I started my career at Johnson & Johnson, trained under the old Coopers & Lybrand partners. One of the things I loved most wasn’t the binders, the flowcharts, or even the meticulous audits — it was the Credo. The principles weren’t just words on paper; they guided how decisions were made, how markets were run, and how people were empowered.

At J&J, the company deliberately decentralized decision-making, giving each market the latitude to serve its customers uniquely, experiment boldly, and grow profitably — all while staying grounded in the Credo’s core values. Business schools study that model because it’s a rare example of culture and performance aligned. And yet, underneath the trust and empowerment were the old-fashioned controls we auditors relied on — the invisible scaffolding that made decentralization not chaotic, but safe, scalable, and repeatable.

Those massive binders — the Worldwide Guidelines, the “WWs” — and our painstaking hand-drawn flowcharts taught us the fundamentals of input/output controls, segregation of duties, and exception management. We discovered gaps everywhere, not because teams were incompetent, but because even the best operators rarely had the bandwidth to study every rule as deeply as we did.

We had to explain repeatedly, especially to smaller teams: intent is irrelevant if a gap in the process allows errors or fraud to happen. Preventive controls stop mistakes before they occur; detective controls catch them before they escalate. The combination — properly implemented — creates a business that can innovate and scale safely.

The Basics Still Matter — Even in Modern Payment Systems

Fast forward to today. We live in an era of sleek, frictionless payments:

• Tap-to-pay
• ACH, card, wallets
• Buy Now Pay Later
• Embedded payments
• Hyper-customized experiences for individual payers

The customer’s journey is almost magical. They can pay how they want, when they want. And modern APIs make the process look seamless.

But behind the scenes, money moves through multiple systems:

1. The front-end captures the payment.
2. The processor handles settlement.
3. The system of record logs the transaction.
4. Funds flow to the bank.
5. Finance reconciles processor → ledger → bank → front end.

Each transaction is effectively moving in two directions at once: toward the ledger and toward the processor. Everyone assumes it “just works.” But what happens if the network blips, a power spike hits, or an API call fails mid-stream?

Engineers rely on retries, failovers, and idempotency. Smart, yes. But ask yourself: who ensures the value entered by the customer matches exactly what posts in the system of record and the processor?

The uncomfortable answer: very few, if anyone. This is the space where the old-school I/O control mentality still matters.

Automated Armies of Accountants: The Modern Way

We don’t need legions of accountants manually reconciling transactions at every interface. What we do need is controls that act like armies of accountants:

• Every transaction carries a single, immutable token.
• Control totals and hash checks are computed at every hop.
• Transactions are matched automatically between front-end, ledger, and processor.
• Exceptions are routed and triaged automatically.
• Bank recs become real-time, continuous detective controls.
• AI assists in anomaly detection and pattern recognition.

The principle is the same as in the old WW binders: ensure completeness, accuracy, and traceability at every step. The implementation has changed, but the philosophy hasn’t.

Auditing Through the System — Not Around It

Today’s auditors often focus on evidence: signed logs, checkboxes, reviewed forms. These are proof of action, not proof of control. The real control lives in the system itself.

A log with two signatures doesn’t guarantee the totals were checked. But automated controls and matching engines prove integrity continuously. We can finally audit through the system — just as we used to do with flowcharts — rather than auditing around it, relying on overworked clerks to remember to initial a form.

Back to Basics — Culture + Control

Flowcharting, old-fashioned I/O checks, segregation of duties, preventive and detective controls — these fundamentals remain crucial. The difference is that now they are invisible yet powerful, built into automated, scalable systems.

But there’s more: a company’s culture and values amplify the effect of controls. At J&J, the Credo empowered local teams to make decisions closest to the customer. Decentralization wasn’t chaos — it was strategic design. Teams had autonomy to innovate, experiment, and optimize for local markets, while foundational controls ensured safety, compliance, and consistency.

You can do the same today: hyper-customize customer experiences, innovate endlessly, and meet every individual payer’s needs without breaking the system. Don’t standardize in the name of control. That removes the very diversification that drives local excellence and creativity — the fast track to mediocrity.

Instead:

• Empower teams to act locally.
• Anchor everything in invisible, automated controls.
• Use technology to make controls continuous and reliable.
• Celebrate culture and values as the amplifier of safe innovation.

The Future: Innovation Anchored in Discipline

A world-class payments organization today is not just fast or automated. It’s disciplined, resilient, and innovative:

• Values and culture guide local decision-making.
• Foundational controls ensure that money flows correctly.
• AI and automation handle scale, exceptions, and matching.
• Real-time reconciliation ensures every penny is accounted for.
• Teams can experiment boldly, knowing the system has their back.

It’s the intersection of human judgment, culture, and technology that produces lasting success. The Credo and decentralization give people the courage to innovate. Controls give the business confidence that innovation won’t destroy itself.

Conclusion: Old Principles, New Horizons

The basics are ancient — flowcharts, segregation of duties, preventive and detective controls — but timeless. Combine them with modern technology, AI, and cloud systems, and you get:

• Frictionless customer experiences
• Safe and accurate money flows
• Decentralized innovation at scale
• Resilient, auditable, and continuously improving processes

At J&J, decentralization plus the Credo created a globally respected model of culture and performance. Today, that model is more powerful than ever: technology allows hyper-local, hyper-personalized innovation, while invisible, automated controls ensure it scales safely.

Innovate boldly. Customize endlessly. Empower locally.

But build every innovation on the foundation of discipline, integrity, and control that makes it sustainable.

That’s the lesson from binders, flowcharts, and I/O controls — alive in the age of AI and modern payments, guiding us from process as steps to process as understanding, and ultimately to a business that is both agile and rock-solid.