How to Implement Internal Controls That Work
By Joseph Kasbaum/
March 24, 2016

In a period of rapid change driven by historically low and volatile crude prices, publicly traded companies cannot lose sight of their controls framework among the chaos. Finance departments need help keeping the controls framework in place and operational in the face of emerging risks and opportunities. Finance doesn’t simply need more internal auditors to tell them what’s wrong, but the CFO needs a team that can:

Risk Environment

Don’t fly blind. The risk environment is always changing, even more so as market volatility increases. A recent survey shows that only 5% of CFOs and Audit Committee chairs receive “informed perspective on emerging risk” from their Internal Audit department.

This environment is driving companies to pursue extreme measures to manage financial exposure, but the exposure to financial reporting risks is often placed on the backburner. Both the conservative approach of hunkering down to shed costs and the opportunistic approach of making acquisitions while prices are low breed new risks. Risks identified in previous assessments must be reanalyzed as this business climate renders each decision more critical.

When performing this year’s risk assessment, be aware that the integrity of segregation of duties is threatened each time an employee is laid off. Each revenue accrual should receive greater scrutiny as your firm hovers near earnings targets, and emerging threats like cyber security can impair your controls framework.

Process Design

A control only functions if:

For example, a firm may capitalize on this downturn and purchase a strategic target with seemingly similar business processes. However, if the company has only ever operated within the confines of the United States, their vendor management control process will reflect that risk level. The majority of all Foreign Corrupt Practices Act investigations occur because of payments to foreign vendors, and if the acquired company conducts business across borders, old processes won’t identify red flags.

The only way to control for the above risk, and scores of other risks, is with effective process management. Roles and responsibilities must be delineated between accounting, operations, and legal to appropriately vet all new vendors, and the process must be scalable no matter whether you use a checklist or a vendor management system.

Underlying Deficiencies

Do not let a control deficiency fester. Finding the underlying cause of a failure is critical. Internal auditors are the in-house experts on discovering control concerns, but you need a team to remediate as soon as problems arise. On the surface, many control deficiencies appear like isolated incidents with straightforward remedies. However, material and systemic weaknesses like tone at the top, resource availability, and technology flaws often reveal themselves during remediation.

On the flip side, what may seem like a doom and gloom scenario – control deficiencies pervasive through your entire organization – might have an antidote. Your internal controls team must analyze the root cause of each problem and search for trends that link them. For example, if you notice repetitive failures within journal entry support, account analysis and financial reporting key controls, don’t jump to the dreaded conclusion of “failure of accounting governance.”

Instead, look for what precedes all of these processes: closing the books. Implementing an improved accrual process to facilitate closing your subledgers on the first day of the month will give accountants more time to perfect journals and analyze accounts, and provide managers more time to review final reports.

How Trenegy Helps

Trenegy provides a comprehensive review of an organization’s risk environment by drawing on years of experience advising multi-national publicly traded companies. We work across organizations through accounting, finance, HR and operations to help design and implement effective controls with a focus on efficiency and future flexibility.

Trenegy does not simply identify and report control deficiencies. Once we have identified failures in the process, we develop a specific course of action to remediate the underlying causes of control failures. By leveraging our expertise in ERP implementation, process design and COSO 2013, we build strong controls around the people and tools you have invested in.

We arrive with both an attack plan and an exit strategy. Whether you recently became a public company and need a controls framework built from scratch or are trying to maintain a stable control framework in an volatile market, our focus is on providing the finance organization deliverables and strategies that can be used long after we are gone.