In a period of rapid change driven by historically low and volatile crude prices, publicly traded companies cannot lose sight of their controls framework among the chaos. Finance departments need help keeping the controls framework in place and operational in the face of emerging risks and opportunities. Finance doesn’t simply need more internal auditors to tell them what’s wrong, but the CFO needs a team that can:
- Analyze emerging risk
- Design effective processes and controls
- Test controls and fix underlying deficiencies
Don’t fly blind. The risk environment is always changing, even more so as market volatility increases. A recent survey shows only 5% of CFOs and Audit Committee chairs receive “informed perspective on emerging risk” from their Internal Audit department.
This environment is driving companies to pursue extreme measures to manage financial exposure, but the exposure to financial reporting risks is often placed on the backburner. Both the conservative approach of hunkering down to shed costs and the opportunistic approach of making acquisitions while prices are low breed new risks. Risks identified in previous assessments must be reanalyzed as this business climate renders each decision more critical.
When performing this year’s risk assessment, be aware that the integrity of segregation of duties is threatened each time an employee is laid off. Each revenue accrual should receive greater scrutiny as your firm hovers near earnings targets and emerging threats like cybersecurity can impair your controls framework.
A control only functions if:
- The process it exists within is effectively managed
- All employees know which aspects of the control they own
- The process is scalable to control for future risks
For example, a firm may capitalize on this downturn and purchase a strategic target with seemingly similar business processes. However, if the company has only ever operated within the confines of the United States, their vendor management control process will reflect that risk level. The majority of all Foreign Corrupt Practices Act investigations occur because of payments to foreign vendors, and if the acquired company conducts business across borders, old processes won’t identify red flags.
The only way to control for the above risk, and scores of other risks, is with effective process management. Roles and responsibilities must be delineated between accounting, operations, and legal to appropriately vet all new vendors, and the process must be scalable whether you use a checklist or a vendor management system.
Do not let a control deficiency fester. Finding the underlying cause of a failure is critical. Internal auditors are the in-house experts on discovering control concerns, but you need a team to remediate as soon as problems arise. On the surface, many control deficiencies appear as isolated incidents with straightforward remedies. However, material and systemic weaknesses like tone at the top, resource availability, and technology flaws often reveal themselves during remediation.
On the flip side, there might be an antidote to the control deficiencies that pervade your entire organization. Your internal controls team must analyze the root cause of each problem and search for trends that link them. For example, if you notice repetitive failures within journal entry support, account analysis, and financial reporting key controls, don’t jump to the dreaded conclusion: failure of accounting governance.
Instead, look for what precedes these processes: closing the books. Implementing an improved accrual process to facilitate closing your subledgers on the first day of the month will give accountants more time to perfect journals and analyze accounts and provide managers more time to review final reports.
How Trenegy Helps
Trenegy provides a comprehensive review of an organization’s risk environment by drawing on years of experience advising multi-national publicly traded companies. We work across organizations through accounting, finance, HR, and operations to help design and implement effective controls with a focus on efficiency and future flexibility.
Trenegy does not simply identify and report control deficiencies. Once we have identified deficiencies in the process, we develop a specific course of action to remediate the underlying causes. By leveraging our expertise in ERP implementation, process design, and COSO 2013, we build strong controls around the people and tools you have invested in.
We arrive with both an attack plan and an exit strategy. Whether you recently became a public company and need a controls framework built from scratch or are trying to maintain a stable control framework in an volatile market, our focus is on providing the finance organization with deliverables and strategies that can be used long after we are gone.