Internal controls over financial reporting Uncovering the full picture of control costs

Similar documents
Short, engaging headline

2017 Internal Controls Survey

Internal controls over financial reporting

Short, engaging headline

Internal controls over financial reporting

Intelligent automation and internal audit

KPMG s financial management practice

Revenue recognition and leasing

The Concept: Moving from Data Analysis to Data Analytics

IT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information

How well does your procurement measure up?

Digital labor and the future of finance

Digital Labor Analytics

Third Party Risk Management ( TPRM ) Transformation

Your global work force is your business. Helping you effectively manage your mobility programs across borders is ours.

Andrea ROSIGNOLI Partner KPMG

Finance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead

Your incentive compensation plans have no borders. Why should your compliance processes?

Source-to-pay: Delivering value beyond savings

Data, Analytics and Your Audit

Key TSA provisions your M&A team needs to know now

Internal Controls Optimization

Intelligent automation and internal audit

Intelligent automation and internal audit

KPMG LINK 360. Visibility and control of global compliance. Global Compliance Management Services. kpmg.com

Top 5 onboarding challenges

Emerging & disruptive technology risks

Internal Audit and Robotic Process Automation

Managing compliance in a complex world

KPMG International. kpmg.com

KPMG International. kpmg.com

Source-to-pay: Delivering value beyond savings

2015 KPMG TBM PROFICIENCY ASSESSMENT REPORT. Cut through the fog: Six ways to enhance your Technology Business Management proficiency

METRO. Audit results. September 30, 2017

Solving the aerospace and defense back-office paradigm

Cutting to the heart of financial matters. Strategic Profitability Insights (SPI) Deal Advisory

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

Right now! 26th Annual Insurance Conference Tuesday, November 28, kpmg.ca/insuranceconference2017

Next-generation enterprise risk management

Technology M&A. Chance für das Geschäftsmodell oder Kostenlawine? [Chance for the business model or cost explosion?]

Collaboration between humans and technology is creating a new labor class

Be an aerospace and defense leader in global export compliance

Seeking value through Internal Audit

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

KPMG s Major Projects Advisory Project Leadership Series: Stakeholder Management and Communication

Transforming the HR function for high performance. kpmg.com

The bots are coming: Intelligent automation and the modern corporate treasury department

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Global Entity Management Global coverage, local expertise

Back to School for Business Services how to get it right?

Driving Higher Education Institution Success Through a Better Financial Process

Working better by working together

KPMG s National Charity application form

Powered by technology, our experts are unlocking the value of your audit. Dynamic Audit

ForensicFocus. The anatomy of an anti-bribery and corruption risk assessment Part 2 Leading practices from around the globe

Functionality First: A Prescriptive Approach to Simpler, Faster and More Cost-effective Project and Portfolio Management (PPM)

GRI s G4 Guidelines: the impact on reporting

Global Business Services: Disrupt or be disrupted

The Change Challenge: Realizing the Full Value of Your Business Initiatives

CFO Financial Forum Webcast

Powered by DATA+ ANALYTICS. KPMG Audit

The client. The challenge. CASE STUDY: From Supply Chain Insights to Value

Automation of Accounting processes

Product serialization and traceability mandates. kpmg.com

EY Center for Board Matters. Leading practices for audit committees

H2020 audits: The perspective of an auditor. Brussels, 21 March 2018

Working better by working together

GRI s G4 Guidelines: the impact on reporting

Data and Analytics. June, 2014 R O Donnell, P Mccollough, T Mackenzie

Maximizing value from your lines of defense

When It Needs to Get Done at 2 a.m., That s when you can rely on CA Workload Automation

Top 5 reasons incident response is failing. kpmg.com

MODERNIZING THE FINANCE FUNCTION

Future of finance: Finance disrupted. How should the CFO respond to a business environment in turmoil? kpmg.com/us/futurefinance

KPMG s Dynamic Audit. Powered by Data+ Analytics. January kpmg.com

Delivering Quality Services to All Who Serve. Digital Labor

Intro & Executive Summary

Refocus your risk assessment lens Scale your ICFR program to focus on risks not benchmarks

