Part 17 in the Continuous Accounting Series
Managing internal controls around financial reporting is, of course, fundamental to governance and compliance. Under Section 404 of Sarbanes-Oxley (SOX), management and external auditors must report on the adequacy of the company’s internal control over financial reporting.
But there’s a big variance in costs in how companies get there. A recent survey by APQC found that top-quartile companies spend 13 cents (or less) per $1,000 in revenue to operate controls and monitor compliance with internal control policies and procedures, while the bottom-performing group spent around $1.40 per $1,000 in revenue. To put that into context, for a company with revenue of $10 billion, that’s the difference between $1.4 million and $14 million in costs between the two groups. And for companies considering going public, the initial costs of developing the required internal controls can run as high as $5 million to $10 million.
A study by Protiviti of nearly 500 companies found that audit costs are larger than ever, with nearly 40% seeing an increase of between 16% and 19% in internal costs for their audit, in addition to outside audit fees. These costs are set to increase further in an increasingly regulated business environment, and the COSO framework recently underwent its biggest overhaul in years, now expanding its focus to include much broader and deeper coverage on risk.
In addition to audit pressure, the testing of data and system controls and the coordination required to support compliance efforts are often highly manual and document-heavy processes. Reporting is often geared to detective rather than proactive controls, which often become significantly more challenging as the enterprise grows. Control monitoring and confirming controls is also a resource-heavy process, and sometimes a hit and miss affair, further raising risk exposure.
So, can enterprises drive efficiencies through their internal controls around financial reporting, while improving rigor? It turns out they can. While people and processes are always central to ensuring strong controls, technology can enable both to be more efficient in five key ways:
- Centralization: Centralize the documentation of controls, tests of controls, and all policies.
- Scope: Manage risk and compliance by conducting control tests to determine scope and test strategies.
- Evaluation: Evaluate control design and effectiveness and test policy compliance.
- Monitoring: Automate to enable exception-based testing and monitoring of controls.
- Reporting: Provide visibility into individual accountability and process effectiveness.
Control the process. Control the cost.
Process-control software is designed to provide a technology foundation that can help. It acts as a unified repository for compliance, control, and policy information. This ensures cross-functional standardization and consistency. It also acts a single point for all regulatory policies and compliance procedures like SOX, EU Directive 8, Basel II and III, and so on.
It also shifts controls from being detective to proactive, identifying control failures by embedding controls directly within business processes, such as reconcile-to-report, order-to-cash, and procure-to-pay. It makes it easier to connect internal controls and policies with business objectives and risks. And with support of a powerful in-memory database, it can monitor risks and controls in high-volume transactions in real time.
Finally, leveraging software to manage process control helps improve overall compliance and control processes without spiraling resources. This is achieved by streamlining online and offline control evaluations, managing the complete policy lifecycle with collaborative tools and surveys, and orchestrating issues and certifications with automated workflows.
Underpin financial reporting with data governance
With organizations running multiple ERP, purchasing, invoicing, and other heterogeneous applications throughout subsidiaries and the broader enterprise, it’s easy for master data to get out of control and pose a risk in the compliance and financial reporting process.
Often, a lack of standard policies around how to handle data can lead to multiple versions of accounts, segments, cost centers, product definitions, or other areas. As this kind of data changes over time, it can often lead to silos of old, inconsistent, or incorrect master data that can jeopardize downstream reporting. And with reports and associated reference data buried in hundreds of spreadsheets, it’s dangerously easy to end up with an error.
Software for master data governance can help in three ways to increase consistency in the close:
- Consolidates master data from any SAP and non-SAP system and creates a single record
- Centrally creates and maintains master data across heterogeneous systems
- Provides a verifiable audit trail of when, why, and by whom master data is changed
Ensuring that compliance is underpinned with a master data foundation decreases the effort devoted to trying to manually achieve consistency and helps eliminate error-prone manual changes downstream in reporting, thus better positioning management and financial reports across the enterprise to talk the same language.
In our next post in this series, we will talk about how we can apply continuous accounting in the account reconciliation process.
Learn how organizations are gaining instant financial insights and using them to make better decisions—both now and in the future. Register now for the 2017 Financial Excellence Forum, Oct. 10-11 in New York City.