4 Keys to Automating the S&OP Processes


Manufacturing companies’ ability to compete oftentimes hinges on meeting customers’ delivery expectations. Customers want the product when they want it, and delivery failures result in customer attrition. With the introduction of platforms connecting producers to consumers, moving from one supplier to another can happen overnight.  Unfortunately, customer product demands are difficult to predict.  Customer unpredictability requires manufacturing companies to closely manage the balancing act between material requirements, production capacity and inventory levels.

To address the predictability challenges, manufacturing companies must have a robust integrated business planning process aligning sales, operations and finance.  In many organizations, the Sales and Operations Planning (S&OP) process is disjointed and cobbled together with various spreadsheets and emails.  Companies can leverage technology to innovate and streamline the S&OP process. An S&OP platform can automate processes across sales forecasts, demand planning, materials planning, network optimization and financial planning.

Keep in mind, processes must first be standardized and organizations aligned before investing in a technology solution in order to realize any real benefits. Before starting an implementation, consider the following:

Know where you stand today. Business functions operate in silos and have unique processes, systems, success metrics, and terminologies.  Understanding the current state and identifying pain points within the process is key.  For example, the sales organization speaks in “dollars” and the plants speak in “units.” This means that the pricing process must be well-defined to interpret what sales is saying versus what the plant must produce.  Assess the current processes across the supply chain, then determine actionable steps for improvement. Automating an ineffective process will not yield greater effectiveness. Be realistic about the current state and develop a plan to implement the desired future state.

Roles within the organization will change. To effectively implement and utilize a S&OP tool, everyone involved in the S&OP process should understand their individual role and accountability. Undefined roles and responsibilities lead to duplication of effort and multiple versions of the truth. The plant receiving one forecast from sales and yet another version from the demand planners will experience confusion and second guessing.  Developing a RACI (Responsible, Accountable, Consulted, Informed) model for each step in the S&OP process is a great tool to align roles.  Clarifying how each individual contributes to the S&OP process and fostering collaboration across teams are essential to success.

Data is everywhere. Identify authoritative data sources and clearly define data inputs, calculations and outputs. Most companies with a manual S&OP process have data stored in multiple systems, spreadsheets, servers and hard drives. With data coming from multiple sources, companies spend the majority of the time validating the data, leaving little time for analysis.  Demand Planners plan production at a more product SKU level, and finance forecasts production at a product line level.  The two versions are rarely reconciled or shared between operations and finance. This creates a tedious and time consuming task, leaving little time for analysis. Before implementing an S&OP tool, the team should design a data model that aligns the company’s sales, financial, supply, and operations planning process and requirements.

Build consensus among key stakeholders. It is difficult to argue the benefits for implementing a platform for S&OP process automation.  Sales, finance, operations, supply, pricing, marketing and product management teams must be aligned, given the cross-functional nature of S&OP.  Establishing who will be accountable for the S&OP implementation isn’t always easy. Organizations need top management from commercial, finance and operations commitment to be aligned.   This includes aligning project objectives.  A good exercise to start the S&OP implementation, includes developing S&OP Guiding Principles. The Guiding Principles set the tone for the implementation and give all functions a clear understanding of the path forward.  Any disagreements will be resolved by the Guiding Principles for the project.  With executive leadership in place, buy-in from key stakeholders and the rest of the team in place, the S&OP process can succeed.

While technology can automate and simplify the S&OP process, processes, data, organization roles and expectations must be aligned across the business.

A Practical Guide to Transfer Pricing Policy Design and Implementation


Guest author David North, Corporate Controller at L.S. Starrett Company, provides a detailed look into transfer pricing policy design:

From what we see in the news media, transfer pricing is a tool used by unscrupulous corporations to “rig the system” of global trade as they’re caught paying single digit tax rates on enormous profits.  Such stories dominate the business headlines and political rhetoric only because scandal sells and because the business news media give disproportionate coverage to the world’s very few extremely large corporations.

For the rest of us the situation is the opposite – a threat of confiscation rather than a temptation to exploitation.  Only the giants can afford departments of full-time experts to design and maintain international tax and treasury strategies involving shell companies to act as “coordination centers” around the world.  The rest of us couldn’t possibly talk to national governments, let alone negotiate special tax treaties.  Instead we struggle to establish and maintain a transfer pricing policy that might protect us from double taxation and even when that’s achieved, the operational obstacle caused by the remedy is often worse than the problem it was meant to cure.

