Business Transformation — Building Efficiency through Control Rationalization, Optimization, and Redesign

Companies of all sizes have begun to understand the value of building control and reporting systems focused on addressing compliance and risk rather than just complying with regulations.  The mindset is shifting to a more proactive rather than reactive approach, but companies still struggle to create optimal control environments that balance cost with risk. This suboptimal performance hampers efficiency and jeopardizes clarity, transparency, and confidence.

Missed Opportunities

Most companies fail to take advantage of the potential to create an effective and cost-efficient risk and control environment, even when the potential cost savings would clearly eclipse the cost of control. There are many reasons companies fail to sufficiently optimize their control environments, including lack of focus, lack of time, lack of knowledge, and a failure to understand how to make things better. Here are three major explanations of why companies have endured inefficient control environments:

1. Duplication of risk and control. Because reporting and compliance are a core part of doing business, significant effort and cost are expended to build controls that address potential risk. But often, the correlation, intersection, and duplication of controls across different business processes are not clearly visibly or easily understood because of multiple, overlapping and sometimes conflicting lines of reporting and responsibility.
2. Too much of some, not enough of others. Most organizations have too many controls to address some areas while not having enough controls to address others. One of the reasons for this disparity is that control activities tend to be added over time and not taken away or reduced when the need has been extinguished. Furthermore, in order to comply with regulators’ requirements, a lot of effort goes into controls around the daily transaction processing without properly addressing the higher-risk areas.
3. Failure to sufficiently leverage technology. Although a company may have invested significantly in enterprise resource planning (ERP) systems, there still may be a systematic lack of automation in controls implemented, leaving a significant portion of the ERP investment unrealized and missing an opportunity to increase efficiencies.

Benefits of enhanced control efficiency

The rewards of making investments into improving the control environment can be substantial. The potential benefits arising from a control rationalization, optimization, and improvement program include:

• Fewer controls; lower costs
• More effective and efficient risk-based assessment process
• Better use of technology through the use of applications controls rather than manual controls
• Better aligned risk coverage, including the identification of stronger, more pervasive controls
• The identification and standardization of efficient and effective controls

As with all controls enhancement efforts, the foundation for such decisions must be based upon management’s overall approach toward risk. Controls improvement must consider security across the people, process, and technology landscapes, as well as across the key IT areas of infrastructure, operating system and applications. Many companies are now looking to fully review their information security policies, procedures, and standards through a revised controls lens that ensures risk is managed appropriately and in a timely manner while allowing overall security controls to be optimized.

Rick Barrow is a Senior Director with Fahrenheit’s Finance & Advisory Practice specializing in business process improvements, SOS 404 testing, internal audit consulting, internal control reviews, and other accounting and finance projects. Please reach out to Rick, or any member of our Finance and Advisory team with your questions and business financial needs.