Can Internal Control Be The Key To Longevity?

Thomas Frénéhard

Part 14 in the “Controls and Risk Management” series

Back in the 1920s, the average longevity of companies in the S&P 500 index was 67 years, compared to just 15 years in 2012, according to professor Richard Foster from Yale. There’s much to bet that this has reduced even more since then.

The question is then: How can you ensure that your company is here for the long run?

Internal control journey – from pure compliance to delivering performance

In most companies, internal control is still addressed in much the same way as it was many years ago, using the same business structures and approach. Shouldn’t this change to focus more on performance?

Yes, I understand that there have never been so many regulations, and considering the increase in these last few years, I assume this isn’t going to slow down any time soon. But I think companies need to be proactive rather than reactive in order to stay on top of things.

Picture this. You’re already doing internal control, so why not leverage all these controls that are assessed manually or automatically and shape them with a more performance-orientated intent?

Easier said than done, right?

Actually, I believe that progressing step by step can make this journey a lot easier than you would think. Of course, a big revamp will make this happen quicker, but the cost and resources required to do so might be too much in these economically challenged times.

My suggestion, therefore, is the following. During the regular internal process review, whenever creating or updating a control, try to associate it to an objective – not a control objective but a corporate objective. Ask yourself, what company value does this control relate to? Deliver constant quality of service? Release reliable financial communication to stakeholders? What else?

This is a great first step on this journey, but not the most complex.

Once this step is achieved, then comes the prioritization phase. Select the corporate objectives that give you a competitive edge, and collect all their associated controls. You will know precisely what controls can help you achieve your corporate objectives and what controls have a more regulatory focus.

Now, you can follow your performance using controls that are regularly assessed. Like key risk indicators, these can feed you information on how well each department is doing, even allowing for a benchmark across divisions.

This means that you can investigate when one area is not performing as planned, and also focus your attention – or ask internal audit to do it – on the high-performing organizational units. These indeed might have implemented processes that are more efficient, and you might want to consider applying them to the rest of the group!

Combining a sound internal control process and linking it to strategy means that you’re not only ensuring that your current processes are running as designed, but also that your business is sustainable in the short- to midterm. Also, these processes are supporting your overall strategy and laying the path to long-term viability.

So, is this the key to longevity? Unfortunately, I don’t have the answer, but to me, protecting the value drivers of the company seems like a good starting point.

Does such an approach resonate with you? I look forward to reading your thoughts and comments on Twitter @TFrenehard.

Review other posts in the “Controls and Risk Management” series.

This article originally appeared on SAP Community and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Thomas Frénéhard

About Thomas Frénéhard

Thomas is part of the Global Centre of Excellence for Finance and Risk solutions where he has a focus on Governance, Risk, and Compliance topics. Prior to that, he was a Senior Director in the Governance, Risk, and Compliance Solution Management team. His particular responsibility was with Risk Management but other functional areas of focus were in Internal Control & Compliance Management and Audit Management. He is also a regular contributor on social media and presenter at various SAP and non-SAP conferences on GRC matters.