For all but the giants, designing and implementing a transfer pricing policy that’s acceptable to tax authorities without impeding the ability to do business is a tough challenge…

Click here to download the Transfer Pricing Do It Yourself Guide.

7 Signs a Difficult Person is Preventing Progress


The root cause of project delays, failures, and missed deadlines is often traced back to a single cause: a difficult (or insert adjective here) person.  Difficult people get in the way of progress.  They contribute to a workplace environment saddled with major time wasters: lengthy meetings discussing minutiae, circular arguments, tangential debates, non-productive discussions, and let’s not forget the ancillary meetings dedicated to getting a “difficult person” focused appropriately. Before we know it, a project lags behind schedule.

Although difficult people have seemingly good intentions, their work style is toxic. Below are the obvious signs of difficult people and recommendations for coaching them toward progress:

  1. They frequently remind others of their tenure (or lack thereof) with the organization.  Statements like, “I have been here for 20 years, so….” or “I have only been here for 4 months…” are typically followed with excuses for not taking action.  While it’s often essential to utilize one’s expertise in decision-making, a better way to mention it would be: “Based upon my experience with our company (or other companies), we could consider…”
  2. They wait for others to make decisions. Declaring, “If only management would decide what we should do…” is a hallmark of inaction. Oftentimes, difficult people will involve as many other non-decision makers as possible and lure them into the conversation as a deflection tactic. Instead, the difficult person should be direct and express any suggestions or concerns they have. They should say, “I am going to take a recommendation to management for feedback.” Engaging the final decision maker moves things forward.
  3. They find others in the company to be annoying. Difficult people might say, “Everyone else here acts like (fill in the blank) …” Statements like these suggest that the real problem is in the mirror. When faced with conflicting attitudes, a better response is, “I must be doing something wrong. How can I help others succeed?”.
  4. They are overbearing in meetings or they choose not to participate at all. “I have to take over every meeting!” or “I have nothing to say because they won’t listen!” indicates that true collaboration is not valued.  It is important that difficult people ask questions, encourage others to provide a perspective, and honor the cooperative forum.  If this is an issue, ground rules for meetings, such as “silence is agreement,” are critical to forward progress. Opting for smaller in-person meetings, instead of conference calls can also keep meetings concise and focused.
  5. They believe they are smartest people in the room. When a difficult person says, “Nobody understands my recommendations…” it’s usually a failure to provide better explanations or the recommendations are really bad ideas. A better approach to decision-making is to encourage others to ask questions and collaborate.
  6. They believe their requests go unanswered. “I email requests out to the team and nobody ever responds!” is a common attitude of difficult people. They may attribute this to their intimidating intellect, but a complete lack of response is likely a problem with how their message is delivered. Requests should include at least two of the following: (a) what’s in it for the recipient, (b) a personal touch of kindness, and/or (c) an explanation of the purpose of the request. It is important that, when able, people should refrain from emailing and engage face-to-face.  Engagement helps build a more collaborative environment and people may share more information face-to-face versus email.
  7. They do not consider their co-workers as confidants. “I cannot trust anyone in this place…” is a statement no one wants to hear in a healthy work environment. Building trust is a worthy investment in the company’s culture.  When trust is lost, it is important to address it and understand it in order to repair it. Taking the time to coach difficult people to engage with others helps to eliminate untrustworthy behaviors.

Using these coaching points can help a difficult person discover how a few communication techniques can make a world of a difference in project success.

4 Methods to Revolutionize Your Cybersafety Program


The year the internet fell apart. Cyber-analysts and researchers often declare 2014 as the “Year the Internet Fell Apart” due to a series of high-profile hacks on Sony, J.P. Morgan Chase, and Apple’s iCloud. In 2015, cyberattacks on Ashley Madison, Anthem, and the FBI were front-page news. And now in 2016, political hacks have really taken center stage with the DNC’s email breach, the hack on election systems in Illinois and Arizona, and Guccifer’s “October Surprise” threat of releasing Hilary Clinton’s private server emails. 2016 will be remembered as the year cybersecurity was exposed as an ever-evolving game of cat and mouse. And we have just realized that we are the mice.

