The past two years have taught us that we have to work, and think, differently.
Audit deficiencies are on the rise, yet many businesses are approaching risks and controls without sufficient recognition of the impact of the seismic changes we continue to live through, from M&A, “socially distanced” and “touchless” tasks, new IT application landscapes, global end-to-end processes to business governance itself.
Robin Ashby, Audit Director at Vertex and previously Qurate Retail Group, observed some ‘Big Themes’ that organizations need to address to enhance the effectiveness of internal control over financial reporting;
- Managing Complexity – is it as simple as you think?
- Risk Management – “Risk to Perform” as a process
- Global Business Processes – end-to-end process drive outcomes and risk, focus on them
- Governance – “structure and processes for decision making, accountability, control and behavior”
- Applications – educate and collaborate around the new “hub and spoke” reality
- Control Concept Harmonization – be sharp and consistent on vocabulary and definitions, keep it consistent, keep it simple.
- Manual Process Controls – maintain an inventory of all controls, mapped to process, application, BU, geography and whether they are manual/hybrid/automated.
- People, Identities, Access – Who has access to what and why? Do they know/ Do you know?
- Execution – needs to be truly collaborative, so break down the silos that inhibit “getting stuff done right”
There are all “clear and present” challenges.
You can read Robin’s ‘lessons from the “bloody battlefield” of experience’ here . . .