Takeaways from 38th World Continuous Auditing and Reporting Symposium

I attended the Rutgers Business School 38th World Continuous Auditing and Reporting Symposium on November 4th & 5th 2016 on the Rutgers campus in Newark, NJ. This was the 4th of these symposiums I’ve attended and all were very worthwhile. The symposium was once again sold out and there were attendees watching the webcast from all around the world. These are my takeways from the two days. I invite comments from other attendees or the presenters to correct any errors and add information you feel is important that I left out.

Continue Reading »

Do You Have Active Software Escrow Agreements in Place for All Mission Critical Software?

Now is a good time to specify your active escrow requirements. Make these requirements a non-negotiable condition of all new software licenses or cloud software subscription. Inventory all existing business critical software licenses/subscriptions and ensure that active escrow is a part of these agreements. Over time, bring these existing agreements into compliance with your new escrow requirements.

Continue Reading »

Why Does the Adoption of Technologies for Compliance Activities Lag?

The adoption of technology by finance functions has been slow but has accelerated in the recent past. Enterprise performance management (EPM) tools like hostanalytics, financial controls automation like Blackline, and general ledger/ERP solutions like Net Suite are gaining acceptance. So why is it that approximately 80% of public companies continue to use Microsoft Office (Word & Excel) for their financial compliance (e.g., COSO, SOX, MAR) programs?

Continue Reading »

Can Internal Controls Help Avoid Corporate Scandals?

A comprehensive objective-setting process with monitoring will significantly reduce the risk of a corporate scandal. Including all aspects of objectives and related risks within the internal control framework at your organization is an excellent way to leveraging compliance to protect your organization from scandal.

Continue Reading »

Mitigating Risks Arising from the Boomer “Brain Drain”

The demographics are alarming. Hopefully alarming enough that leaders come our way to help mitigate the risk that significant portions of the collective organizational intelligence walks out the door in the next decade. We need to seize this opportunity to fix what we have always known to be a gaping hole in internal controls; the lack of truly integrated, practiced and demonstrated P&P.

Continue Reading »

COSO Principle 17 – Evaluates and Communicates Deficiencies

A strong internal control system is designed to ensure achievement of objectives, or timely notification that objectives will not be achieved which supports management reassessment. The procedures implemented to actuate internal controls are the “blocking and tackling” activities required to achieve objectives. Many procedures are mundane when looked at separately but each is a necessary part of the whole internal control system. As such, there are few activities as important to achieving objectives as evaluating, communicating and addressing deficiencies.

Continue Reading »

Delivering on Peter Drucker’s Call-to-Action

The key point is that technology can actuate procedures so they are not just pages in a binder, technology can directly relate the control execution and review procedures with all the evidence of performance and review, and technology enables moving the responsibilities to lower-level workers to deliver on the “knowledge worker” productivity Peter Drucker emphasized as critical to sustained success. Economist Robert Gordon argues in his new book, The Rise and Fall of American Growth, that America’s future economy will not be nearly as bright as its past mainly because the great improvements in productivity and living standards (e.g., electrical power, transportation, indoor plumbing) achieved in the 20th century have no such counterpart to improve productivity in the 21st century. Peter Drucker’s challenge to unleash the productivity of the “knowledge worker” presents an opportunity to achieve such productivity and lifestyle improvement gains. Executing financial, compliance, operational and strategic objectives in a consistent manner, with accountability, documentation and accessibility is one such “knowledge worker” productivity opportunity. The best productivity comes from good technology that support consistency, clear communication, and ease of tracking thereby supporting moving the work to lower skilled workers thereby increasing productivity per dollar spent. Let’s use technology to leverage compliance and deliver on Peter Drucker’s call-to-action.

Continue Reading »

COSO Principle 16 – Performs Ongoing and/or Separate Evaluations

Monitoring must go beyond just having information and dashboards available. This is not a control. Evidence that the monitoring was performed including conclusions that “all is well” or actions taken in response to issues is necessary for the monitoring to qualify as a control (i.e., that is can stand up to independent review/audit). Done effectively, monitoring controls can qualify as “key” controls for SOX, replace lower level controls and thereby reduce the amount of time spent for SOX compliance. This does not mean that the lower level controls can be discontinued, only that a monitoring control can effectively ensure multiple controls are executed and reviewed and these monitoring controls (many fewer) are the ones in scope for the SOX compliance audit.

Continue Reading »

COSO Principle 15 – Communicates Externally

Technology has greatly expanded not only the methods of communication but also enabled the integration of external parties into more and more critical activities of the organization. A thoughtful approach with effective monitoring can leverage technology to improve operations, predictability and reduce risk, however, leveraging the technology without an effective approach can greatly expand the risks facing the organization.

Continue Reading »