Having gained an understanding of what changes might be coming, the next step in the ‘Find’ phase is to run a gap assessment. This takes you through about 50 questions covering internal controls and the other new corporate reporting matters highlighted by the consultation white paper. These include tackling fraud, supplier payment practices, the resilience statement, KPIs, and the importance of a readiness assessment into specific areas such as fraud, IT and culture.
In the risk assessment phase, we focus on scoping to focus on high-risk areas, and define an efficient scope – since not everything needs to be in scope, spending an hour on scoping can really pay significant dividends if you can take entities or processes out of scope. All of the work done up to this point then feeds into the overall vision and project plan, with options to execute a smarter internal controls framework.
The benefit of running detailed readiness – and risk – assessments is that you get a full understanding of your organisation’s current state, control gaps, remediation needs and will help you build a roadmap to compliance.