While most breaches in the news come from the worlds of retail and geopolitics, other industries cannot and should not ignore the threat of cyber-attack. Everyone is under attack. In fact, healthcare, manufacturing, and financial services companies have the highest incident rates. And for any company, elaborate software alone will not prevent a hack or data breach. Why? Because 91% of all targeted cyberattacks rely on “social engineering” to persuade employees to reveal confidential company information. Below are Trenegy’s 4 methods to help you build a more comprehensive response to the growing cyber onslaught.

  1. Revise your Attack Radius

The main fault of many cybersecurity programs is that Finance and Operations leaders inaccurately believe that the IT guys can block out the hackers by themselves. But cyber criminals will attack ALL employees, not just your experienced IT staff. In a comprehensive cybersecurity plan, the Attack Radius extends to any system that can access sensitive data, as well as the people who could access those systems. It is also critical that the ownership of the cybersafety program rests on an executive-level leader (i.e., Chief Risk Officer or Chief Information Security Officer). This confirms that the cybersecurity initiatives are whole-company initiatives, not solely IT-related ones.

  1. Rethink “Cybersafety” Awareness Training

There needs to be an intense focus on bringing awareness to the methods used by hackers and the company policies and procedures for addressing the following types of social engineering schemes:

  • Phishing – Email with malicious links. These can be individually targeted or sent as a mass email blast.
  • Pretexting – Pretending to be someone else to gain confidential information.
  • Baiting – Deceiving someone with a fake incentive (“You’re a winner. Download now!) or a threat (“You have viruses on this device.”).
  • Quid Pro Quo – Asking for secure access in exchange for providing something.
  • Tailgating – Following someone into a secure physical location, usually one requiring a unique ID card for access.

The importance of training employees on how to identify and avoid these threats can be just as financially important as training employees on how to maintain the organization’s l physical assets. In addition to a robust awareness training program, Trenegy believes in the power of the Cybersafety Minute, a CRO/CISO sponsored minute at the beginning of meetings that provides consistent awareness about the state of the organization’s cybersecurity.  

  1. Remodel Risk Assessments

The testing of controls is traditionally a reactive practice. For example, pervasive testing of Internal Controls over Financial Reporting came about as a response to SOX. And testing of Environmental, Health and Safety controls is driven as a response to EPA regulation. We often find organizations that effectively test cybersecurity controls do so only because they have had several breaches in the past. Cybersecurity controls do not receive the proper testing focus because the risks are not correctly assessed. Creative hacking calls for creative preventative measures. Many organizations will outsource annual penetration testing, but since most hacks rely on the vulnerabilities in human nature, standard “pen testing” is grossly incomprehensive. In performing the risk assessment, the CRO/CISO should sponsor testing that has an internal employee attempt to socially engineer other employees. It is unlikely that any cybersecurity risk – technical or social – will not be rated the highest threat level.

  1. Rework Incentives

It can be hard to draw the connection between a mysterious email and the loss of company millions. But ensuring employee compliance with a cybersecurity program is key to that program’s success. Incentives, like cash rewards for completing a cybersafety training, can drive positive behavior and encourage engagement. Involving cybersecurity in performance evaluations and day-to-day training helps people understand, on an individual level, how they can make an impact on the company’s large scale cybersecurity program.

Settling the Top-Down vs. Bottom-Up Budgeting Debate


As a company expands and matures, leadership will eventually lose control over the Planning, Budgeting, and Forecasting (PB&F) process. Over time, different regions and functions will develop unique and siloed processes that provide the CFO budgets with varying levels of depth and flexibility. The CFO’s attempt to corral the process by notifying the organization that their group at HQ is now running the show inevitably launches the Top-Down(TD) vs Bottom-Up(BU) civil war.


Effectively navigating the evolution from a pure BU to a pure TD approach is nearly impossible. Replicating the old ways with a TD process that budgets at the same level, even with allocations, presents well-documented challenges. Cost center owners disengage from the process because they do not feel like their input is valued, functional leads don’t fight for a potentially profitable project because they fear “Corporate,” and the finance guys in the ivory tower forecast inaccurately because “how would they know what goes on here in the field/plant/etc.”

