By Henry Umney, Director, ClusterSeven
The role of the CFO is widely recognised to facilitate and support business strategy so that the organisation can achieve its goals and objectives – be it of profitability, capital, growth or anything else. Shareholders and investors cherish these metrics too. Consequently, CFOs are routinely driving transformation projects via acquisitions, on-shoring, off-shoring, financial restructuring and such, to control and improve the business performance of their organisations.
Tried and tested controls are proving inadequate
Today however, many of the previously accepted tried and tested business controls are failing. The Sarbanes Oxley Act of 2002 (SOX) is a case in point.
The Public Company Accounting Oversight Board (PCAOB) is focused on ensuring that spreadsheet controls in accounting and finance processes are followed to eliminate errors and fraud. The PCAOB’s auditing standard 2 expressly demands that controls must include all types of IT used in financial reporting; and auditors are taking it seriously. The latest survey of 109 organisations by research house GRC 20/20 reveals that 78% of respondents note that external auditors are applying hardier standards to ensure compliance with the much tougher PCAOB control requirements. So, while previously, minimal, typically manual, spreadsheet controls weren’t viewed as a SOX failing, today they are.
In addition to having to review and improve existing controls, due to the nature of corporate activity, carefully selected, proven and maintained enterprise systems for operational processes are proving inadequate. This is due to their inflexibility to instantly add new processes or amend existing ones in rapid response to the business needs of users. To overcome the limitations of enterprise systems, there is a large parallel universe of unmonitored and uncontrolled spreadsheets created by users for varied strategic business processes. Spreadsheets are flexible and offer good capabilities for advanced analytics and financial modelling. At the same time, they also pose a huge risk as finance departments have little control on these applications and their lineages with other data sources.
Consequently, CFOs are struggling to offer watertight guarantees that they are completely in the know of the spreadsheet and other data sources used and the level of data aggregation and manipulation that has been undertaken by their finance teams to arrive at the figures they submit to financial and regulatory authorities.
The GRC 20/20 survey mentioned above shows that nearly half of the respondents do not have a grasp on spreadsheet risks and controls, which might impact financial reporting. More worryingly, 53% stated that they hadn’t identified and built an inventory of spreadsheets and other end user computing applications that could potentially lead to material misstatements from their use. In fact, they don’t have the controls to address spreadsheet risks; and where they do, the mechanisms are manual, which are error prone, ineffective and lack the agility needed to enforce in such a dynamic and distributed environment.
Aligning spreadsheet models with enterprise systems must become a focus for CFOs
Data is a critical asset and the lifeblood of any business. CFOs must align and integrate spreadsheet models with enterprise systems to achieve end-to-end transparency of business-critical processes. This includes everything from the creation of a spreadsheet application by a user, visibility of data lineage between files through to their retirement in the corporate system. This will ensure decision-making based on outputs derived from accurate business data.
To achieve the above, new processes are needed. In an IT-led environment, manual processes for change management and control of spreadsheets across the lifecycle of every single, business critical application, are doomed to fail. Not only is it impossible to monitor and control spreadsheets in a timely manner, the whole exercise is supremely inefficient and costly, potentially to the tune of hundreds of thousands of dollars. Additionally, due to the way in which spreadsheets are used, if say 50 spreadsheets are decommissioned, it is highly likely that another 50 new ones are created by users in the same timeframe to satisfy a new business requirement.
Automation based on best practice processes for spreadsheet management is a reliable and safe approach. It mitigates risk by continuously monitoring and eliminating errors in business-critical processes based on well-defined controls to ensure data accuracy across the spreadsheet landscape.This is pertinent for SOX and other regulatory compliances that CFOs are responsible for. Technology-driven control over the spreadsheet landscape enables enforcement of policies and rules as a matter of routine, without impacting the benefits of flexibility and agility for data manipulation that users so treasure these applications for. Historical evidence shows that inadvertent misrepresentation of information and acute metrics such as revenue, profitability and sales figures have led to financial and non-compliance penalties, drop in share price, and so on – situations that probably keep CFOs awake at night. After all, it is their neck on the line.
About the author
Henry Umney is Director at ClusterSeven and is responsible for the commercial operations of ClusterSeven, overseeing globally all Sales and Client activity as well as Partner engagements.Henry brings over 20 years of experience in sales and account management in financial services. Prior to ClusterSeven, he held the position of sales director in Microgen, London and various sales management positions in AFA Systems and DART, both in the UK and Asia.
“Original publication in Finance Digest Issue 1 https://www.financedigest.com/