How to Measure the Impact of Your Compliance Framework With Control Testing
Would you classify your organization’s control framework as reactive, proactive or world-class?
Leading organizations, like LKQ Corporation, have instituted a world-class control framework that fits the specific requirements of their internal processes, compliance standards, external and internal financial audit teams, and more.
While every company has some form of a compliance framework, the purpose of each is different and also defined in various ways — depending on both the reasons for that framework, but also the regulators that support those requirements.
This includes companies that have an established framework for public reporting purposes (e.g., SEC) or those that are moving in that direction. It can also include private companies that need to ensure confidence in their regulators or finance and capital providers.
So how do you build a framework that’s effective for your organization? And what is the impact on compliance and testing from an ineffective control framework?
Building an Internal Control Framework with a System of Controls
In our previous blog series, we’ve explored Trintech’s approach to finance transformation and the two key concepts we encourage the Office of Finance to focus on:
- Building a System of Controls that ensures each client organization has a foundation for their R2R activities to take place. This is the starting place for transformation to exist and is where functions can occur when manually performed: either because of the exceptions (where automation requires a manual review) OR because automation cannot support the underlying activity without manual intervention yet.
- Establishing a Record to Report Automation Framework that accelerates the speed at which your System of Controls operates. Instituted well, this is where you achieve exponential ROI from transformation.
The Impact of Compliance Testing and Key Controls
One of the most interesting and impactful developments we’ve experienced in our solutions, especially Cadency® by Trintech, is the ability to combine the operational results of the financial close process with the results of controls testing.
Let’s refer to it as a form of a “sniff test”— the ability to easily see the status of the operational activities such as reconciliations, journals, close tasks when compared to the results of controls testing for SOX.
If the business is involved in testing and the test results show everything is working as designed, yet there seems to be a high volume of exceptions, lateness or incompleteness, then there is a misalignment within the business that needs to be addressed.
Solving this would then go to the responsibility of the internal financial audit committee and, ultimately, management to support a strong, functional control environment.
Being able to identify key activities in the financial controls process allows an organization to not only identify where operational improvement opportunities exists but also understand the impact to the risk of material misstatement.
If a reconciliation or journal entry doesn’t occur, we always understand incompleteness. However, how do you measure the impact to the control environment, the risk of misstatement and even worse, the need to restate?
How to Establish an Effective Compliance Process
If we have established the “why” and “what” of compliance control testing and monitoring, let’s talk about the “how”.
Trintech focuses on establishing the framework for compliance or, the System of Controls. This means that a single platform can manage multiple frameworks like:
- NERC or FERC
Managing an organization’s internal control framework and Record to Report activities within a single, comprehensive solution like Cadency delivers several benefits.
First, there is the supreme benefit of pulling organizations out of using personal productivity tools like spreadsheets to manage their controls testing process. In tools like spreadsheets, controls are not only inefficient but are often low value.
Secondly (and importantly) this creates significant efficiency gains as a result. Allowing an organization to share controls across multiple initiatives reduces the amount of testing involved by creating reliance on the test performed for one initiative in a way that satisfies all initiatives that the control supports.
The other area of “how” is in the form of identifying areas of risk which drives a need for targeted testing. We allow a company to load financial results into the application and then focus testing on controls where risk is higher.
This now creates the chance for organizations to remove the manual nature controls testing and creates mutual support within the finance and business communities to ensure that the compliance environment not only tests positively but is also executed the same way.
Driving Compliance Inside a Comprehensive Solution Like Cadency
Our goal at Trintech is to see organizations achieve efficiency and effectiveness in their financial close process while at the very same time decreasing the cost and risk within those processes. Processes such as reconciliations, journal entries and close all represent where efficiency gains also lead to effectiveness.
Compliance represents an area where effectiveness can lead to efficiency — not just within the compliance process but also across the whole Record to Report. When an organization has architected the full financial close activities and then mapped to the control framework, it would be quite advantageous to then gain the necessary visibility into the areas of opportunity and risk for the organization.
When an organization takes on concepts within Trintech’s Record to Report Automation Framework, that means it establishes best practices within the System of Controls and then, using automation, performs those best practices even faster.
This can help create confidence within the testing process when typically, it can be obstructed by the manual nature of the underlying activities.
By instituting Trintech’s Risk Intelligent RPA™, you remove the manual work involved and gain the time and efficiency directly associated. Leveraging our ERP Connectors or our ERP Bots connects the work of finance and IT and creates a seamlessness that eliminates the areas where data issues arise or manual steps are forgotten.
Organizations cannot just look at compliance by itself and solely automate that without evaluating the overall Record to Report process. To experience the full positive impact of compliance and testing, you must address compliance along with the full Record to Report in a singular platform.
Take a moment to sit down with those responsible for the compliance control testing and monitoring. If it is outsourced to a third party, see about building their testing process into a comprehensive Record to Report solution so you can still measure the overall quality of the process.
Then allow automation to help you drive best practices faster with better insight into the overall process. Create confidence within your organization to know that at the end of the day, the integrity of the financials are completely secure and all processes are functioning with ultimate efficiency.
CPA, Global Leader of Strategic Solutions