Strategic Top-Down Target Setting

Predictably, the answer to the TD vs. BU debate is somewhere in-between. Instead of overhauling the current Bottom-Up process, the organization can leverage it and still give the CFO the control he or she covets by implementing Strategic Top-Down Target Setting. The CFO typically does not care that 401k expense is budgeted to stay flat, or that marketing expense is budgeted to rise 50 basis points. The CFO cares about top-line growth, margins, and cash flow. The finance organization can control these in the budgeting process without strangling the different regions with peanut butter spread allocations. Within the firm’s planning tool of choice, Finance will set various Key Performance Indicators (KPIs) that the current planning teams must achieve. Common budgeting KPIs are:

  • Gross Margin
  • DSO, DPO
  • Inventory Turns

The Strategic Top-Down method generates the typical benefits an organization receives from the pure TD process (e.g. reduced cycle times, improved accountability, and removing personal interests), while allowing the different functions or regions of the organization to build their budget in the way that best works for them. As challenging as it may be for Finance to give up planning revenue growth down to the basis point, it is far more effective to work with the different commercial groups to set market and product growth expectations, instead of holding them to profitability metrics.

This budgeting strategy can also drive creative pursuits of revenue-generating activities and operational efficiencies to meet the KPIs set by finance. For example, instead of conforming to a headcount maximum, a commercial region is able to increase team size to meet new sales initiatives, while continuing to grow revenue in line with Finance’s margin targets.


This process pushes the decision-making to the teams that will have to live and operate under the budgets. Importantly, the teams must trust the targets they have been given. They cannot feel like they are building up to meet margin targets pulled out of thin air. Cross-functional teams should present a strategic vision annually that includes:

  • Commercial/Sales groups presenting their expected market and product growth
  • Operations presenting expectations for inventory, manufacturing efficiency, and commodity price fluctuations
  • Finance presenting pricing and foreign exchange expectations

By maneuvering these levers, the CFO and his FP&A team can effectively set their revenue growth, margin, and cash flow expectations without the numerous reiterations that result from a pure TD or pure BU process.

5 Ways to Take Advantage of a Crisis: The Change Management Approach


Whether it be a workplace accident, natural disaster, data breach, corporate scandal, or fraud, crisis is inevitable. What is done immediately after such an event is critical to the future well-being of the company. Everyone in the organization suddenly wakes up from the autopilot they have been able to operate on for years. All eyes look to management for direction. It is their responsibility to take lead, bring stability to the company and seize the opportunity for improvement. An organizational change management approach should be used to re-evaluate human capital, processes, and systems to overcome a crisis and create a solid foundation for future success.

  1. Develop Leaders

After a crisis, people across the organization are willing to change their normal way of doing things in order to prevent a similar situation from happening in the future. Natural leaders will arise during that time. Management can make the most of the situation by identifying those leaders to help motivate others and lead transformation initiatives. Leveraging their strengths will help address current problems, improve processes and establish them as valuable leaders moving forward.

  1. Renew the Culture

Company culture is a strong predictor of financial and operational health. When a company’s culture is in a bad state, it usually means their communication is poor, the processes are inefficient, work ethic is low, and many other crisis-provoking issues exist. The tone at the top drives company culture. A crisis presents the board and executives an opportunity to re-evaluate leadership styles and hit the “reset button” if needed. To overcoming crisis, it is critical to determine which leadership style the company must follow in order to renew the culture and effectively make business improvements.

  1. Resolve Process Issues

Management should focus on fixing process issues before making any other major changes. If a company waits to improve their processes until after the system implementations and organization alignment, they will most likely have to re-implement and restructure, costing the company a lot of time and money. Client-facing, retention-focused processes take precedent. Internal processes, like improved asset utilization and better productivity measures, are next. When made early, process improvements increase efficiency and effectiveness and usually require little investment compared to system and organization changes. In addition to process improvements, management should also implement new policies and controls.

  1. Improve Systems

Systems should be used to support the business processes and overall business strategies – not the other way around. In order to ensure systems are used in this manner, the project management office (PMO) within IT should be reviewed. Proper approval processes and project governance practices will resolve most issues around duplicate systems, misallocation of resources, and more. Improving PMO practices leads to greater discipline within the organization, resulting in more efficient utilization of IT assets. The time following a crisis is a perfect time to make those changes to the PMO. Additionally, it is an ideal time to rationalize the application architecture, ensure cybersecurity practices, and begin discovery for different or additional system solutions. System changes take a lot of time and hard work, so using a crisis to launch new system selection and implementation projects would be wise.

