By Aman Desouza, Director of Product Strategy, Risk Management Cloud, Oracle
Many finance professionals see compliance as similar to taking a spoonful of castor oil: they've heard it's good for them but know they don't like the taste.
The reason, I suspect, is that they have a limited view of compliance. They see it as a necessary chore to satisfy demands from auditors, which takes them away from strategic and revenue-generating work.
In fact, compliance doesn't have to be a burdensome checkbox item. As KPMG's Brian Jensen and I discussed in a recent webcast, organizations can reap significant benefits by taking a progressive approach. Particularly with finance applications in the cloud, compliance can add significant value to the business and save money at the same time. The key is to identify and focus on the business value.
ERP systems can help support and enable compliance. Research from the University of Greenwich found that "managers can use an ERP to develop effective internal controls for the most common material weaknesses." When using cloud ERP, a business can harness sophisticated software and computing power to automate controls and enforce compliance, which traditionally has been conducted through inefficient (and often flawed) manual processes.
The costs of bypassing this opportunity could be devastating. In a great example shared during the webcast, Brian discussed what might happen when compliance basics like segregation of duties are not implemented with adequate transparency and enforcement. In 2015, the former controller of a Corsicana, Texas, bakery was convicted of embezzling more than $16 million over nearly a decade. Such sustained fraud could have been prevented had the company’s ERP systems provided automated enforcement of financial controls and real-time alerts to fraudulent activities. What’s more, this represents just the tip of the iceberg. Manual sampling methods typically leave organizations exposed to cash leakage that can be corrected with automated controls. Thus, an ERP system with these capabilities often delivers a tidy ROI.
The indirect costs of fraud can be just as devastating as the direct costs. Time and again, we see that when public companies announce accounting problems, their market value suffers. Restatements of financial reports due to anything but honest errors erode investor confidence for close to three years. Such restatements can also negatively affect a company's ability to obtain outside financing.
Effective financial controls reduce the likelihood of restatements—and the risk to the business that accompanies them. But they can do much more.
A white paper published by IDC last year, Radical Transparency: How Top-Tier Financial Compliance Can Unlock Hidden Value and Corporate Excellence, examines how many world-class organizations use tools and processes already in their ERP and risk management systems to achieve what it calls “radical transparency.”
In the radical transparency approach, organizations embrace increased awareness of risk and publicity, better employee education, and technology that fosters more transparent and collaborative accounting and compliance at every step. Radically transparent organizations proactively seek to improve access to information, data, and records, which delivers value in two key ways:
ERP systems and other risk management tools are critical to achieving radical transparency. Not only do some of these tools use intelligent automation, but they are also more efficient and reliable than manual processes that frequently revolve around error prone spreadsheets.
Human error in information processing makes companies more vulnerable to risks. People make mistakes and, sadly, a small percentage will be bad actors looking to take advantage where they can. Also, companies design compliance measures around roles and business processes that are in place at a given time. As these change, manual controls increasingly fall out of sync with reality, unless those controls are redesigned.
Intelligent automation—software-driven processes that use data science techniques combined with human intelligence—typically deliver faster and more accurate results than automation alone. When used for managing compliance and risk, such software can not only eliminate mundane tasks, it can consistently note exceptions and alert personnel to anomalous transactions or potentially fraudulent activities. Data remains secure in the process and, in a cloud-hosted application, managers can receive information and notifications from the ERP system in a timelier fashion than ever before.
Implementing automated, streamlined controls and assessments across multiple compliance requirements eliminates duplication and enables greater efficiency. Doing so frees up time to focus on further mitigating strategic risks that can reduce shareholder value.
What can companies do to move beyond a checkbox approach to compliance and toward radical transparency? Making the shift, according to IDC, needs a four-part plan:
Over time, your organization will move toward a type of compliance that isn't a burden and which delivers new levels of stakeholder trust, operational efficiency, risk management, and cost containment.