Recently, I attended a short Board and Directors Fundamentals course. Fresh into my directorship, it provided a great opportunity for me to brush up on the foundations, roles, and responsibilities of Company Directors, CFOs, Heads of Shared Services, Internal Audit Teams as well as the Board structures and sub-committees that govern organisations.
With a specific interest in the Audit sub-committee responsibility, the presentation covered the expected topics such as audit being allowed to operate with independence, providing assurance to the board the Triple Bottom Line reporting numbers are accurate, and so on.
What piqued my interest in this area was the notion of limitations on auditors and finance professionals. Being able to review all data being reported and entrusting underlying systems, processes and reports are working as designed, as intended, and are effective, in running the organisation. The presentation went on to highlight scheduled audits, sampling, and other periodic activities to provide the audit committee and ultimately the Board with the confidence and level of comfort to sign off on the Financial, Social and Environmental performance of the organisation.
For the most part, these systems and processes are running effectively – and I’m not for a minute suggesting otherwise. However, I would argue that the only limitations to checking every single transaction in the organisation are only limited by resource, hindsight, and corporate culture.
Technology has come a long way; organisations are innovating at break-neck speeds and markets are being disrupted by non-traditional competitors. The technology, processes, and methodologies exist to instill a culture of continuous checking systems and processes. With advancements in hardware, software, and cloud computing, no longer do we need to rely on periodic audits to give us the insights and level of confidence that things are working as we think they are. Finance, Audit, GRC, and Departmental leaders within organisations should leverage the technology available to check every single transaction, continuously.
What do I mean by continuously? Let’s take an example.
Your payroll department “runs the payroll” on the 20th of every month, however, your audit department has an annual audit scheduled every year. The auditors will come in, run their standard IT tests over the systems, they will sample some employees and transactions and follow the paper trails, review policy documents, perhaps some exceptions or deviations to the policy that took place in the normal course of business, and as part of exception and management approval processes. Let’s say they discover some irregularities, an employee was paid twice, a sales commission wasn’t calculated correctly, over-time hours weren’t paid to a team for 3 months, and so on. The auditors present their findings, remediation work is undertaken, and the world moves on – however, maybe not?
By continuous, I’m talking about running those checks every day, every week, every month – forever. The payroll department receives the insights instantly that something isn’t right, something unexpected or exceptional has occurred, and that it should be looked at, now, and not when the auditors come around again in a few months’ time for their annual audit.
But let’s take this a step further, by capturing the underlying reasons as to why these things are happening – not only are we remediating issues immediately, and in a lot of cases, not even processing transactions, thereby saving the organisation money – as department leaders, we can gain the insights and the clarity required to remedy underlying challenges and issues in the systems and processes that we entrust to run the business.
We always say the “truth is in the transaction”, so why wait for the annual audit to sporadically find some problems when you can monitor all transactions every day, every week, or every month and be alerted instantly?
About the Author – Jon Baker
I am passionate about utilising technology to improve the world in which we all live today and for a better and more sustainable future tomorrow. As the Regional Director – ASEAN at Satori, I work with organisations across all industries and lines of business to implement continuous controls monitoring to improve the financial, operational, and regulatory assurance organisations need to run their businesses more effectively and with confidence.
After over a decade of working alongside organisations who struggled to gain optimal assurance of their controls, our founders created Satori and our managed service solutions. Almost 20 years later and over 200 satisfied customers rely on Satori’s solutions and services throughout the Asia-Pacific region to provide them continuous assurance in their organisations.
Organisations from across all verticals and lines of business trust Satori for their continuous control monitoring including Afterpay, Audi, Auckland Uni, Coca Cola, Coates, Flight Centre, JB HIFI, HealthShare NSW, LendLease, Optus, Qantas, Metcash, Scentre Group, Sydney Uni, The Good Guys, Virgin and many more.