  1. Align the Organization

The organization structure is often overlooked, but it is actually one of the most important factors in supporting the core competencies of the business. Effective organization structures promote better communication and improved productivity, leading to a reduced risk of crisis. When the organization structure is considered during the planning phase of a transformation, alignment with the process and system changes is straightforward. Even though people are more open to change following a crisis, organization restructuring can face push-back and lead to lower employee morale. It is recommended to find outside change management experts to help make this less painful.


Trenegy is a management consulting firm that guides companies through crisis recovery by leveraging their project management and change management expertise.

Functional Control Implementation for the Construction Organization


The typical construction project today faces ever tightening budget constraints, high pressure to conform to unrealistically short construction deadlines, and double-digit increases in material and labor costs.  Add to that the increased focus on safety and environmental concerns and many organizations feel they are starting out in a hole before they have even broken ground. With so many distractions, it is easy to lose focus on their controls framework among the chaos.

Today, more than ever, finance departments need help keeping the controls framework in place and operational in the face of emerging risks and opportunities. Finance doesn’t simply need more internal auditors to tell them what’s wrong, but the CFO needs a team that can:

  • Analyze emerging risk
  • Design effective processes and controls
  • Test controls and fix underlying deficiencies

Risk Environment

The risk environment is always changing, even more so as market volatility increases. A recent survey shows that only 5% of CFOs and Audit Committee chairs receive “informed perspective on emerging risk” from their Internal Audit department.

Market volatility, economic uncertainty, and an ultra-competitive environment has greatly enhanced the speed at which the risk landscape changes.  Additionally, with the added increase in merger and acquisition activity, companies now face exponential challenges when addressing risks.  In order to meet these challenges, companies must constantly examine their risk assessments and adjust to the new environment.  No longer is it adequate to simply prepare and present a risk assessment on an annual basis but rather this activity must be completed on an ongoing basis. The risks identified in previous assessments must constantly be reanalyzed as they pertain to the new set-up.

When performing this year’s risk assessment, be aware that the integrity of your controls environment may be threatened with each major event takes place within or outside the organization.  Companies who address the effect of each event and the risk it introduces to the overall risk environment will better be prepared to handle risks in a timely manner.

In order to adequately address risk, a privately held construction company recently added a member of internal audit group to the team responsible for mergers, acquisitions, and strategic partnerships.  A high-level risk assessment is prepared prior to making any strategic decisions and are part of the final financial package.  Additionally, the team runs a post transaction review to determine the accuracy and validity of the perceived risk and data is used to assess future risks.

Process Design

A control only functions if:

  • The process it exists within is effectively managed
  • All employees know which aspects of the control they own
  • The process is scalable to control for future risks

Mergers and acquisitions have become an integral part of the business strategy for most organizations today.  A firm may capitalize on a growth opportunity by purchasing a strategic target with seemingly similar business processes. However, if the company has only ever operated within a certain market, industry, or geographic landscape it is likely the two organizations do not share similar processes.  As a result, processes which worked for the old organization will fail to identify red flags in the new organization and controls will not address the risk they were designed to mitigate.

The best way to control the risks which have been introduced is through effective process management.  Clearly defining roles and responsibilities in the new organization and delineating between functions (accounting, operations, and legal), will allow the controls to function as they were designed.  Creating and implementing a clear set of processes for the newly formed organization reduces ambiguity and allows controls to function as designed.  This exercise must be completed each time a merger or acquisition is completed.

As part of the integration team, a publically held construction specializing in major infrastructure projects throughout the world, created a team responsible for process integration.  This team’s charter is to create a process gap analysis of the newly formed organization and design one organization-wise process.  The team then implements and tests controls within those processes to ensure the new controls are clearly defined, implemented, and functional.

Underlying Deficiencies

The fact pace of business today often leaves organizations in fire-fighting mode forcing them to concentrate on the crisis of the day.  As a result, many organizations allow a control deficiency to fester.  A deficient control creates a false sense of security and finding the underlying cause of a failure is critical. While the internal auditors can quickly discover control concerns, it is equally important that a team is in place to immediately address and remediate the deficiency.

