Yet, in virtually every industry, internal controls are becoming an important competitive differentiator. They are being elevated from a necessary evil to a valuable tool, due to increasingly engaged management teams, emerging risks, and rapidly evolving technology – together with the growing expectations of customers, business partners and regulators. Internal controls are especially important in the investment management industry.
The traditional role of internal controls
Internal controls have always served an important defensive function, and successful companies have embraced them enthusiastically. Their core objectives of protecting the effectiveness and efficacy of business operations, supporting the reliability of internal and external reporting, and complying with applicable laws and regulations can’t be underestimated.
Emerging risks and opportunities
The relentless and rapid advancement of technology, increasingly complex business operations, and sophistication and speed of business transactions continue to create more instances where internal controls matter. As more aspects of the business and customer engagement are digitized, controls become more important, especially as suppliers and business partners are integrated into the value chain.
Many companies are embarking on transformational efforts – establishing shared service centers, redesigning business processes and operations, implementing new business applications (often in the cloud) and more. These companies are establishing intentional internal controls workstreams with dedicated and knowledgeable resources. This approach ensures controls are adequately considered and incorporated in future state design. Effective and intentional planning will result in a more successful outcome. In this context, controls that are incorporated into the fabric of systems and process design will undoubtedly result in controls that are more efficient and cost effective to operate, as well as to test and demonstrate operating effectiveness in the future.
Evolving best practices
Adding value also means working smarter:
- know the risks you’re trying to mitigate before you even talk about controls.
- find those “killer” controls that address multiple risks.
- develop enterprise control standards to establish expectations and drive consistency across decentralized operations.
- challenge the control mix – such as automated vs. manual, preventative vs. detective, and transactional vs. process vs. entity-level.
- reduce control duplication, being careful not to be “over-controlled.”
- maximize the use of technology in control operation and in your risk management and assurance functions.
There is also tremendous opportunity to dramatically improve efficiency and reduce cost associated with control monitoring and testing. Done right, control testing is a repeatable, recurring, and predictable process. As a result, it is ripe for automation using low code solutions, analytics, and robotic process automation (RPA) platforms. Once established, control test automation (CTA) dramatically reduces the time to test controls, allows you to test controls more frequently, reduces the cost of compliance and offers the added benefit of covering the entire transaction population.
Internal controls have always played an important role by protecting companies from negative consequences. But, employed intelligently, they are virtually guaranteed to help improve business performance and accelerate competitive advantages.
Grant Thornton library articles:
We are committed to keep you updated of all developments that may affect the way you do business in Puerto Rico. Please contact us for assistance in relation to this or any other matter, we will be glad to assist you.