Upping Your Compliance Game

It’s been nearly a decade since the headline scandals of WorldCom, Tyco, and Enron, and by 2011, SOX and all necessary controls and documentation were in place. F&A teams could more or less sit back with the comfort that “it couldn’t happen here.”

So why should we continue to focus on risk and compliance?

In the last few years, accounting issues are still being uncovered—think Wells Fargo in 2016 and Steinhoff in 2017. Why are accounting scandals continuing to happen, even though we’ve put measures in place?

Corporations and individuals are able to structure processes around the rules. In the words of Andrew Fastow, former CFO of Enron, “The more complex the rules, the more opportunities.”

Even though there are controls in place, there remains work to be done.

The Primary Cause of Financial Statement Fraud

According to a 2016 Global Fraud Study by the ACFE, financial statement fraud represents the greatest dollar loss compared to asset misappropriation and corruption. And when we drill down to what’s causing financial statement fraud, the answer is glaringly clear: flaws in documentation.

Fraudulent and altered physical documents were the biggest sources of financial statement fraud. The lack of process and efficiency around documentation leads to increased risk of error and reduced time for analysis and oversight. According to FEI, 70% of organizations say they still use tools like Excel and Word for SOX and internal controls.

According to the ACCA, 90% of spreadsheets have errors, but 90% think they are error-free. These manually manipulated documents tend to be distributed, dependent on institutional knowledge, and difficult to lock down and control—increasing the potential for fraud.

With manual processes, it’s no wonder that “it could happen here.”

The Impact of Tightening Regulations

At the same time, the regulatory landscape is tightening. F&A teams will have to consider whether they are rolling out regulations appropriately. Especially because the SEC has been closely scrutinizing the gatekeepers of financial reporting and holding accountants, auditors, and audit committees accountable.  

In recent cases, the SEC has taken action on companies lacking internal controls and individuals who fail to comply with existing controls—accountants and auditors alike are responsible for ensuring compliance and proper documentation.

So, where could you have exposure? And where is your company at risk?

Recognizing the Signs of Exposure & Risk

Typical signs of exposure and risk include manual processes, paper-based documentation, a decentralized organization, lack of detail, and manual checks and balances.

For example, we all know what an account reconciliation is and how to perform one, but:

  • Do our employees actually understand how the reconciliation works?
  • Do they have the knowledge to scrutinize the reconciliation and ensure that all necessary controls were performed and properly evidenced?
  • Are reconciliations standardized and high quality?
  • Does each reconciliation tell a clear story so reviewers can be confident that it’s complete and accurate?

F&A teams also need to consider the frequency at which reconciliations are performed and whether all balance sheet accounts are being reviewed.

With manually performed reconciliations, more often than not, we lose visibility over status, completeness, and standardization—all factors that increase exposure to errors and fraudulent manipulation.

Increasing the Effectiveness of Your Control Environment

To ensure a healthy future, F&A teams need a renewed focus on their control environments. According to Gartner, companies have invested heavily in the front end of financial processes, but haven’t given the same attention to the last mile of finance—SOX and internal controls— resulting in manual and error-prone processes.

In a webinar audience poll, we found that only 9% of respondents said their current state of risk and control technology was effective. Significant gaps remain that organizations need to close, including incomplete visibility and reporting on the status of issue and remediation processes.

The good news is that automation can be used to refocus the F&A team and reduce risk. Automation standardizes processes so you can worry less about incomplete and unsubstantiated reconciliations and focus more on account analysis and process optimization.

Watch this webinar to learn more about upping your compliance game, and discover how Scientific Games systematized their control environment to create a more secure risk environment.