakes, faster issue resolution |
Reduced turnover costs | $100,000 - $300,000 | Hiring, onboarding, and productivity loss avoidance |
Avoided regulatory penalties | $0 - $5,000,000+ | Depends on severity of potential issues |
Conservative Total | $750,000 - $2,200,000 | |
ROI Range | 120% - 320% |
These aren't theoretical numbers. They're based on actual results from organizations I've worked with.
My Final Thoughts: Competence as Competitive Advantage
After fifteen years in this field, here's what I know with absolute certainty:
Organizations that take competence seriously outperform those that don't—in every measurable way.
They have fewer control deficiencies. They respond to changes faster. They attract and retain better talent. They spend less time fixing mistakes and more time creating value. They sleep better at night knowing their controls actually work.
But here's what really matters: a commitment to competence transforms compliance from a burden into a capability.
When your people truly understand what they're doing and why it matters, controls stop being obstacles and start being enablers. Risk management becomes proactive instead of reactive. Compliance becomes a source of confidence instead of anxiety.
I started this article with a story about a failed SOX audit due to incompetence. Let me end with a different story.
In 2022, I worked with a mid-sized technology company implementing their first SOX program. They took the competence commitment seriously. They defined clear competency requirements. They invested in training. They assessed regularly and addressed gaps immediately.
Six months into their program, a major accounting standard change was announced. Their competitors panicked—most needed 12-18 months to implement the change.
This company had it done in four months.
Why? Because their people were competent. They understood the principles behind the controls, not just the procedures. They could apply their knowledge to new situations. They had the confidence and capability to adapt.
Their CEO called me afterward. "The competency program wasn't just about passing audits," he said. "It made us better at everything. Faster. More confident. More capable. It's become our competitive advantage."
"Commitment to competence isn't a compliance requirement. It's a strategic imperative. Organizations that understand this don't just survive—they thrive."
The question isn't whether you can afford to invest in competence. The question is whether you can afford not to.
Your next audit depends on it. Your business continuity depends on it. Your competitive position depends on it.
Choose competence. Choose capability. Choose success.