Often control deficiencies appear to be isolated incidents with straightforward remedies. However, during remediation, material and systemic weaknesses such as “tone at the top”, resource availability, and technology flaws are often revealed. Alternatively, what may seem like a doom and gloom scenario – control deficiencies pervasive through your entire organization – might all link to one common cause.   Internal controls teams must analyze the root cause of each problem and search for trends that link them.  Often, eliminating one deficiency will address and eliminate others as a result.


The internal audit team, as part of their findings noticed repetitive failures within journal entry support, account analysis, and financial reporting key controls.  The natural response would be to conclude that there was a “failure of accounting governance”. The team however looked deeper, specifically, what precedes all of these processes: closing the books. They determined that by implementing an improved accrual process to facilitate closing the sub-ledgers on the first day of the month, accountants were given more time to create an accurate journal entry, analyze accounts, and provide managers more time to review final reports.

How Trenegy Helps

Trenegy provides a comprehensive review of an organization’s risk environment by drawing on years of experience advising both privately held and publically traded companies. We work across organizations through accounting, finance, HR and operations to help design and implement effective controls with a focus on efficiency and future flexibility.

Trenegy does not simply identify and report control deficiencies but once we have identified failures in the process, we develop a specific course of action to remediate the underlying causes of control failures. By leveraging our expertise in ERP implementation, process design, and COSO 2013, we build strong controls around the people and tools you have invested in.

We arrive with both an attack plan and an exit strategy. Whether you recently became a public company and need a controls framework built from scratch or are trying to maintain a stable control framework in a volatile market, our focus is on providing the finance organization deliverables and strategies that can be used long after we are gone.

Optimizing Organizational Performance through the Control Environment


It has been said that a pessimist sees the difficulty in every opportunity whereas the optimist sees opportunity in every difficulty.  Similarly, the corporate executive can view regulatory requirements created by Sarbanes Oxley and the PCAOB with disdain or as a catapult for positive change throughout the organization.  Private companies, who today face increased pressure to implement a control environment from lenders, partners, and investors, will face challenges similar to their public counterparts.

A SOX 404 implementation program can be managed to gain organizational efficiencies and achieve more effective processes. In the same way, companies who implement a control environment to satisfy outside requirements, can benefit from efficient and effective processes that arise from this initiative.  The guidelines outlined below will allow organizations to realize benefits of organizational change while implementing a sound control environment.

Set Guiding Principles.

The transition to the 2013 COSO framework implies a more robust and daunting control environment. Developing a set of guiding principles for the organization and each of the business functions links policies to strategy and sets the foundation for an effective control environment. Guiding principles capture intent, establish the tone from the top, and rally the organization to implement the right control activities.

A mid-sized construction group used guiding principles as a motivation tool and a way to give each function a sense of purpose and identity in their new environment. The control, monitoring, and risk management activities and policies were then tied into the guiding principles to ensure a common tone was established and integrated.

LESSON LEARNED:  Undertaking large initiatives such as creating and implementing a control environment presents the perfect opportunity to re-unite the organization and the best place to start is the guiding principles.


Integrate Risk Assessment and Planning.

The mere sound of conducting a risk assessment wreaks drudgery. Organizations benefit when the risk assessment process is integrated with the business planning process as one seamless and forward-looking process is more efficient than two separate processes.

A key element of the business planning process is a financial budget for the upcoming year. Why not also make the risk assessment a product of the planning process? Recently, a large developer integrated the risk assessment with planning and budgeting adding only two weeks to the entire four-month planning and budgeting process.  Completing both initiatives simultaneously provided a more holistic approach to both processes and exposed risks and opportunities which would have been more difficult to discover by looking at each process separately.

LESSON LEARNED:  The total benefit gained by integrating the risk assessment and planning process is far greater the sum of the two initiatives completed separately.  Organizations can use this integration as a starting point for organization-wide, integrated process change.


Eliminate Waste.

During a controls and process mapping exercise, it is important to understand the purpose of each step in a process. Many fast-growing companies inherently have bad processes in place that worked for a small company but are unnecessary for the size of the organization they have become.