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

KPMG s Global Compliance Management Services

The Value- Driven CFO. kpmg.com

KPMG LINK 360 Visibility and control of global compliance

A step towards strengthening governance

Employing advanced technologies to transform finance

11 lessons for IT transformation success. CIO Advisory

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

26th Annual Health Sciences Tax Conference

IT Value Management No More Crash and Burn kpmg.com

Enhancing value in a disruptive environment

Using Enterprise Risk Management to Reduce Costs and Enhance Performance in a Time of Fiscal Stress

Managing Compliance in a Complex World. kpmg.com.cy

THE FUTURE OF FINANCE: Robotics & Finance Talent Development

An Overview of the 2013 COSO Framework. August 2013

2015 SURVEY Data & Analyticsenabled. Internal Audit. kpmg.co.za

2013 Legislative & Regulatory Landscape

Transcription:

Internal controls over financial reporting Uncovering the full picture of control costs kpmg.com

Internal controls over financial reporting (ICOFR) is expensive, with many costs hidden, since the departments performing the controls primarily absorb them. In this second in a series of white papers on ICOFR, KPMG s Risk Consulting practice looks at how companies can gain insight into their total cost of control. They can then identify potential savings and find opportunities to add further value.

Understanding the hidden costs of ICOFR Costs related to ICOFR may be higher than you realize, in part because they often take a different form than you might expect. When most companies measure ICOFR costs, they typically only look at compliance costs, focusing on testing and external audit expenses. But the larger cost components related to ICOFR draw on other resources throughout the company for tasks such as: Performance: Your company has to design, execute, and administer its controls. These tasks often add up to more than half of the total ICOFR cost. Yet since other departments often absorb performance costs, companies usually fail to include these costs as part of ICOFR. The Public Company Accounting Oversight Board (PCAOB) has continued to focus on management review controls and levels of precision, as well as on management s validation of completeness and accuracy for key reports. As these focus areas flow down to the company, they require additional time and expense for control owners to perform and document control activities. Errors/Corrections/Turnover: How often does your company spend time and resources reperforming or redesigning controls? How often do you train new employees on the control activities when experienced ones leave? These costs add up quickly and generally aren t considered when evaluating ICOFR costs. Management review: In addition to the time spent performing control activities, management also spends time reviewing and administering these activities, with more manual control activities requiring an especially time-intensive review process. Every hour managers spend on ICOFR is an hour they can t spend elsewhere. When you consider the number of controls and number of people involved, the corresponding costs add up quickly. Cost of control components Testing and audit costs Management Review Errors/Corrections/ Turnover Performance Visible costs of compliance Typically organizations don t consider hidden costs associated with control operation when calculating their cost of control When costs aren t measured and accounted for, they tend to rise, so companies may be experiencing an increase in the hidden costs of ICOFR. Companies that merely look at compliance costs are therefore likely missing their greatest opportunities to reduce ICOFR costs and add further value. If companies don t sufficiently understand the level of effort incurred to perform controls, they will miss opportunities to operate controls more cost-effectively. Internal controls over financial reporting 1

Moving beyond controls rationalization Typically, companies try to get a handle on their ICOFR spend by rationalizing their controls. It s a well-intentioned idea, and KPMG s 2016 Internal SOX survey found that 59 percent of companies that have had rationalization efforts have succeeded in reducing the number of key controls. But the survey also showed that only 37 percent of those companies achieved a corresponding reduction in the amount of time they spent on testing, and only 15 percent managed to also reduce time and costs associated with control performance. Having a smaller number of key controls doesn t correlate to a reduced burden on a company s resources if it is still mostly doing the same work in the same way. The key to a cost-effective ICOFR program that accomplishes its mission of managing risk and adding value is not just reducing the number of controls though that is one element but also choosing the right controls, focusing efforts on the most critical among them, and creating the right control environment (a later paper will explore this topic further).

