Strong Controls are a Competitive Edge
A strong internal controls environment is critical to a company’s successful growth. If your company’s exit strategy is to transform equity into cash via an asset sale, merger, or IPO, it’s best to create a strong controls environment early. Getting an early start is a relatively low-cost way to build value and increase the reliability of the company’s financial information—both of which are significant drivers and indicators of a company’s success, even when an exit is not in your future. Give your company a competitive edge by ensuring that your internal controls are strong.
Here are five steps you can take to build a strong controls environment:
- Embed the control structure into the company’s culture (tone at the top).
- Start the control process early and maintain a focused, risk-based approach.
- Create a streamlined controls structure.
- Automate controls wherever possible.
- Rely on compliance tools when Sarbanes-Oxley Act (SOX) compliance is required.
Set the Culture and Tone at the Top
Generally, earlier stage companies don’t have controls built into their culture and tend to feel the most burdens on resources. Management sometimes resists implementing controls due to a fear of high costs and an increased burden on staff. But informal controls often already exist as part of the organization’s operations and can be woven into an effective, formalized control structure with minimal effort. To encourage a control-focused culture in your company, top executives should include a control optimization program as part of the organization’s strategic plan. And consider creating a periodic sub-certification process in which those who are responsible for monitoring the controls certify that controls are in place. Your company’s performance incentive and evaluation process can also be used to encourage employee buy-in, starting from the top.
Start Early and Focus on Risk
Regardless of the economic climate, an efficient company can gain savings and concentrate resources to grow the business. Early on, a company should determine where the risks lie in the organization and create control procedures to monitor those identified critical areas. A risk-based approach can benefit any company. By focusing on risks, management can greatly decrease the workload and strengthen the control environment.
Your company will also need to set up controls to meet the SOX compliance requirements if a public filing is in the future (see “Use Compliance Tools,” below).
Create a Streamlined Controls Structure
Keep your control structure as simple as possible. Everyone agrees that maintaining and documenting excessive controls and procedures is cumbersome and unproductive. A company needs both preventative and detective controls in place to sustain a sound business environment, but these controls are often redundant and superfluous. Don’t keep systems in place merely because “that’s the way it’s always been done” or because a control addresses an old mistake. Good control design eliminates redundancies and focuses on critical processes.
Use specific language to identify the key aspects of each control process: explain what, who, how, and why. This will create a concise control structure for your employees to follow. Other documentation about the detailed processes to be used in monitoring your controls should be described in policies and desk references.
Automate Controls
Small companies often rely on one or two individuals to perform many business functions. As you look to the future and prepare for growth, the company’s need for automated controls will likely increase. Automating controls eases the burden of increased volume, reduces the potential for mistakes, and decreases reliance on individuals.
A good time to implement an automated controls system is when the company moves to a more robust financial system, usually as the result of company growth. Some controls can be built right into the financial system’s functionality—such as system approvals, embedded system limits, and restricted system access. Once in place, these automated controls are reliable and strong.
Use Compliance Tools
Since 2002, documentation and monitoring of controls has been a requirement under SOX, which was enacted to minimize the risk of a material misstatement in a company’s financial statements. There are several commercial tools that can help your company manage the SOX compliance requirement. Many compliance tools are essentially documentation repositories, which can be a step in the right direction. Our approach is to use a workflow compliance testing tool that makes the control evaluation process significantly less burdensome.
The Frank Rimerman FRCompliance Tool. We have partnered with ComplianceManager to provide a tool that helps manage the SOX compliance effort using online testing documentation and enterprise-wide visibility via secure Internet access. Contact our office if you’d like to learn more about the FRCompliance tool.
The best way to monitor controls efficiently is to follow Frank, Rimerman’s five best practices:
- Strong executive tone at the top
- Continuous risk and materiality assessment
- Streamlined control structure
- Control automation
- Efficient tests of control effectiveness
Coming soon: Real-world case studies from companies who have built value by optimizing their internal controls environment using these five principles.