Creating an agile control environment

  • Share

The impact of tighter internal controls on a company’s bottom line is all too easily overlooked.

Despite controls often being inefficient, or misplaced, many companies have simply not taken the time to rethink their controls as the business has developed. But as pressures from rivals, customers and stakeholders mount, there is growing urgency for action.

Furthermore, businesses must now accept that the control regimes in which they operate won’t be shrinking soon. If there is to be no respite on controls, companies must work far harder with the systems they use to ensure compliance.

Working with colleagues such as the CFO and CRO, the COO is well placed to support risk, control and compliance issues. As the executive with overall responsibility for ensuring that company processes offer the best chance of profitable growth, the COO is accountable.

At many companies, as much as 30% of process cost relates to controlling activities, yet control environments are often failing to support a profitable growth strategy.

1. What’s the issue?

Having survived the recession, many companies must now transform their control systems and reshape their businesses for recovery. If they are to thrive, they must find the right balance between “too little” and “too much” control.

 Control balance

Our recent Smart Control report spells out many of the problems limiting performance and keeping COOs awake at night:

  • Companies are overcontrolled on compliance and financial risks, often at the expense of other types of risk management — often 40% of controls are duplicative or can be removed because they are misaligned with the risks deemed most important to the business.
  • 1 in 5 companies do not leverage automated tools to manage governance, risk and compliance, and 4 in 10 say they spend too much time managing IT risks.
  • Companies are making limited use of continuous monitoring and data analytics when CEOs are demanding actionable insight from big data to guide future strategies as well as day-to-day operations.
  • Controls are poorly aligned with the risks that matter most — and 45% of companies have no plan for using a formal risk management methodology when they update their Enterprise Resource Planning (ERP) system.

These problems are closely linked to underperformance. Our research shows that top-performing companies have, on average, implemented twice as many key risk capabilities across teams (process, method and infrastructure) as performance laggards.

2. Why now?

In the aftermath of the financial crisis, closer control is the new normal, and not only in the financial sector. Now is the time to recognize that reality — and to work out how to operate more efficiently within it.

By streamlining the controls bureaucracy, COOs can enable their businesses to grow with agility and efficiency. However, there are some common barriers to achieving this:

  • Mergers, acquisitions and divestitures have not been fully integrated from a management reporting and operations perspective.
  • Organizations that have existing ERP systems have not fully leveraged them to respond to the new risk landscape.
  • Fundamental organizational changes such as offshoring or shared services have introduced inefficiencies or weaknesses in existing controls.
  • IT systems — especially if disparate or decentralized — have not been assessed for new business risks or do not reflect appropriate controls when adapting to organizational changes.

3. How does this affect you?

Companies that reform their controls can streamline operating processes, reduce costs and enable improved performance. This falls into a COO’s core domain.

In a holistic controls environment, the COO can increase the speed of process execution, build more agility into the organization and, above all, radically improve overall operational performance.

4. What’s the fix?

The COO has a key role to play in developing a holistic controls strategy that leverages technology to create a single, streamlined set of controls. To get there, the company must address inefficiencies and failures that have increased over time, such as:

  • Long lead time to adapt operational processes to changing requirements
  • Slow decision-making due to a lack of information
  • Duplication of internal controls and overcontrolled or undercontrolled areas
  • Outdated, inefficient practices
  • Underutilization of application controls
  • Inconsistent practices across the enterprise

Here are six steps toward meeting these challenges and developing a holistic strategy:

  1. Define a common vision that aligns control activities with strategic goals and create commitment in the business
  2. Understand the current state of the control environment, including gaps and high-cost areas, compared with benchmarks
  3. Design an integrated controls framework, challenging and justifying every operational control as it relates to the organization’s risk tolerance levels
  4. Automate wherever possible; eliminate unnecessary manual activities
  5. Build greater transparency and accuracy through dynamic dashboards and the use of analytics
  6. Embed the sustainable operating model, performance monitoring and controls across the enterprise

 Controls transformation

5. What’s the bottom line?

By improving your controls environment, your organization can achieve:

  • Agile processes that can be executed and adapted quickly
  • A streamlined set of low-cost controls that focus on the risks that matter to the business
  • Technology integrated into existing infrastructure that drives efficiencies, mitigates risk and improves visibility of operational performance
  • Quicker decision-making due to real-time information
  • A more efficient, sustained compliance process
  • Improved alignment between the IT, business, and risk and control functions

As regulators’ demands for increased accountability continue to rise and calls from investors and shareholders for improved performance grow louder, now is the time to make your control environment as efficient and effective as possible.