Gaining efficiency and improved control from an enhanced internal control framework
June 04, 2021
The recent BEIS consultation on corporate governance and audit reform is trailing the need for a strengthened system of financial reporting control attestation in the UK, and it is looking likely that an Internal Control over Financial Reporting (ICFR) attestation regime could roll out to all premium listed and public interest entities within the next few years.
Embedding a robust ICFR framework within your organisation will require significant effort. However, the implementation of this proposed regime in the UK comes to an entirely different landscape than when Sarbanes-Oxley (SOX) came into effect in the US. Businesses, particularly in regulated sectors, now have more developed risk management and governance structures in place and there are now opportunities from new technology to save costs, improve insights and build operational resilience.
Internal control - beyond compliance
The proposed UK regime provides opportunity beyond compliance. Regulatory changes can be used as a vehicle for cost reduction to increase the benefits of modernisation and transformation across change agendas. The business case to support investment in your ICFR framework should highlight the organisation-wide benefits that can be realised when such a programme is implemented in conjunction with other transformational agendas within the business.
ICFR framework implementation programmes can help drive cost reduction in a number of ways, including enhanced automation of control and rationalisation of duplicative control activity across front, middle and back office functions. By building on lessons learned in the US and other jurisdictions, UK firms can incorporate this from the outset of their implementation programmes.
Internal control and continuous improvement of the end-to-end process
Existing control frameworks are typically operational in nature and focus on business process controls in individual team silos. The formality of an end-to-end understanding, supported by process and control documentation, is a key feature of an internal control environment. When investment is made to build accountability for financial reporting accuracy in upstream teams, incremental reduction in operational and financial reporting risk can be achieved by:
- Remediation of uncontrolled User Developed Applications (UDAs) and non-standard reports
- Tightening and automation of data manipulation, cleansing and interfaces at team handoffs
- Building of Key Performance and Risk Indicators to provide a control gap “early warning” system
- Mapping of critical upstream controls to supporting IT platforms to enhance the risk-based prioritisation of IT control and IT spend
Internal control in finance transformation
Finance and operational transformations are driven by the need to modernise, move to the cloud, enhance data analytics and streamline costs in response to both regulatory change and market pressures.
The days of using spreadsheets to document manual control activities are behind us. Processes are increasingly automated. In order for internal control to be effective and fit for the future, it must also be automated and proactively monitored.
Embedding control activity in change programmes at the outset will not only help to strengthen your ICFR framework but will also create an opportunity to optimise and rationalise the control environment and process flows.
Establishing a transformational and value adding internal control framework
When business cases, resource allocations and systems and business change strategies are being assessed and implemented, think about how you can maximise the value you obtain from these investments by integrating this with your ICFR framework implementation programme. This will be the way to get to the transparent, efficient and monitored control environment that you need.