Designing a healthy program that evolves to meet changing needs.
In a series of white papers, KPMG’s Risk consulting practice looks at how companies can design a “healthier” internal controls over financial reporting (ICOFR) approach to better manage risks, reduce costs, and find opportunities to improve operational performance.
Because, even companies whose ICOFR programs appear to be running smoothly should still periodically evaluate the health of their ICOFR program and controls portfolio.
In the case of ICOFR, an unhealthy program can be expensive and increase the risk of a material weakness. But, beneath these risks are opportunities, as the journey to continuously improve and mature ICOFR programs can reduce costs, and increase efficiency.
A series of KPMG white papers provides an insight on how to design a healthy ICOFR approach that drives value through a positive impact on business processes and risk management, and therefore on business performance.
No company expects to discover costly and damaging weaknesses in its ICOFR program, but failures happen. Even several consecutive years without material weaknesses or significant deficiencies is no guarantee that control issue is not looming – particularly is the company does not have a healthy ICOFR program.
A first step in designing a healthy ICOFR program is to understand the primary themes of material weaknesses, as it can help companies take continuing measures to reduce the risk of future errors. Examples of material weaknesses are:
In addition, answering the questions as the following will provide perspective on where your company’s ICOFR program currently stands:
Based on a KPMG survey related to current SOX trends, it appears that one of the main improvement areas is to reduce control testing cost and effort. In order to identify opportunities for cost savings, it is important to understand hidden costs.
To analyze the cost of ICOFR, the following five step analysis should be conducted:
A solution for organization can be to focus on an effective use of automations, which can create a cost-effective control environment. Based on the KPMG survey on Internal Controls, it appears that increasing control automation is top priority when it comes to areas where improvement is needed.
A program assessment should be conducted to identify areas that are less mature than others, and how to improve those areas to align with corporate objectives and meet key stakeholder expectations.
Based on the results from the KPMG survey on Internal Controls, it appears that the SOX program strategy for 54% of the organizations is to ensure maximum reliance by the external auditor. However, only 23% of organizations are able to quantify the savings achieved as a result of external audit reliance on their organization’s testing.
Focusing less on external auditor reliance may open the door to other cost reduction strategies. It is therefore important to understand how deliberate consideration of external auditor reliance, a strong financial statement risk assessment process, and well-designed entity-level controls can shape a strategy that aligns ICOFR efforts with the company’s needs.
A more strategic and focused ICOFR approach enables internal audit resources to focus more on the broader risk assessment, process improvement, and value-creation audits.
This is key, as it could have a positive impact on organizational performance.
© 2019 KPMG Advisory, a Belgian civil CVBA/SCRL and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.