Focusing on automation Creating a cost-effective control environment requires an effective use of automation. Most companies perform the majority of controls manually an approach that can lead to higher costs as well as higher inherent risks from human error. Only 18 percent of total key controls are automated in an average company, according to KPMG s 2016 Internal SOX survey. This low figure illustrates a significant opportunity to drive cost savings, often for both control performance and testing, by automating control activities. The benefits go beyond lower costs and increased reliability. For example, using automated key reports instead of spreadsheets and queries makes it easier for companies to meet regulators increased demands to validate the completeness and accuracy of information used in controls. Many companies have already invested heavily in implementing ERP and other key systems, as well as designing IT general controls over those systems. Despite these investments, companies often aren t fully harnessing these systems capabilities. One reason is that, since costs to perform controls manually are often hidden within the business, ROI calculations for automating certain activities or reports may not take these costs into account. But, when their capabilities are leveraged effectively, these systems can help create a highly automated and cost-efficient control environment. Case study: Reducing costs through automation A large diversified industrial company faced a challenge: reduce SOX compliance costs while maintaining a control-focused culture. Since the company had a decentralized structure, multiple control owners were performing a high volume of manual control activities at multiple locations. With so many people performing so many manual controls so frequently, the cost was substantial. A KPMG control portfolio analysis identified significant opportunities for cost savings through increased control automation of the daily and transactional control activities, largely within the expenditures and revenue processes. By automating an additional 3 percent of controls, the analysis showed that the company could reduce control performance costs by up to $5.6 million annually. This increased automation would also help the company implement consistent, preventative control measures across the various locations. Internal controls over financial reporting 3

The big picture: analyzing the control portfolio To get a handle on the total cost of ICOFR, the place to start is a five-step analysis that looks at how controls operate across finance, IT, and operations: 1 2 Understand 3 Understand Understand the controls. Where are risks, redundancies, and opportunities? Where might risk mitigation not be cost-effective? operating costs. Bring these costs, usually hidden within business processes, into the light to find possible efficiencies. This information will help find opportunities for automation. testing and other compliance cost factors. Determine if you have inefficiencies in your testing approach. 4 Calculate the total cost of control and analyze the results. The results, including costs normally buried elsewhere in the company, may surprise you. Perform internal comparisons of business processes to identify variations, based on control differences, that may be impeding effectiveness and raising costs in certain areas of the company. 5 Evaluate opportunities and determine next steps. Estimate savings possible from controls rationalization, process improvements, increased automation, and other control enhancements. Develop a prioritized list of opportunities for improvement. Common drivers of control costs include not just the level of automation, but also the frequency and duration of control performance, the time spent and salaries of staff who perform and review the control, and the number of locations in which the control is performed. Assessing such costs offers opportunities to review process effectiveness with an eye to controls costs and benefits for both the ICOFR program and the business.

Value beyond cost-effectiveness This paper s focus is on cutting costs, but an analysis of a company s controls can also uncover the potential for additional value. Details on how controls are functioning across the company can indicate ways to increase external auditor reliance and provide new insights into how different business processes are functioning. For example, a controls analysis could identify the possibility of aligning controls to operate in the same way in various geographies. Management and external auditors could then perform sampling across the population of these common controls, potentially reducing the amount of testing that they need to perform. Understanding the control portfolio and associated costs helps establish an enhanced, consistent, and more automated control environment that can improve performance, bolster transparency, and reinforce investor and market confidence. In the next paper in this series, we ll take a closer look at how to assess whether your ICOFR program is not just keeping down its costs, but also living up to its full potential. Read the first paper in this series here: Designing a healthy program that evolves to meet changing needs Internal controls over financial reporting 5

Contact us Deon Minnaar Internal Audit and Enterprise Risk Service Network Leader T: 212-872-5634 E: deonminnaar@kpmg.com Susan Burkom Managing Director, Advisory T: 410-949-8771 E: sburkom@kpmg.com Sue King Partner, Advisory T: 213-955-8399 E: susanking@kpmg.com Paige Woolery Director, Advisory T: 713-319-3813 E: pwoolery@kpmg.com Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates. kpmg.com/socialmedia The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 690478

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback