The typical construction project today faces ever tightening budget constraints, high pressure to conform to unrealistically short construction deadlines, and double-digit increases in material and labor costs. Add to that the increased focus on safety and environmental concerns and many organizations feel they are starting out in a hole before they have even broken ground. With so many distractions, it is easy to lose focus on their controls framework among the chaos.
Today, more than ever, finance departments need help keeping the controls framework in place and operational in the face of emerging risks and opportunities. Finance doesn’t simply need more internal auditors to tell them what’s wrong, but the CFO needs a team that can:
The risk environment is always changing, even more so as market volatility increases. A recent survey shows that only 5% of CFOs and Audit Committee chairs receive “informed perspective on emerging risk” from their Internal Audit department.
Market volatility, economic uncertainty, and an ultra-competitive environment has greatly enhanced the speed at which the risk landscape changes. Additionally, with the added increase in merger and acquisition activity, companies now face exponential challenges when addressing risks. In order to meet these challenges, companies must constantly examine their risk assessments and adjust to the new environment. No longer is it adequate to simply prepare and present a risk assessment on an annual basis but rather this activity must be completed on an ongoing basis. The risks identified in previous assessments must constantly be reanalyzed as they pertain to the new set-up.
When performing this year’s risk assessment, be aware that the integrity of your controls environment may be threatened with each major event takes place within or outside the organization. Companies who address the effect of each event and the risk it introduces to the overall risk environment will better be prepared to handle risks in a timely manner.
In order to adequately address risk, a privately held construction company recently added a member of internal audit group to the team responsible for mergers, acquisitions, and strategic partnerships. A high-level risk assessment is prepared prior to making any strategic decisions and are part of the final financial package. Additionally, the team runs a post transaction review to determine the accuracy and validity of the perceived risk and data is used to assess future risks.
A control only functions if:
Mergers and acquisitions have become an integral part of the business strategy for most organizations today. A firm may capitalize on a growth opportunity by purchasing a strategic target with seemingly similar business processes. However, if the company has only ever operated within a certain market, industry, or geographic landscape it is likely the two organizations do not share similar processes. As a result, processes which worked for the old organization will fail to identify red flags in the new organization and controls will not address the risk they were designed to mitigate.
The best way to control the risks which have been introduced is through effective process management. Clearly defining roles and responsibilities in the new organization and delineating between functions (accounting, operations, and legal), will allow the controls to function as they were designed. Creating and implementing a clear set of processes for the newly formed organization reduces ambiguity and allows controls to function as designed. This exercise must be completed each time a merger or acquisition is completed.
As part of the integration team, a publicly held construction specializing in major infrastructure projects throughout the world, created a team responsible for process integration. This team’s charter is to create a process gap analysis of the newly formed organization and design one organization-wise process. The team then implements and tests controls within those processes to ensure the new controls are clearly defined, implemented, and functional.
The fact pace of business today often leaves organizations in fire-fighting mode forcing them to concentrate on the crisis of the day. As a result, many organizations allow a control deficiency to fester. A deficient control creates a false sense of security and finding the underlying cause of a failure is critical. While the internal auditors can quickly discover control concerns, it is equally important that a team is in place to immediately address and remediate the deficiency.
Often control deficiencies appear to be isolated incidents with straightforward remedies. However, during remediation, material and systemic weaknesses such as “tone at the top”, resource availability, and technology flaws are often revealed. Alternatively, what may seem like a doom and gloom scenario – control deficiencies pervasive through your entire organization – might all link to one common cause. Internal controls teams must analyze the root cause of each problem and search for trends that link them. Often, eliminating one deficiency will address and eliminate others as a result.
The internal audit team, as part of their findings noticed repetitive failures within journal entry support, account analysis, and financial reporting key controls. The natural response would be to conclude that there was a “failure of accounting governance”. The team however looked deeper, specifically, what precedes all of these processes: closing the books. They determined that by implementing an improved accrual process to facilitate closing the sub-ledgers on the first day of the month, accountants were given more time to create an accurate journal entry, analyze accounts, and provide managers more time to review final reports.
Trenegy provides a comprehensive review of an organization’s risk environment by drawing on years of experience advising both privately held and publicly traded companies. We work across organizations through accounting, finance, HR and operations to help design and implement effective controls with a focus on efficiency and future flexibility.
Trenegy does not simply identify and report control deficiencies but once we have identified failures in the process, we develop a specific course of action to remediate the underlying causes of control failures. By leveraging our expertise in ERP implementation, process design, and COSO 2013, we build strong controls around the people and tools you have invested in.
We arrive with both an attack plan and an exit strategy. Whether you recently became a public company and need a controls framework built from scratch or are trying to maintain a stable control framework in a volatile market, our focus is on providing the finance organization deliverables and strategies that can be used long after we are gone.
