Welcome to another segment in our Thought Leadership Series. This series is dedicated to expertise sharing around the analytics ecosystem and the evolution into best practices.
Throughout my career, a common topic that emerges when conversing with our clients is:
“How do we deal with our auditors at the end of this endeavor?”
When building corporate financial consolidation and reporting systems clients, internal auditors are always involved, as they should be. Internal audit helps ensure confidence these systems and helps prepare the organization to face the external auditors. Some say internal auditors are the 1st line of defense. A counterargument would be that they are the 1st line of offense.
In this post, we will focus on Proactive Compliance. Preemptive measures taken in advance and throughout your company’s financial analytics projects will support a smooth internal audit and prepare your company for the external audit if required.
As the saying goes, “If it’s not documented, it doesn’t exist.”
Many corporations must integrate supporting SOX, ISO, SOC, or other controls across the organization and throughout financial systems, especially for public reporting. These controls focus on data accuracy, security access, change management, and help to identify and resolve internal gaps throughout the different processes. Controls span IT operations as well as business functions to support the reduction of overall risk. By proactively adhering to controls in advance and developing the proper documentation and evidence, transitions from the development and quality control phase into a production environment will run more efficiently.
In my view, an essential step in simplifying compliance success is to involve the client’s internal auditors at the start of a new project. This proactive approach improves the internal audit team’s understanding of the system and allows the project team to learn the expected compliance and documentation requirements as early as possible. This approach helps your team reduce risk and minimize the effort needed to prepare for and audit while improving the project’s overall success.
Five Key Components of Compliance:
These common compliance components can be addressed up-front at the beginning of the project to ensure the entire project team is focused on the project’s end goal, process changes, and documentation required by the auditors. Some of those details are:
- Requirements, Roles, and Timelines
- Detailed business requirements and purpose of the project
- Detail technical design and system integration
- Key stakeholders with roles and responsibilities throughout the project
- Acceptance of the overall design by the key stakeholders
- Established Controls
- Power and End-User Access
- Additions and Terminations Processes
- Change Management
- Financial Calculations
- Test Plans and Evidence
- Establish Acceptance Criteria
- Development of Technical smoke-testing plans
- Development of User Acceptance plans
- Screenshots for each test to prove success
- Cut-over and Contingency
- Replacing existing logic or calculations
- Implementing new calculations
- Roll-back strategies
- Knowledge transfer and empowerment
- Sign-offs and Deployment
- Management, both technical and business sign-offs
- Tactical downtime of Production environment to not disrupt operations.
To provide reasonable assurance to their stakeholders, organizations are responsible for producing accurate financial reporting commitments and operating effective controls across their environment. For projects falling under these requirements, its critical system fits into existing control processes, and that deliverables include the necessary supporting documentation.
Proactively embracing audit process and documentation requirements in advance and providing detailed documentation throughout the project’s lifecycle helps streamline the project team’s work and places the system on a path to internal and external compliance success.
As our customers continue to evolve, Breakaway’s Thought Leadership strategies complement companies’ short and long-term goals worldwide. If your organization needs assistance providing the framework for auditor documentation and controls, please contact us.
You will appreciate our experience, focus, and commitment to your success.
About the Author
Phil Dzubinski is a Sr. Manager on our Consulting Services team and has over 20 years of professional experience developing enterprise data warehousing, business intelligence, and analytics solutions. His focus areas include thought leadership, project management, developing strategic solutions, and compliance.