Accounting
Scaling Compliance Controls: Key Considerations
In ever-changing risk and regulatory landscapes, companies must ensure that their internal compliance processes evolve at the same pace, and that they are always capable of addressing emerging threats effectively. While scandals such as Enron and Worldcom have faded from headlines, fresh examples of misconduct and control failure – such as the collapse and liquidation of construction company Carillion in 2018, and of bakery chain Patisserie Valerie in 2019 – emerge regularly.
Those episodes emphasise the need for CFOs to stay ahead of their compliance obligations and manage their risk profile – by growing their internal control environment in alignment with both their company’s needs and regulatory expectations. Given the potential for costly compliance penalties, and the possibly-greater impact of reputational damage, let’s take a closer look at the control maturation process, and the factors that CFOs must consider as they scale their frameworks.
Key Steps to Building a Mature Control Environment
Regulated companies are required to develop and implement internal control frameworks to address compliance risks. In this context, ‘mature control environment’ refers to a framework that offers strong, effective protection, and that has been proven to meet its compliance objectives, including managing relevant risks and meeting regulatory standards.
The challenge for CFOs, and accounting and compliance teams is that company risk profiles change for a multitude of reasons, including growth – a factor which typically makes assets more susceptible to theft and places increasing pressure on financial results. The more pronounced the shift in risk, the more focus it may require to maintain the status of the control environment.
With that in mind, reaching, and then being able to maintain, a mature control environment represents a significant milestone in a compliance journey – and demonstrates that a company is able to provide ongoing protection for all stakeholders.
Achieving control maturity demonstrates that a company has taken key steps to strengthen its compliance performance, such as implementing:
- Clear policy and procedures
- Risk assessment process
- Review and approval processes
- Second-signers on material disbursements
- Automated reconciliation tools
- Compliance oversight
It’s important to remember that a mature control environment is not simply a sign that a company has checks and balances in place to ensure asset protection and good financial reporting, but also indicates that a company is ready for improvement and market growth.
Understanding the Impact of Technology
Software automation plays an important role in helping companies scale their internal controls, and then mature and maintain their control environment. However, while accounting technology tools deliver both fiscal and IT advantages by reducing or eliminating manual work, they ultimately can only help companies enforce and validate the outcomes of workflows – and shouldn’t be relied upon alone to achieve a mature control environment.
Instead, CFOs should view technology as a means to support employees, and reduce friction and pressure as they mature their control environment. This means identifying integration points within the tech stack where software automation will have the greatest impact on manual work: this might involve consideration of how individual solutions transfer data between one another, or how deeply certain solutions are integrated with daily control processes.
FloQast research has affirmed the potential positive effects of tech integration – which typically results in “significant improvement against accounting team burnout”. Unsuccessful tech integration, on the other hand, can hinder control maturation, creating multiple disparate, difficult-to-reconcile data sources – which, in turn, create larger data management problems, even as they fix individual manual problems.
It’s also important to consider the human factor of tech integration. Accounting teams can be resistant to change, with research suggesting that up to “90% of technology projects fail to deliver any measurable ROI”. This doesn’t mean that CFOs should avoid innovation, but rather focus primarily on routine processes or the day-to-day tools that their accountants use (such as Excel, or Slack, or Teams) where it’s more likely automation will deliver advantages.
Identifying Effective Tech
The ideal technology integration not only supports the scaling of internal controls, but streamlines the entire control application process for accounting team members.
GRC analyst Michael Rasmussen explains this notion, defining “cutting-edge” compliance controls by their capacity to automate both “continuous control management” and “the detection and enforcement of internal controls in business process systems”. Advanced compliance management systems typically provide these functionalities, enabling teams to quickly create checklists to manage multiple workflows, and consequently automate the capture of control execution within a single application.
Cross-Company Collaboration
While accounting teams are responsible for verifying and managing internal controls, in reality, the functionality of the controls reaches across an organisation. With that in mind, any effort to scale should extend beyond executing and capturing internal controls, to increasing the company’s operational effectiveness – by bringing personnel together, facilitating collaboration, and ensuring accountability.
Consider an example of practical control technology integration:
- Completion of an inventory count is identified as a control, and a task is created.
- The count is assigned to the warehouse manager.
- The manager is able to sign-off and log the count digitally via control software.
- The software notifies the accounting team of task completion simultaneously notifying the accountant completing the inventory workflow, and the internal audit team monitoring the effectiveness of the control environment.
In this case, the integration not only facilitates the completion of the checklist item, but streamlines the entire process, reducing manual work for the accounting team, increasing visibility and accountability, capturing execution at the source, and eliminating a time-consuming outreach process between accounting and the warehouse. The case further underlines the potential advantage of advanced compliance management systems which can expand visibility into control workflows and execution via features such as purpose-built dashboard tools.
Towards a Controls-Based Audit
The benchmark for a mature control environment is the possibility of executing a controls-based financial statement audit: the thorough operational testing of internal controls by a financial statement audit team in order to assess the risk of material misstatement.
In this context, if the testing process demonstrates that a particular control operates successfully, the audit team can place a higher level of reliance on that control – and so reduce the risk of material misstatement. A lower risk of misstatement means that the team can then reduce the amount of substantive testing it performs during the audit – ultimately saving both the accounting and audit team countless valuable hours during the PBC process.
A mature control environment represents a combination of factors, including the integration of day-to-day accounting processes, visibility of, and accountability for, task execution, and the automated capture of relevant data. FloQast Compliance Management was developed for exactly this purpose: helping companies reimagine and transform their control environment, streamline control application, smooth the path towards control maturity, and reap the benefits of a controls-based audit.
If you would like to learn more about control automation, get in touch with a member of our team today.
Related Blog Articles
