HOW CONFIDENT ARE YOU IN YOUR FINANCIAL CONTROLS?
One of the most critical pieces of the financial close is an organization’s comprehensive financial controls and compliance framework. Every company, whether privately held or publicly traded, has different types of internal control — although that framework will vary based on internal control objectives, country, industry, public vs. private, nature of the close (for example, virtual), and other relevant factors. However, the effectiveness of an organization’s compliance framework depends entirely on the organization, its tools, and the processes they’ve implemented toward their compliance considerations. It is critical to note that if organizations fail to directly address or set up a comprehensive financial controls process, they are in jeopardy of accidental compliance violations that may greatly impede the success of the overall business financially and reputationally.
“In companies who had to restate their financials, 80% thought their controls were effective before finding they were deficient after the event.” – Public Company Accounting Oversight Board (PCAOB) Survey
“While most companies have made strides to standardize their controls, over 50% state that their cost of compliance is still increasing and over 70% still feel that the burden of compliance is set to increase over time.” – Financial Executives Research Foundation (FERF) Survey
“Over 90% of participants believe they have established governance frameworks to manage risk, but less than a quarter are truly confident that key controls are operating effectively.” – PwC Survey
HOW WOULD YOU CLASSIFY YOUR ORGANIZATION’S FINANCIAL CONTROLS FRAMEWORK?
Financial controls are designed but managed in spreadsheets, emails, and word documents, resulting in:
- Little standardization
- No automation
Financial controls are designed and adequately documented, and there is a drive towards standardization and automation, providing:
- Documented controls
- No link to other close activities
Financial controls are integrated, standardized, and monitored continuously in real-time across the organization as part of a wider framework, which is:
- Automated and standardized across the company
- Part of a holistic internal framework
- Top-down approach
- Owned by the business
DEFINE YOUR INTERNAL CONTROL OBJECTIVES TO REDUCE RISK
If your organization’s risk management framework hasn’t quite reached that world-class level, you can take specific steps to improve your processes. After conducting a health check based on the criteria above, examine the types of internal control you have in place already, along with the goals that these controls are meant to accomplish. It’s important to remember that the scope of an internal framework reaches beyond mere financial controls; it’s meant to promote operational accuracy and efficiency, ensure compliance with internal policies and legal requirements, and fulfill the business’s moral obligation to its employees, customers, and stakeholders.
In general, you can categorize an effective framework into three major types of internal control: preventive, detective, and corrective.
PREVENTIVE INTERNAL CONTROL OBJECTIVES
Preventive types of internal control are meant to keep errors or infractions from happening in the first place. This could range from physical security measures, like requiring badge access to an office space, to checks and balances meant to ensure accurate information input.
With regard to the Office of Finance specifically, common preventive controls include a separation of duties over common tasks like performing and authorizing transactions or preparing, reviewing, and approving reconciliations.
DETECTIVE INTERNAL CONTROL OBJECTIVES
Detective types of internal control are meant to identify errors or infractions after they have occurred, but before they can linger long enough to become a larger problem. Depending on the industry type, this could include measures like a physical inventory count.
Regarding the Office of Finance specifically, the majority of internal controls in place fall into this category. Internal audits provide reports and insights into compliance with company policies and relevant laws, catching any gaps or flaws before any external audit does so. Financial reporting and reconciliations not only identify errors but also offer data on an organization’s overall financial health, so CFOs can make smart decisions based on the data.
CORRECTIVE INTERNAL CONTROL OBJECTIVES
Corrective types of internal control are meant to fix the errors and infractions identified by detective controls, as well as improve the processes that cause those errors. This includes reactionary controls like disciplinary action against employee misconduct, along with structured controls such as software patches and updates.
With regard to the Office of Finance specifically, variance analysis and procedure updates are essential internal controls. If repeated errors go unaddressed month after month, then accountants are constantly firefighting instead of delivering the valuable business insights expected from the Office of Finance today. Tools like financial close automation software can give the time and resources needed to identify patterns of error so that F&A teams can go about streamlining their processes for improved speed and accuracy.
If your Office of Finance is ready to improve your financial controls, you can start by implementing these risk management best practices. From there, update your risk framework based on types of internal control and internal control objectives using these four steps.
Written by: Nathan Stabenfeldt