Often large construction organizations spend an inordinate amount of time physically matching vendor invoices to checks for the Controller’s signature. This step served the company well when they were small but as they grew into a larger public company, this was wasteful and did not serve a purpose. By implementing more efficient controls into the disbursement process, the company eliminated the paper matching process.

LESSON LEARNED:  Do not be afraid to look for ways to eliminate waste as a part of the SOX 404 implementation or review process. Along each step in the implementation / review process, ask yourself, “Is this a necessary step and does this step make sense for a company our size?”


Companies have no choice but to address the mounds of regulatory requirements to comply with SOX and SEC regulations and requirements from lenders, partners, and investors. Those who view these requirements as a catalyst to change across the organization will recognize benefits that far outweigh their costs. Organizations who chose to take the pessimistic viewpoint will continue to fight an uphill battle by focusing solely on the difficulties the requirements present.

The Keys to Construction Audit Success


As companies continue to face tighter budgets, shorter construction cycles and rising labor and material costs, it is even more important to implement clearly defined functional controls. The construction audit helps companies quickly identify control and process issues and implement long term solutions.

A well-designed construction audit examines past, present and future projects for cost overruns, schedule discrepancies, documentation deficiencies, incomplete or inaccurate contracts, and incomplete tasks. The construction audit reviews current controls and, based on the findings, documents controls deficiencies, creates new controls, and develops an implementation plan to mitigate risks for future construction projects.

The construction audit focuses on five distinct development phases: plan, bid, design, construct and operate.

1. Plan

The construction audit begins with the planning phase.  A high level review of the feasibility study and business case is completed to ensure they are based on accurate, complete and timely cost estimates. A review of the baseline project plan will examine the completeness and accuracy of project budgets, timelines, and labor requirements.

Primary Focus: Feasibility Plan

  • Are feasibility studies and business cases complete and accurate?
  • Does the feasibility study include known factors which will impact project schedule and cost?

2. Bid

All bids packages are reviewed to ensure contractors prepare cost and timing estimates based on complete and clearly defined bid packages. A bid review ensures contracts are awarded based on pre-set, defined, selection criteria with clear terms and conditions.

Primary Focus: The Bid Package

  • Is the RFP process clearly defined and are changes / revisions released to all bidders in a timely manner?
  • Is the RFP package complete? Are bids based on information accessible to all bidders?
  • Do selected bid packages address the entire project and are exact specifications referenced?

3. Design

The design phase ensures that a complete project scope, plan, and budget (including contingencies) are developed and approved before construction begins. Additionally, the design phase will establish the change order and draw processes (including approval levels and workflows).  A signed contract completes the design phase.

Primary Focus: Final Project Budget

  • Was the budget set and approved before construction began?
  • Does the budget contain the proper amount of contingencies?
  • Can revised budgets be easily tracked to the original budget?

Primary Focus: The Bid/Contract

  • Does the contract include exact bid quantities, timeframes, specifications, and prices?
  • Does the contract clearly lay out the change order process and approval requirements?
  • Is the draw process clearly defined and based upon measurable milestones?

4. Construct

The construct phase of the construction audit examines progress reports, adherence to financial controls (draw requests, approvals, contractor payment processing), and complete and accurate status reporting. Critical to any successful development is a well-defined and followed change order process. As part of the construction phase, adherence to change order creation, approval and processing is reviewed for completeness. Finally the construct phase ends with the close out process. Key elements include the creation and completion of the final construction punch list (and contingencies) and the collection and maintenance of warranty information.

Primary Focus: Project Payments

  • Are payments based on pre-defined milestones and made only after the proper draw requests have been approved and submitted?
  • Have all change orders received proper approvals?
  • Are change orders incorporated into the original budget? Are revised budgets distributed?

5. Operate

A property will be put into operation once the certificate of occupancy documentation has been obtained.  Final punch list items will be completed and the property will be transitioned to property management or turned over to a third party.

Primary Focus: Punch List / Punch List Contingencies

  • Has a final project punch list and contingency been created?
  • Are charges correctly tracked and allotted to the closeout process?
  • Is the final project budget complete?

The ultimate goal of the construction audit is to address the causes of past deficiencies and create repeatable processes and controls to minimize project risks going forward.

Trenegy encourages clients to use the construction audit as a mechanism to ensure sound financial controls are implemented and followed to maximize profitability and reduce project risks.