Pandemic-related pressures on Finance and Accounting may be letting up, but it looks like European regulators are about to add new pressures to corporate workloads—in the form of new financial control regulations.
According to KPMG, in the UK, the Audit Committee Chairs’ Institute Forum is suggesting a SOX-like framework for UK companies. In Germany, lawmakers are drafting legislation—to be called the Financial Market Integrity Strengthening Act—to establish stricter guidelines for audit firms and their client relationships.
These regulations will take time before they become law, but according to BlackLine Director of Product Marketing David Brightman, there’s no time to waste for those companies that haven’t yet embarked on the process of upgrading and optimising their financial controls architecture.
“In general, auditors are becoming warier of relying on management assertions,” Brightman says. “If the auditors want to see that your controls are operating effectively, and you take weeks getting back to them, that’s not good. And that’s the problem for companies that are still relying on spreadsheets and paper documentation for controls.”
It’s Time to Upgrade Your Control Environment
The UK and German proposals are still in draft form, but experts agree that companies need to start evaluating their controls immediately.
As PWC’s Jonathan Lucas-Lucas says, “A typical financial controls framework implementation can take 18-24 months… the preparations you make now will drive valuable governance improvements as well as improved quality and efficiency, regardless of the timing and content of a UK SOX mandate.”
For those companies still using a mix of manual controls and decentralised documentation, processes and controls may be deemed efficient and effective today yet be compromised with a changing regulatory environment. Moving to a digital controls framework enables a complete view of the control environment—including ownership—and inextricably links controls with risks, tests, and any control activities being performed across the business.
For one thing, outside auditors are more skeptical of management’s assertions. For another, many markets are still unsettled and reeling from the impact of COVID-19. Management should be doing all they can to maximise confidence in their companies by auditors, investors, and customers.
Moving Toward a Continuous Auditing Paradigm
These regulations will take time before they become law. But according to Brightman, there’s no time to waste for those companies that haven’t yet embarked on the process of evaluating the way their teams execute and maintain evidence of their internal control activities.
“A virtualised control environment allows you to continuously validate and monitor controls in a predictable and centralised manner,” he says. “As an example, BlackLine uses interconnected libraries that contain relevant information on all controls and can store any related information—from documentation and policies to better collaboration with cross-border operations—in any control walk-throughs. It also massively reduces audit effort later on.”
A unified, traceable control process allows companies to simplify the control environment. This sets you up to easily assign ownership to control owners, link controls to risks, and rationalise the number of controls and tests needed. This digital footprint leads to a complete view of your control environment, enabling continuous execution of control activities and monitoring.
A holistic control framework also helps companies prepare for upcoming regulatory changes, whether in Europe or other parts of the world.
Read our latest issue of BlackLine Quarterly for more stories like this and become better prepared to take advantage of new opportunities and handle new challenges with confidence.