Finance and Accounting (F&A) has a fascinating parallel with the automobile industry, which has seen a gradual change in the last two decades, from basic manual-driven cars to cruise controls, and thereafter autonomous cruise control systems … the journey is towards driver-less cars!
The underlying premise of the evolution being enhanced automated controls. While every car always had brakes to be applied through manual control in the event of an impending risk, automated controls facilitate mitigating the risk far before it approaches proximity to the risk factor. These controls ensure higher safety and security, apart from regulated speed and precision.
If we relate this evolution to the finance and accounting world, organizations have moved from manual books of records to computer-based records with built-in controls to easily track human intervention at any stage, apart from facilitating the commonly known “four-eyes*” principle. While these controls facilitate detecting audit trails, they may not necessarily mitigate the underlying risks, and are also subject to human expertise.
Enhanced automated controls within accounting and transaction-recording applications can control risk much before they can actually materialize. It is a no-brainer that F&A processes are subject to a broad set of risks, stemming from factors as diverse as human error, fraud and misjudgment. According to Forrester Research, fraud alone costs merchants a staggering USD 200-250 Billion annually, while banks and financial institutions lose up to USD 15 Billion. In addition, companies are under added pressure as regulators, rating agencies and stock exchanges drive improved standards of risk management at an enterprise level, with special emphasis on good corporate governance.
Enterprises are therefore in the process of adopting a variety of automated controls to help them combat risk — and advance to a proactive approach that reduces the incidence of errors or focuses on them well before the point of impact. This is a significant advance from the marginal role that automated checks played in the past, carrying out elementary tasks such as inspecting whether the entry in a particular form field matched the alphanumeric characteristics defined for that field.
However, most companies have not fully realized the potential for proactive risk management offered by automated tools.
The Impact of Automated Controls on Finance & Accounting Processes
By definition, an automated control is a mechanism or device inside an application, interface or appliance that enforces or controls a rule-set or validation on one or more conditions inside a process. A very simple example of an automated control in accounting parlance is a “drop-down list” of vendors to ensure that the user selects one of the multiple choices provided therein. This would ensure that the transaction is conducted with the authorized set of vendors, which have been set elsewhere by another team that is responsible for vendor on-boarding. Similarly, there are several applications of automated controls in accounting with the prime objective of:
- Mitigating / Eliminating Frauds through enforced segregation of duties and ensuring adherence to a set of delegation of financial powers
- Business Process Improvement through elimination of manual controls such as maker-checker for straight-through processes, thereby enhancing efficiency and reducing costs
- Reduced Audit Costs through the use of “one transaction” test per year for automated controls, thereby substantially reducing the costs and time related to audits based on relatively larger samples
- Adherence to Regulatory Compliance requirements such as Sarbanes-Oxley Compliance, Information Security, and the likes, entailing testing of key controls through sampling techniques, which again can be reduced substantially through use of automated controls
In fact, a recent survey by Ernst & Young states that a typical organization can have over 500 key controls, each requiring at least five hours for testing. Adoption of automated controls reduces the testing time to less than 30 minutes.
A Conceptual Model of Automated Controls for F&A Risk Management
Every business process comes with associated risks, which have varying likelihoods of occurrence and potential business impact. This holds true for F&A processes as much as any others.
From an automation standpoint, risks can be classified as one of two types: those that can be mitigated through controls based on a rule-based engine; and those that require nuanced human judgment. In theory, any risk that can be mitigated through business rules can be automated while other issues are managed by personnel with specialized expertise. Moreover, a rule-based engine would be able to flag risks proactively rather than reactively while accelerating transaction speeds and improving accuracy.
Consider the risk of vendor payment error. By one estimate, as much as 14 percent of all billing may contain errors, most commonly a mismatch between contracted and actual pricing. With an automated control, it is easy to spot invoices where pricing is incorrect by comparing contracted prices to those applied by vendors, before the payment is made. This kind of timely intervention holds the key to protecting organizations from many high-probability or high-impact threats.
Can ERP Not Achieve Most of This?
Yes and no. Advanced ERP applications have basic automated controls, built-in, to streamline the transaction process flows and get them to adhere with internal policies. However, there are always opportunities to further strengthen controls through the automation route. An organization can further enhance the extent of automated control using a basic four-stage process:
Extend the Line with the Power of Bolt-on Automated Control Tools
Today's complex, resource constrained and demanding business environment demands excellence in F&A risk management while constantly challenging teams to "do more with less". This is complicated by the critical nature of risks such as fraud that can affect an organization's bottom-line and dent its corporate reputation.
Judiciously chosen automated controls combined with implementation excellence can help raise governance standards while extending the bandwidth of finance teams. By employing the right automated controls, organizations can annul risks that are amenable to rule-based mitigation, potentially reducing manual controls by a dramatic margin.
This allows for focus on the right areas, and ensures proactive action, accelerates transaction processing along with driving higher levels of accuracy. In a fundamental sense, companies that make the most of automated controls are less exposed to risk than their competitors — and that is a valuable advantage in volatile times.
Optimize the use of automated controls in your processes and experience the gain of improved processes as well as stricter controls, with minimal human intervention.
*Four-eyes principle: The four-eyes principle means that a certain activity, i.e. a decision or transaction, must be approved by at least two people. This controlling mechanism is used to facilitate delegation of authority and increase transparency.